Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Redirect Virus is Worse than I Had Thought

This is a discussion on Redirect Virus is Worse than I Had Thought within the Resolved HJT Threads forums, part of the Tech Support Forum category. Since a few days ago I've been harassed by a redirect virus that redirected Google results and other websites to


 
 
Thread Tools Search this Thread
Old 07-20-2012, 11:42 PM   #1
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



Since a few days ago I've been harassed by a redirect virus that redirected Google results and other websites to odd places. The primary site was Infomash, but there were other websites I was redirected to.

I used a .exe file called Rkill in conjunction with Malwarebytes Anti-Malware and turned internet off to try to get rid of the virus. After 5 futile attempts I decided to follow the steps in NEW INSTRUCTIONS Removal Help thread.

Running DDS.SCR was as expected. I saved the two log files onto my desktop. When attempting to scan with GMER.exe, three disastrous things happened:
1. First attempt resulted in computer going to the Blue Screen mode out of a sudden. The computer then restarted itself.
2. The second try resulted in an odd computer freezing where the monitor showed only zig-zags. I took a picture from my phone if the visual is needed. I had to press the restart button on the CPU.
3. The third and fourth tries ended in the program simply freezing and turning off. The third try's crash happened pretty quickly after the GMER scan began; the fourth try's crash happened a long while after GMER had been scanning.

I cannot get GMER to run properly, so I am assuming that the virus is much more malicious than I thought it was. Here are the logs from DDS.SCR, but I could not finish the GMER scan.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 21:57:51 on 2012-07-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.382 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroDist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20100303.cab
TCP: Interfaces\{69E577B8-C8A2-4441-A9EF-94B765D84D1D} : NameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2011-8-18 4608]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-8-18 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2011-8-18 16896]
.
=============== Created Last 30 ================
.
2012-07-20 03:43:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-19 18:03:04 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{23769b74-4791-485a-a23e-607d8f28e5f7}\mpengine.dll
2012-07-18 17:53:22 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-17 20:23:15 -------- d-----w- c:\users\administrator\appdata\local\Downloaded Installations
2012-07-11 18:27:31 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:07:17 -------- d-----w- c:\program files\WinSCP
2012-07-11 05:57:19 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 05:57:15 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:57:14 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:57:12 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:57:11 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:57:11 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-09 05:08:45 -------- d-----w- c:\program files\GOG.com
2012-07-03 18:58:41 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3855d897-4d9f-4282-8696-15d1eb2e59a8}\gapaengine.dll
2012-06-23 05:02:31 -------- d-sh--w- C:\found.003
2012-06-22 10:25:00 -------- d-----w- c:\program files\Pure Motion
2012-06-22 10:24:51 -------- d-----w- c:\program files\DebugMode
2012-06-22 10:24:21 -------- d-----w- c:\program files\Sonic Foundry
2012-06-21 08:59:22 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:58:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:57:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:57:26 33792 ----a-w- c:\windows\system32\wuapp.exe
.
==================== Find3M ====================
.
2012-07-12 06:23:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 06:23:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-14 01:15:24 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-14 01:15:24 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 21:59:06.90 ===============

Thank you for the future help and taking the time to read this.

I also found out that my antivirus Microsoft Security Essentials has been disabled and popups come up whenever I go on websites. There are seemingly-random lag spikes. Please help.
Attached Files
File Type: zip Attach.zip (2.8 KB, 23 views)
kkj1116 is offline  
Sponsored Links
Advertisement
 
Old 07-23-2012, 08:03 AM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello kkj1116,

You are infected with ZAccess also known as Sirefef and several other names depending on the AV company. I'll want to gather a bit more information before we begin.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-24-2012, 04:21 AM   #3
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



03:16:56.0625 1428 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
03:16:57.0030 1428 ============================================================
03:16:57.0030 1428 Current date / time: 2012/07/24 03:16:57.0030
03:16:57.0030 1428 SystemInfo:
03:16:57.0030 1428
03:16:57.0030 1428 OS Version: 6.0.6002 ServicePack: 2.0
03:16:57.0030 1428 Product type: Workstation
03:16:57.0030 1428 ComputerName: JAY-PC
03:16:57.0031 1428 UserName: Administrator
03:16:57.0031 1428 Windows directory: C:\Windows
03:16:57.0031 1428 System windows directory: C:\Windows
03:16:57.0031 1428 Processor architecture: Intel x86
03:16:57.0031 1428 Number of processors: 2
03:16:57.0031 1428 Page size: 0x1000
03:16:57.0031 1428 Boot type: Normal boot
03:16:57.0031 1428 ============================================================
03:16:57.0954 1428 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:16:58.0027 1428 ============================================================
03:16:58.0027 1428 \Device\Harddisk0\DR0:
03:16:58.0036 1428 MBR partitions:
03:16:58.0036 1428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000
03:16:58.0036 1428 ============================================================
03:16:58.0060 1428 C: <-> \Device\Harddisk0\DR0\Partition0
03:16:58.0084 1428 ============================================================
03:16:58.0084 1428 Initialize success
03:16:58.0084 1428 ============================================================
03:17:48.0542 5612 ============================================================
03:17:48.0542 5612 Scan started
03:17:48.0542 5612 Mode: Manual;
03:17:48.0542 5612 ============================================================
03:17:51.0381 5612 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
03:17:51.0397 5612 ACPI - ok
03:17:51.0475 5612 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
03:17:51.0475 5612 AdobeARMservice - ok
03:17:51.0568 5612 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:17:51.0568 5612 AdobeFlashPlayerUpdateSvc - ok
03:17:51.0662 5612 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
03:17:51.0693 5612 adp94xx - ok
03:17:51.0740 5612 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
03:17:51.0755 5612 adpahci - ok
03:17:51.0771 5612 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
03:17:51.0787 5612 adpu160m - ok
03:17:51.0818 5612 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
03:17:51.0833 5612 adpu320 - ok
03:17:51.0911 5612 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
03:17:51.0911 5612 AeLookupSvc - ok
03:17:51.0943 5612 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
03:17:51.0958 5612 AERTFilters - ok
03:17:52.0021 5612 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
03:17:52.0036 5612 AFD - ok
03:17:52.0083 5612 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
03:17:52.0083 5612 agp440 - ok
03:17:52.0114 5612 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
03:17:52.0130 5612 aic78xx - ok
03:17:52.0145 5612 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
03:17:52.0161 5612 ALG - ok
03:17:52.0177 5612 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
03:17:52.0177 5612 aliide - ok
03:17:52.0223 5612 amacpi (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\DRIVERS\null.sys
03:17:52.0223 5612 amacpi - ok
03:17:52.0239 5612 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
03:17:52.0239 5612 amdagp - ok
03:17:52.0255 5612 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
03:17:52.0255 5612 amdide - ok
03:17:52.0270 5612 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
03:17:52.0270 5612 AmdK7 - ok
03:17:52.0301 5612 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
03:17:52.0301 5612 AmdK8 - ok
03:17:52.0333 5612 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
03:17:52.0333 5612 Appinfo - ok
03:17:52.0411 5612 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:17:52.0426 5612 Apple Mobile Device - ok
03:17:52.0442 5612 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
03:17:52.0442 5612 arc - ok
03:17:52.0473 5612 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
03:17:52.0489 5612 arcsas - ok
03:17:52.0504 5612 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
03:17:52.0504 5612 AsyncMac - ok
03:17:52.0535 5612 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
03:17:52.0535 5612 atapi - ok
03:17:52.0582 5612 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
03:17:52.0598 5612 AudioEndpointBuilder - ok
03:17:52.0613 5612 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
03:17:52.0613 5612 Audiosrv - ok
03:17:52.0645 5612 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
03:17:52.0645 5612 Beep - ok
03:17:52.0660 5612 blbdrive - ok
03:17:52.0723 5612 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
03:17:52.0738 5612 Bonjour Service - ok
03:17:52.0769 5612 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
03:17:52.0769 5612 bowser - ok
03:17:52.0832 5612 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
03:17:52.0832 5612 BrFiltLo - ok
03:17:52.0832 5612 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
03:17:52.0832 5612 BrFiltUp - ok
03:17:52.0879 5612 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
03:17:52.0879 5612 Browser - ok
03:17:52.0894 5612 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
03:17:52.0894 5612 Brserid - ok
03:17:52.0910 5612 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
03:17:52.0910 5612 BrSerWdm - ok
03:17:52.0941 5612 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
03:17:52.0941 5612 BrUsbMdm - ok
03:17:52.0957 5612 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
03:17:52.0957 5612 BrUsbSer - ok
03:17:53.0003 5612 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
03:17:53.0003 5612 BTHMODEM - ok
03:17:53.0066 5612 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
03:17:53.0066 5612 cdfs - ok
03:17:53.0097 5612 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
03:17:53.0097 5612 cdrom - ok
03:17:53.0128 5612 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
03:17:53.0144 5612 CertPropSvc - ok
03:17:53.0159 5612 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
03:17:53.0159 5612 circlass - ok
03:17:53.0206 5612 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
03:17:53.0222 5612 CLFS - ok
03:17:53.0269 5612 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:17:53.0269 5612 clr_optimization_v2.0.50727_32 - ok
03:17:53.0331 5612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:17:53.0362 5612 clr_optimization_v4.0.30319_32 - ok
03:17:53.0378 5612 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
03:17:53.0378 5612 cmdide - ok
03:17:53.0425 5612 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
03:17:53.0425 5612 Compbatt - ok
03:17:53.0456 5612 COMSysApp - ok
03:17:53.0487 5612 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
03:17:53.0503 5612 crcdisk - ok
03:17:53.0503 5612 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
03:17:53.0518 5612 Crusoe - ok
03:17:53.0565 5612 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
03:17:53.0581 5612 CryptSvc - ok
03:17:53.0659 5612 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
03:17:53.0674 5612 DcomLaunch - ok
03:17:53.0705 5612 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
03:17:53.0705 5612 DfsC - ok
03:17:53.0815 5612 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
03:17:53.0893 5612 DFSR - ok
03:17:54.0017 5612 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
03:17:54.0033 5612 Dhcp - ok
03:17:54.0080 5612 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
03:17:54.0080 5612 disk - ok
03:17:54.0127 5612 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
03:17:54.0127 5612 Dnscache - ok
03:17:54.0205 5612 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
03:17:54.0220 5612 dot3svc - ok
03:17:54.0251 5612 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
03:17:54.0251 5612 DPS - ok
03:17:54.0267 5612 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
03:17:54.0267 5612 drmkaud - ok
03:17:54.0345 5612 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
03:17:54.0361 5612 DXGKrnl - ok
03:17:54.0423 5612 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
03:17:54.0423 5612 E1G60 - ok
03:17:54.0470 5612 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
03:17:54.0470 5612 EapHost - ok
03:17:54.0517 5612 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
03:17:54.0517 5612 Ecache - ok
03:17:54.0563 5612 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
03:17:54.0579 5612 ehRecvr - ok
03:17:54.0626 5612 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
03:17:54.0626 5612 ehSched - ok
03:17:54.0657 5612 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
03:17:54.0657 5612 ehstart - ok
03:17:54.0704 5612 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
03:17:54.0719 5612 elxstor - ok
03:17:54.0751 5612 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
03:17:54.0766 5612 EMDMgmt - ok
03:17:54.0813 5612 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
03:17:54.0829 5612 EventSystem - ok
03:17:54.0875 5612 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
03:17:54.0891 5612 exfat - ok
03:17:54.0938 5612 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
03:17:54.0938 5612 fastfat - ok
03:17:54.0985 5612 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
03:17:54.0985 5612 fdc - ok
03:17:55.0016 5612 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
03:17:55.0016 5612 fdPHost - ok
03:17:55.0031 5612 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
03:17:55.0031 5612 FDResPub - ok
03:17:55.0063 5612 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
03:17:55.0063 5612 FileInfo - ok
03:17:55.0078 5612 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
03:17:55.0078 5612 Filetrace - ok
03:17:55.0109 5612 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
03:17:55.0109 5612 flpydisk - ok
03:17:55.0125 5612 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
03:17:55.0141 5612 FltMgr - ok
03:17:55.0234 5612 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
03:17:55.0265 5612 FontCache - ok
03:17:55.0328 5612 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:17:55.0328 5612 FontCache3.0.0.0 - ok
03:17:55.0359 5612 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
03:17:55.0359 5612 Fs_Rec - ok
03:17:55.0390 5612 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
03:17:55.0390 5612 gagp30kx - ok
03:17:55.0406 5612 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:17:55.0406 5612 GEARAspiWDM - ok
03:17:55.0468 5612 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
03:17:55.0484 5612 gpsvc - ok
03:17:55.0531 5612 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
03:17:55.0546 5612 HdAudAddService - ok
03:17:55.0593 5612 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:17:55.0609 5612 HDAudBus - ok
03:17:55.0640 5612 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
03:17:55.0640 5612 HidBth - ok
03:17:55.0655 5612 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
03:17:55.0655 5612 HidIr - ok
03:17:55.0687 5612 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
03:17:55.0687 5612 hidserv - ok
03:17:55.0687 5612 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
03:17:55.0702 5612 HidUsb - ok
03:17:55.0718 5612 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
03:17:55.0718 5612 hkmsvc - ok
03:17:55.0765 5612 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
03:17:55.0765 5612 HpCISSs - ok
03:17:55.0827 5612 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
03:17:55.0843 5612 HTTP - ok
03:17:55.0858 5612 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
03:17:55.0858 5612 i2omp - ok
03:17:55.0905 5612 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
03:17:55.0905 5612 i8042prt - ok
03:17:55.0936 5612 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
03:17:55.0952 5612 iaStorV - ok
03:17:56.0061 5612 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:17:56.0092 5612 idsvc - ok
03:17:56.0123 5612 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
03:17:56.0123 5612 iirsp - ok
03:17:56.0170 5612 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
03:17:56.0186 5612 IKEEXT - ok
03:17:56.0295 5612 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
03:17:56.0342 5612 IntcAzAudAddService - ok
03:17:56.0467 5612 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
03:17:56.0467 5612 intelide - ok
03:17:56.0498 5612 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
03:17:56.0498 5612 intelppm - ok
03:17:56.0545 5612 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
03:17:56.0545 5612 IPBusEnum - ok
03:17:56.0576 5612 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:17:56.0576 5612 IpFilterDriver - ok
03:17:56.0591 5612 IpInIp - ok
03:17:56.0623 5612 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
03:17:56.0623 5612 IPMIDRV - ok
03:17:56.0654 5612 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
03:17:56.0669 5612 IPNAT - ok
03:17:56.0733 5612 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
03:17:56.0764 5612 iPod Service - ok
03:17:56.0780 5612 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
03:17:56.0780 5612 IRENUM - ok
03:17:56.0795 5612 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
03:17:56.0795 5612 isapnp - ok
03:17:56.0842 5612 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
03:17:56.0842 5612 iScsiPrt - ok
03:17:56.0858 5612 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
03:17:56.0858 5612 iteatapi - ok
03:17:56.0889 5612 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
03:17:56.0889 5612 iteraid - ok
03:17:56.0904 5612 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:17:56.0904 5612 kbdclass - ok
03:17:56.0951 5612 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
03:17:56.0951 5612 kbdhid - ok
03:17:56.0982 5612 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:17:56.0982 5612 KeyIso - ok
03:17:57.0045 5612 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
03:17:57.0060 5612 KSecDD - ok
03:17:57.0123 5612 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
03:17:57.0170 5612 KtmRm - ok
03:17:57.0232 5612 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
03:17:57.0248 5612 LanmanServer - ok
03:17:57.0279 5612 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
03:17:57.0294 5612 LanmanWorkstation - ok
03:17:57.0326 5612 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
03:17:57.0326 5612 lltdio - ok
03:17:57.0388 5612 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
03:17:57.0388 5612 lltdsvc - ok
03:17:57.0419 5612 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
03:17:57.0419 5612 lmhosts - ok
03:17:57.0482 5612 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
03:17:57.0482 5612 LSI_FC - ok
03:17:57.0497 5612 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
03:17:57.0513 5612 LSI_SAS - ok
03:17:57.0513 5612 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
03:17:57.0528 5612 LSI_SCSI - ok
03:17:57.0575 5612 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
03:17:57.0591 5612 luafv - ok
03:17:57.0606 5612 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
03:17:57.0622 5612 LVUSBSta - ok
03:17:57.0638 5612 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
03:17:57.0638 5612 Mcx2Svc - ok
03:17:57.0684 5612 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
03:17:57.0684 5612 megasas - ok
03:17:57.0716 5612 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
03:17:57.0716 5612 MMCSS - ok
03:17:57.0747 5612 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
03:17:57.0747 5612 Modem - ok
03:17:57.0762 5612 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
03:17:57.0762 5612 monitor - ok
03:17:57.0778 5612 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
03:17:57.0778 5612 mouclass - ok
03:17:57.0825 5612 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
03:17:57.0825 5612 mouhid - ok
03:17:57.0840 5612 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
03:17:57.0856 5612 MountMgr - ok
03:17:57.0872 5612 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
03:17:57.0872 5612 mpio - ok
03:17:57.0903 5612 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
03:17:57.0903 5612 mpsdrv - ok
03:17:57.0918 5612 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
03:17:57.0918 5612 Mraid35x - ok
03:17:57.0950 5612 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
03:17:57.0965 5612 MRxDAV - ok
03:17:57.0996 5612 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:17:57.0996 5612 mrxsmb - ok
03:17:58.0012 5612 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:17:58.0028 5612 mrxsmb10 - ok
03:17:58.0043 5612 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:17:58.0043 5612 mrxsmb20 - ok
03:17:58.0074 5612 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
03:17:58.0074 5612 msahci - ok
03:17:58.0090 5612 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
03:17:58.0090 5612 msdsm - ok
03:17:58.0121 5612 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
03:17:58.0137 5612 MSDTC - ok
03:17:58.0199 5612 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
03:17:58.0199 5612 Msfs - ok
03:17:58.0230 5612 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
03:17:58.0230 5612 msisadrv - ok
03:17:58.0277 5612 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
03:17:58.0293 5612 MSiSCSI - ok
03:17:58.0293 5612 msiserver - ok
03:17:58.0308 5612 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
03:17:58.0308 5612 MSKSSRV - ok
03:17:58.0340 5612 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
03:17:58.0340 5612 MSPCLOCK - ok
03:17:58.0355 5612 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
03:17:58.0355 5612 MSPQM - ok
03:17:58.0386 5612 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
03:17:58.0402 5612 MsRPC - ok
03:17:58.0418 5612 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
03:17:58.0418 5612 mssmbios - ok
03:17:58.0449 5612 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
03:17:58.0449 5612 MSTEE - ok
03:17:58.0480 5612 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
03:17:58.0480 5612 Mup - ok
03:17:58.0558 5612 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
03:17:58.0574 5612 napagent - ok
03:17:58.0605 5612 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
03:17:58.0620 5612 NativeWifiP - ok
03:17:58.0652 5612 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
03:17:58.0683 5612 NDIS - ok
03:17:58.0698 5612 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
03:17:58.0698 5612 NdisTapi - ok
03:17:58.0714 5612 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
03:17:58.0714 5612 Ndisuio - ok
03:17:58.0745 5612 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
03:17:58.0745 5612 NdisWan - ok
03:17:58.0792 5612 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
03:17:58.0792 5612 NDProxy - ok
03:17:58.0808 5612 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
03:17:58.0808 5612 NetBIOS - ok
03:17:58.0823 5612 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
03:17:58.0839 5612 netbt - ok
03:17:58.0854 5612 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:17:58.0854 5612 Netlogon - ok
03:17:58.0901 5612 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
03:17:58.0917 5612 Netman - ok
03:17:58.0932 5612 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
03:17:58.0948 5612 netprofm - ok
03:17:59.0042 5612 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:17:59.0057 5612 NetTcpPortSharing - ok
03:17:59.0088 5612 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
03:17:59.0104 5612 nfrd960 - ok
03:17:59.0135 5612 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
03:17:59.0151 5612 NlaSvc - ok
03:17:59.0182 5612 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
03:17:59.0182 5612 Npfs - ok
03:17:59.0198 5612 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
03:17:59.0213 5612 nsi - ok
03:17:59.0213 5612 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
03:17:59.0229 5612 nsiproxy - ok
03:17:59.0276 5612 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
03:17:59.0307 5612 Ntfs - ok
03:17:59.0322 5612 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
03:17:59.0322 5612 ntrigdigi - ok
03:17:59.0369 5612 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
03:17:59.0369 5612 Null - ok
03:17:59.0400 5612 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
03:17:59.0416 5612 NVENETFD - ok
03:17:59.0728 5612 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:17:59.0931 5612 nvlddmkm - ok
03:18:00.0040 5612 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
03:18:00.0056 5612 NVNET - ok
03:18:00.0102 5612 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
03:18:00.0102 5612 nvraid - ok
03:18:00.0134 5612 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
03:18:00.0134 5612 nvstor - ok
03:18:00.0227 5612 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
03:18:00.0227 5612 nvstor32 - ok
03:18:00.0274 5612 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
03:18:00.0274 5612 nv_agp - ok
03:18:00.0290 5612 NwlnkFlt - ok
03:18:00.0290 5612 NwlnkFwd - ok
03:18:00.0383 5612 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:18:00.0383 5612 odserv - ok
03:18:00.0446 5612 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
03:18:00.0446 5612 ohci1394 - ok
03:18:00.0492 5612 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:18:00.0508 5612 ose - ok
03:18:00.0555 5612 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:18:00.0586 5612 p2pimsvc - ok
03:18:00.0602 5612 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:18:00.0617 5612 p2psvc - ok
03:18:00.0633 5612 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
03:18:00.0633 5612 Parport - ok
03:18:00.0648 5612 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
03:18:00.0664 5612 partmgr - ok
03:18:00.0680 5612 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
03:18:00.0680 5612 Parvdm - ok
03:18:00.0711 5612 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
03:18:00.0726 5612 PcaSvc - ok
03:18:00.0742 5612 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
03:18:00.0758 5612 pci - ok
03:18:00.0758 5612 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
03:18:00.0758 5612 pciide - ok
03:18:00.0804 5612 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
03:18:00.0804 5612 pcmcia - ok
03:18:00.0882 5612 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
03:18:00.0914 5612 PEAUTH - ok
03:18:00.0945 5612 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
03:18:00.0960 5612 PID_0928 - ok
03:18:01.0023 5612 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
03:18:01.0085 5612 pla - ok
03:18:01.0163 5612 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
03:18:01.0194 5612 PlugPlay - ok
03:18:01.0226 5612 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:18:01.0241 5612 PNRPAutoReg - ok
03:18:01.0241 5612 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
03:18:01.0257 5612 PNRPsvc - ok
03:18:01.0304 5612 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
03:18:01.0319 5612 PolicyAgent - ok
03:18:01.0366 5612 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
03:18:01.0366 5612 PptpMiniport - ok
03:18:01.0413 5612 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
03:18:01.0413 5612 Processor - ok
03:18:01.0460 5612 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
03:18:01.0475 5612 ProfSvc - ok
03:18:01.0506 5612 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:18:01.0506 5612 ProtectedStorage - ok
03:18:01.0553 5612 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
03:18:01.0569 5612 PSched - ok
03:18:01.0631 5612 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
03:18:01.0662 5612 ql2300 - ok
03:18:01.0678 5612 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
03:18:01.0694 5612 ql40xx - ok
03:18:01.0725 5612 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
03:18:01.0740 5612 QWAVE - ok
03:18:01.0772 5612 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
03:18:01.0772 5612 QWAVEdrv - ok
03:18:01.0818 5612 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
03:18:01.0818 5612 RasAcd - ok
03:18:01.0818 5612 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
03:18:01.0834 5612 RasAuto - ok
03:18:01.0850 5612 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:18:01.0850 5612 Rasl2tp - ok
03:18:01.0881 5612 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
03:18:01.0896 5612 RasMan - ok
03:18:01.0912 5612 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
03:18:01.0912 5612 RasPppoe - ok
03:18:01.0928 5612 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
03:18:01.0928 5612 RasSstp - ok
03:18:01.0943 5612 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
03:18:01.0959 5612 rdbss - ok
03:18:01.0959 5612 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:18:01.0974 5612 RDPCDD - ok
03:18:02.0021 5612 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
03:18:02.0037 5612 rdpdr - ok
03:18:02.0037 5612 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
03:18:02.0037 5612 RDPENCDD - ok
03:18:02.0099 5612 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
03:18:02.0115 5612 RDPWD - ok
03:18:02.0130 5612 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
03:18:02.0146 5612 RemoteAccess - ok
03:18:02.0162 5612 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
03:18:02.0162 5612 RemoteRegistry - ok
03:18:02.0177 5612 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
03:18:02.0177 5612 RpcLocator - ok
03:18:02.0224 5612 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
03:18:02.0224 5612 RpcSs - ok
03:18:02.0255 5612 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
03:18:02.0255 5612 rspndr - ok
03:18:02.0271 5612 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
03:18:02.0271 5612 SamSs - ok
03:18:02.0286 5612 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
03:18:02.0302 5612 sbp2port - ok
03:18:02.0318 5612 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
03:18:02.0333 5612 SCardSvr - ok
03:18:02.0380 5612 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
03:18:02.0396 5612 Schedule - ok
03:18:02.0427 5612 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
03:18:02.0427 5612 SCPolicySvc - ok
03:18:02.0458 5612 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
03:18:02.0458 5612 SDRSVC - ok
03:18:02.0474 5612 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:18:02.0474 5612 secdrv - ok
03:18:02.0505 5612 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
03:18:02.0505 5612 seclogon - ok
03:18:02.0552 5612 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
03:18:02.0552 5612 SENS - ok
03:18:02.0598 5612 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
03:18:02.0598 5612 Serenum - ok
03:18:02.0614 5612 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
03:18:02.0630 5612 Serial - ok
03:18:02.0661 5612 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
03:18:02.0661 5612 sermouse - ok
03:18:02.0692 5612 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
03:18:02.0708 5612 SessionEnv - ok
03:18:02.0723 5612 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
03:18:02.0723 5612 sffdisk - ok
03:18:02.0739 5612 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
03:18:02.0739 5612 sffp_mmc - ok
03:18:02.0754 5612 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
03:18:02.0754 5612 sffp_sd - ok
03:18:02.0770 5612 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
03:18:02.0786 5612 sfloppy - ok
03:18:02.0817 5612 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
03:18:02.0832 5612 ShellHWDetection - ok
03:18:02.0848 5612 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
03:18:02.0848 5612 sisagp - ok
03:18:02.0864 5612 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
03:18:02.0864 5612 SiSRaid2 - ok
03:18:02.0879 5612 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
03:18:02.0879 5612 SiSRaid4 - ok
03:18:02.0973 5612 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
03:18:02.0973 5612 SkypeUpdate - ok
03:18:03.0113 5612 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
03:18:03.0191 5612 slsvc - ok
03:18:03.0300 5612 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
03:18:03.0316 5612 SLUINotify - ok
03:18:03.0347 5612 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
03:18:03.0347 5612 Smb - ok
03:18:03.0425 5612 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
03:18:03.0425 5612 SNMPTRAP - ok
03:18:03.0456 5612 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
03:18:03.0456 5612 spldr - ok
03:18:03.0503 5612 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
03:18:03.0519 5612 Spooler - ok
03:18:03.0550 5612 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
03:18:03.0566 5612 srv - ok
03:18:03.0581 5612 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
03:18:03.0597 5612 srv2 - ok
03:18:03.0612 5612 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
03:18:03.0612 5612 srvnet - ok
03:18:03.0644 5612 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
03:18:03.0644 5612 SSDPSRV - ok
03:18:03.0675 5612 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
03:18:03.0675 5612 SstpSvc - ok
03:18:03.0722 5612 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
03:18:03.0753 5612 stisvc - ok
03:18:03.0768 5612 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
03:18:03.0768 5612 swenum - ok
03:18:03.0862 5612 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:18:03.0878 5612 SwitchBoard - ok
03:18:03.0956 5612 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
03:18:03.0971 5612 swprv - ok
03:18:04.0002 5612 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
03:18:04.0002 5612 Symc8xx - ok
03:18:04.0018 5612 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
03:18:04.0018 5612 Sym_hi - ok
03:18:04.0034 5612 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
03:18:04.0034 5612 Sym_u3 - ok
03:18:04.0065 5612 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
03:18:04.0112 5612 SysMain - ok
03:18:04.0158 5612 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
03:18:04.0158 5612 TabletInputService - ok
03:18:04.0190 5612 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
03:18:04.0205 5612 TapiSrv - ok
03:18:04.0221 5612 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
03:18:04.0221 5612 TBS - ok
03:18:04.0283 5612 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
03:18:04.0299 5612 Tcpip - ok
03:18:04.0314 5612 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
03:18:04.0330 5612 Tcpip6 - ok
03:18:04.0346 5612 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
03:18:04.0346 5612 tcpipreg - ok
03:18:04.0377 5612 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
03:18:04.0377 5612 TDPIPE - ok
03:18:04.0377 5612 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
03:18:04.0392 5612 TDTCP - ok
03:18:04.0408 5612 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
03:18:04.0408 5612 tdx - ok
03:18:04.0439 5612 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
03:18:04.0439 5612 TermDD - ok
03:18:04.0455 5612 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
03:18:04.0486 5612 TermService - ok
03:18:04.0517 5612 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
03:18:04.0517 5612 Themes - ok
03:18:04.0533 5612 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
03:18:04.0548 5612 THREADORDER - ok
03:18:04.0564 5612 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
03:18:04.0580 5612 TrkWks - ok
03:18:04.0611 5612 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
03:18:04.0611 5612 TrustedInstaller - ok
03:18:04.0642 5612 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:18:04.0642 5612 tssecsrv - ok
03:18:04.0673 5612 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
03:18:04.0689 5612 tunmp - ok
03:18:04.0704 5612 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
03:18:04.0704 5612 tunnel - ok
03:18:04.0736 5612 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
03:18:04.0736 5612 uagp35 - ok
03:18:04.0767 5612 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
03:18:04.0782 5612 udfs - ok
03:18:04.0829 5612 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
03:18:04.0845 5612 UI0Detect - ok
03:18:04.0860 5612 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
03:18:04.0860 5612 uliagpkx - ok
03:18:04.0892 5612 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
03:18:04.0907 5612 uliahci - ok
03:18:04.0938 5612 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
03:18:04.0938 5612 UlSata - ok
03:18:04.0970 5612 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
03:18:04.0970 5612 ulsata2 - ok
03:18:05.0001 5612 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
03:18:05.0001 5612 umbus - ok
03:18:05.0016 5612 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
03:18:05.0032 5612 upnphost - ok
03:18:05.0079 5612 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
03:18:05.0094 5612 USBAAPL - ok
03:18:05.0126 5612 usbbus - ok
03:18:05.0172 5612 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
03:18:05.0188 5612 usbccgp - ok
03:18:05.0204 5612 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
03:18:05.0219 5612 usbcir - ok
03:18:05.0219 5612 UsbDiag - ok
03:18:05.0266 5612 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
03:18:05.0266 5612 usbehci - ok
03:18:05.0297 5612 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
03:18:05.0297 5612 usbhub - ok
03:18:05.0313 5612 USBModem - ok
03:18:05.0344 5612 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
03:18:05.0344 5612 usbohci - ok
03:18:05.0375 5612 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
03:18:05.0375 5612 usbprint - ok
03:18:05.0406 5612 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:18:05.0406 5612 USBSTOR - ok
03:18:05.0438 5612 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
03:18:05.0438 5612 usbuhci - ok
03:18:05.0484 5612 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
03:18:05.0484 5612 UxSms - ok
03:18:05.0531 5612 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
03:18:05.0547 5612 vds - ok
03:18:05.0578 5612 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
03:18:05.0594 5612 vga - ok
03:18:05.0625 5612 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
03:18:05.0625 5612 VgaSave - ok
03:18:05.0656 5612 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
03:18:05.0656 5612 viaagp - ok
03:18:05.0672 5612 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
03:18:05.0672 5612 ViaC7 - ok
03:18:05.0703 5612 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
03:18:05.0703 5612 viaide - ok
03:18:05.0734 5612 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
03:18:05.0734 5612 volmgr - ok
03:18:05.0765 5612 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
03:18:05.0781 5612 volmgrx - ok
03:18:05.0796 5612 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
03:18:05.0812 5612 volsnap - ok
03:18:05.0828 5612 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
03:18:05.0828 5612 vsmraid - ok
03:18:05.0890 5612 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
03:18:05.0921 5612 VSS - ok
03:18:05.0952 5612 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
03:18:05.0984 5612 VSTHWBS2 - ok
03:18:06.0015 5612 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
03:18:06.0046 5612 VST_DPV - ok
03:18:06.0077 5612 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
03:18:06.0093 5612 W32Time - ok
03:18:06.0124 5612 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
03:18:06.0124 5612 WacomPen - ok
03:18:06.0155 5612 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:18:06.0155 5612 Wanarp - ok
03:18:06.0155 5612 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:18:06.0155 5612 Wanarpv6 - ok
03:18:06.0186 5612 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
03:18:06.0202 5612 wcncsvc - ok
03:18:06.0218 5612 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
03:18:06.0218 5612 WcsPlugInService - ok
03:18:06.0233 5612 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
03:18:06.0233 5612 Wd - ok
03:18:06.0264 5612 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
03:18:06.0280 5612 Wdf01000 - ok
03:18:06.0327 5612 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
03:18:06.0327 5612 WdiServiceHost - ok
03:18:06.0327 5612 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
03:18:06.0327 5612 WdiSystemHost - ok
03:18:06.0342 5612 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
03:18:06.0358 5612 WebClient - ok
03:18:06.0389 5612 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
03:18:06.0389 5612 Wecsvc - ok
03:18:06.0420 5612 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
03:18:06.0420 5612 wercplsupport - ok
03:18:06.0436 5612 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
03:18:06.0436 5612 WerSvc - ok
03:18:06.0483 5612 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
03:18:06.0498 5612 winachsf - ok
03:18:06.0498 5612 WinHttpAutoProxySvc - ok
03:18:06.0545 5612 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
03:18:06.0561 5612 Winmgmt - ok
03:18:06.0623 5612 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
03:18:06.0686 5612 WinRM - ok
03:18:06.0732 5612 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
03:18:06.0748 5612 Wlansvc - ok
03:18:06.0795 5612 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
03:18:06.0795 5612 WmiAcpi - ok
03:18:06.0842 5612 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
03:18:06.0857 5612 wmiApSrv - ok
03:18:06.0951 5612 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
03:18:06.0966 5612 WMPNetworkSvc - ok
03:18:06.0998 5612 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
03:18:06.0998 5612 WPCSvc - ok
03:18:07.0029 5612 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
03:18:07.0029 5612 WPDBusEnum - ok
03:18:07.0076 5612 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
03:18:07.0076 5612 WpdUsb - ok
03:18:07.0200 5612 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:18:07.0232 5612 WPFFontCache_v0400 - ok
03:18:07.0278 5612 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
03:18:07.0278 5612 ws2ifsl - ok
03:18:07.0310 5612 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
03:18:07.0310 5612 WSDPrintDevice - ok
03:18:07.0325 5612 WSearch - ok
03:18:07.0372 5612 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:18:07.0372 5612 WUDFRd - ok
03:18:07.0403 5612 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
03:18:07.0403 5612 wudfsvc - ok
03:18:07.0450 5612 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
03:18:07.0606 5612 \Device\Harddisk0\DR0 - ok
03:18:07.0606 5612 Boot (0x1200) (ae478317e188d4727e1bebcc3fa5c2e9) \Device\Harddisk0\DR0\Partition0
03:18:07.0606 5612 \Device\Harddisk0\DR0\Partition0 - ok
03:18:07.0606 5612 ============================================================
03:18:07.0606 5612 Scan finished
03:18:07.0606 5612 ============================================================
03:18:07.0637 4060 Detected object count: 0
03:18:07.0637 4060 Actual detected object count: 0
03:18:36.0293 0724 ============================================================
03:18:36.0293 0724 Scan started
03:18:36.0293 0724 Mode: Manual;
03:18:36.0293 0724
kkj1116 is offline  
Sponsored Links
Advertisement
 
Old 07-24-2012, 07:22 AM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thank you. :)

Download ComboFix from here


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-24-2012, 02:28 PM   #5
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



I downloaded and ran ComboFix, and it froze about 2/3 way. I retried running it, and it gave me a prompt (I forgot what they said).

I tried restarting the computer but it went into Blue Screen mode.
It went into a cycle of where the computer asked me if I wanted to go into Safe Mode.
Even going in Safe Mode crashed my computer (Blue Screen) so I had to boot from a Windows Vista Installation Disc and Repair.
The Repair prompted me for a System Restore and I clicked "Yes".
Should I try running Combo Fix again?

*Catchme.log was the only thing that was saved onto my desktop after installing ComboFix
* After System Restore, Microsoft Security Essentials is back. I had uninstalled it before because I tried to scan with it, and it went into a cycle of 1-minute restarts and rebooting.
* The restart cycle is back. It's going to reboot in 1 minute so I have to unplug the internet, uninstall Security Essentaisl, and reboot to stop the cycle.

File "C:\32788R22FWJFW\MT_services.exe.tmp" added successfully
kkj1116 is offline  
Old 07-24-2012, 05:55 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Before running ComboFix again, I'd like to see where we're at. Please run a scan with dds.scr and post the dds.txt.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-24-2012, 08:53 PM   #7
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 19:49:11 on 2012-07-24
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\antivirus\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20100303.cab
TCP: Interfaces\{69E577B8-C8A2-4441-A9EF-94B765D84D1D} : NameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? SkypeUpdate;Skype Updater
R? SwitchBoard;Adobe SwitchBoard
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WSDPrintDevice;WSD Print Support via UMB
S? AdobeARMservice;Adobe Acrobat Update Service
S? AERTFilters;Andrea RT Filters Service
S? amacpi;Microsoft Away Mode System
S? FontCache;Windows Font Cache Service
S? VST_DPV;VST_DPV
S? VSTHWBS2;VSTHWBS2
.
=============== Created Last 30 ================
.
2012-07-24 19:33:57 -------- d-s---w- C:\ComboFix
2012-07-24 19:17:24 -------- d-sh--w- C:\found.004
2012-07-20 03:43:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 20:23:15 -------- d-----w- c:\users\administrator\appdata\local\Downloaded Installations
2012-07-11 18:27:31 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:07:17 -------- d-----w- c:\program files\WinSCP
2012-07-11 05:57:19 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 05:57:15 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:57:14 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:57:12 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:57:11 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:57:11 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-09 05:08:45 -------- d-----w- c:\program files\GOG.com
.
==================== Find3M ====================
.
2012-07-24 20:44:56 279552 ----a-w- c:\windows\system32\services.exe
2012-07-12 06:23:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 06:23:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-14 01:15:24 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-14 01:15:24 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:51:05.85 ===============
kkj1116 is offline  
Old 07-24-2012, 09:25 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



I'm going to have you run ComboFix again but before you do, I'd like for you to be prepared for 'Plan B' in case the same thing happens.

Download Farbar Recovery Scan Tool and save it to a flash drive. Don't use it yet, but keep it at hand.

==========================================

Double click ComboFix.exe and follow all prompts. Post the ComboFix.txt when it has completed.

==========================================

If you experience the same continued bsod, plug the flashdrive into the PC.

Boot from your Vista Install disc.

In the options menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-25-2012, 01:46 AM   #9
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



The same thing as before is happening again. I have attached a screenshot of the error message.

I am going to restart and follow the rest of the instructions now.

* Edit: The last time I tried to install ComboFix, it froze at the last message. Then I retried and got the same error on the screenshot. I restarted my computer and entered into the BSOD cycle.

This time when I tried installing, it froze at the same spot, but after waiting a bit it continued and gave me a message about how ComboFix was already installed and then gave me the message on the screenshot. I tried restarting my computer but nothing happens, it boots normally. No ComboFix log though.

Sorry for the trouble, but: Am I supposed to run a ComboFix program after I go through the installation? I thought the "installation" itself was the thing that would give me a log.
Attached Thumbnails
Click image for larger version

Name:	cf.jpg
Views:	40
Size:	29.9 KB
ID:	113260  
kkj1116 is offline  
Old 07-25-2012, 01:44 PM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You are correct, there is nothing to install. It runs from that .exe.

Delete the C:\ComboFix folder if it exists, then try running ComboFix in Safe Mode. If it still errors out, then proceed with FRST instructions.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-26-2012, 11:52 PM   #11
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 22:44:51
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Administrator\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Default\...\Run: [ooVoo] C\ooVoo.exe /minimized [x]
HKU\Default User\...\Run: [ooVoo] C\ooVoo.exe /minimized [x]
Tcpip\..\Interfaces\{69E577B8-C8A2-4441-A9EF-94B765D84D1D}: [NameServer]192.168.2.1
================================ Services (Whitelisted) ==================
2 AERTFilters; C:\Windows\System32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-03] (Skype Technologies)
========================== Drivers (Whitelisted) =============
0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-18] (Microsoft Corporation)
3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-31] (Logitech Inc.)
3 NVNET; C:\Windows\System32\DRIVERS\nvmfdx32.sys [292712 2010-08-12] (NVIDIA Corporation)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Logitech Inc.)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [251904 2006-11-01] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2006-11-01] (Conexant Systems, Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-26 22:44 - 2012-07-26 22:44 - 00000000 ____D C:\FRST
2012-07-26 21:23 - 2012-07-26 21:26 - 00000000 ____D C:\Windows\erdnt
2012-07-26 13:16 - 2012-07-26 13:16 - 00036918 ____A C:\Users\Administrator\Desktop\Tileset11.bmp
2012-07-24 23:41 - 2012-07-24 23:41 - 04584441 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-24 23:30 - 2012-07-24 23:30 - 00001037 ____A C:\Users\Administrator\Desktop\Crystal Map.lnk
2012-07-24 23:10 - 2011-08-20 12:46 - 00009270 ____A C:\Users\Administrator\Desktop\GoldTitle.bmp
2012-07-24 12:21 - 2012-07-24 12:21 - 00142872 ____A C:\Windows\Minidump\Mini072412-01.dmp
2012-07-24 11:27 - 2012-07-24 11:27 - 00000064 ____A C:\Users\Administrator\Desktop\catchme.log
2012-07-24 11:26 - 2012-07-26 21:27 - 00000000 ___SD C:\32788R22FWJFW
2012-07-24 11:26 - 2012-07-26 21:26 - 00000000 ____D C:\Qoobox
2012-07-24 11:17 - 2012-07-24 11:17 - 00000000 __SHD C:\found.004
2012-07-21 22:23 - 2012-07-21 22:23 - 00001022 ____A C:\Users\Administrator\Desktop\Gold Map.lnk
2012-07-21 19:20 - 2012-07-24 13:20 - 00000000 ____D C:\Users\Administrator\Desktop\antivirus
2012-07-21 16:48 - 2012-07-24 02:23 - 00000434 ____A C:\Users\Administrator\Desktop\connection.txt
2012-07-20 20:56 - 2012-07-24 12:21 - 133231122 ____A C:\Windows\MEMORY.DMP
2012-07-20 20:56 - 2012-07-20 20:56 - 00146360 ____A C:\Windows\Minidump\Mini072012-01.dmp
2012-07-20 11:21 - 2012-07-22 00:39 - 00000370 ____A C:\rkill.log
2012-07-20 00:45 - 2012-07-24 12:13 - 00012418 ____A C:\Windows\PFRO.log
2012-07-19 19:43 - 2012-07-19 19:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-18 10:06 - 2012-07-18 10:06 - 00000000 ____A C:\Windows\setuperr.log
2012-07-18 10:06 - 2012-07-18 10:06 - 00000000 ____A C:\Windows\setupact.log
2012-07-17 12:23 - 2012-07-17 12:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2012-07-13 09:01 - 2012-07-13 09:16 - 00000463 ____A C:\Users\Administrator\Desktop\colleges.txt
2012-07-11 10:27 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 10:23 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 10:23 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 10:23 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 10:23 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 10:23 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 10:23 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 10:23 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 10:23 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 10:23 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 10:23 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 10:23 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 10:23 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 10:22 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 10:22 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:07 - 2012-07-11 00:07 - 00000000 ____D C:\Program Files\WinSCP
2012-07-10 22:27 - 2012-07-10 22:48 - 00000000 ____D C:\Users\Administrator\Downloads\Rise Against
2012-07-10 21:57 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:57 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:57 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:57 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:57 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:57 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 10:07 - 2012-07-26 21:15 - 03613320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-09 14:17 - 2012-07-25 20:12 - 00000990 ____A C:\Users\Administrator\Desktop\Mega Map.lnk
2012-07-09 13:26 - 2012-07-25 14:02 - 00055552 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-09 01:05 - 2012-07-09 01:05 - 00001186 ____A C:\Users\Administrator\Desktop\Wild Pokemon Editor.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001067 ____A C:\Users\Administrator\Desktop\AGIXP.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001066 ____A C:\Users\Administrator\Desktop\Tileset Editor.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001013 ____A C:\Users\Administrator\Desktop\Johto Map.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001008 ____A C:\Users\Administrator\Desktop\APoint.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001003 ____A C:\Users\Administrator\Desktop\Tile Layer Pro.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00000984 ____A C:\Users\Administrator\Desktop\Gold Finger.lnk
2012-07-08 21:09 - 2012-07-08 21:17 - 00002059 ____A C:\Users\Public\Desktop\Rayman.lnk
2012-07-08 21:08 - 2012-07-08 21:08 - 00000000 ____D C:\Program Files\GOG.com
2012-07-08 20:15 - 2012-07-24 13:20 - 00000000 ____D C:\Users\Administrator\Documents\Visual Boy Advance
2012-07-08 20:15 - 2012-07-24 13:20 - 00000000 ____D C:\Users\Administrator\Documents\TGB Dual
2012-07-08 19:44 - 2012-05-18 21:51 - 00000000 ____D C:\Users\Administrator\Documents\RGBDS
2012-07-08 19:44 - 2012-05-17 22:05 - 00000000 ____D C:\Users\Administrator\Documents\BGB
2012-07-03 23:15 - 2012-07-03 23:19 - 00000000 ____D C:\Users\Administrator\Documents\Rayman Backgrounds
2012-07-01 12:29 - 2012-07-20 11:58 - 00000000 ____D C:\Users\Administrator\Documents\AP Psych
============ 3 Months Modified Files ========================
2012-07-26 21:37 - 2006-11-02 05:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 21:37 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 21:37 - 2006-11-02 04:47 - 00003792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 21:37 - 2006-11-02 04:47 - 00003792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 21:19 - 2006-11-02 04:52 - 00841776 ____A C:\Windows\WindowsUpdate.log
2012-07-26 21:15 - 2012-07-10 10:07 - 03613320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-26 20:23 - 2012-04-03 19:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-26 15:23 - 2012-04-03 19:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-26 15:23 - 2011-08-18 19:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-26 13:16 - 2012-07-26 13:16 - 00036918 ____A C:\Users\Administrator\Desktop\Tileset11.bmp
2012-07-25 20:12 - 2012-07-09 14:17 - 00000990 ____A C:\Users\Administrator\Desktop\Mega Map.lnk
2012-07-25 14:02 - 2012-07-09 13:26 - 00055552 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-24 23:41 - 2012-07-24 23:41 - 04584441 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-07-24 23:39 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 23:30 - 2012-07-24 23:30 - 00001037 ____A C:\Users\Administrator\Desktop\Crystal Map.lnk
2012-07-24 13:20 - 2006-11-02 02:22 - 36700160 ____A C:\Windows\System32\config\software_previous
2012-07-24 13:20 - 2006-11-02 02:22 - 17301504 ____A C:\Windows\System32\config\system_previous
2012-07-24 13:17 - 2006-11-02 02:22 - 43253760 ____A C:\Windows\System32\config\components_previous
2012-07-24 13:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-07-24 12:55 - 2011-08-19 03:07 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-24 12:21 - 2012-07-24 12:21 - 00142872 ____A C:\Windows\Minidump\Mini072412-01.dmp
2012-07-24 12:21 - 2012-07-20 20:56 - 133231122 ____A C:\Windows\MEMORY.DMP
2012-07-24 12:13 - 2012-07-20 00:45 - 00012418 ____A C:\Windows\PFRO.log
2012-07-24 12:07 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-07-24 12:07 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-07-24 11:27 - 2012-07-24 11:27 - 00000064 ____A C:\Users\Administrator\Desktop\catchme.log
2012-07-24 02:23 - 2012-07-21 16:48 - 00000434 ____A C:\Users\Administrator\Desktop\connection.txt
2012-07-23 02:30 - 2011-12-27 12:40 - 00000600 ____A C:\Users\Administrator\AppData\Roaming\winscp.rnd
2012-07-22 00:39 - 2012-07-20 11:21 - 00000370 ____A C:\rkill.log
2012-07-21 22:23 - 2012-07-21 22:23 - 00001022 ____A C:\Users\Administrator\Desktop\Gold Map.lnk
2012-07-20 20:56 - 2012-07-20 20:56 - 00146360 ____A C:\Windows\Minidump\Mini072012-01.dmp
2012-07-18 10:06 - 2012-07-18 10:06 - 00000000 ____A C:\Windows\setuperr.log
2012-07-18 10:06 - 2012-07-18 10:06 - 00000000 ____A C:\Windows\setupact.log
2012-07-13 09:16 - 2012-07-13 09:01 - 00000463 ____A C:\Users\Administrator\Desktop\colleges.txt
2012-07-11 10:24 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-09 01:05 - 2012-07-09 01:05 - 00001186 ____A C:\Users\Administrator\Desktop\Wild Pokemon Editor.lnk
2012-07-09 00:08 - 2011-11-20 13:43 - 00104088 ___AH C:\Windows\System32\mlfcache.dat
2012-07-08 23:13 - 2012-07-08 23:13 - 00001067 ____A C:\Users\Administrator\Desktop\AGIXP.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001066 ____A C:\Users\Administrator\Desktop\Tileset Editor.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001013 ____A C:\Users\Administrator\Desktop\Johto Map.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001008 ____A C:\Users\Administrator\Desktop\APoint.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00001003 ____A C:\Users\Administrator\Desktop\Tile Layer Pro.lnk
2012-07-08 23:13 - 2012-07-08 23:13 - 00000984 ____A C:\Users\Administrator\Desktop\Gold Finger.lnk
2012-07-08 21:17 - 2012-07-08 21:09 - 00002059 ____A C:\Users\Public\Desktop\Rayman.lnk
2012-07-03 23:22 - 2011-08-18 17:43 - 00178688 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-03 12:46 - 2012-05-05 11:23 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 01:31 - 2012-06-22 01:30 - 00000132 ____A C:\Users\Administrator\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-06-13 05:40 - 2012-07-11 10:27 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 11:38 - 2011-08-19 02:47 - 00001119 ___AH C:\IPH.PH
2012-06-09 11:19 - 2012-06-09 11:19 - 00000921 ____A C:\Users\Administrator\Desktop\The Frozen Throne.lnk
2012-06-08 09:47 - 2012-07-10 21:57 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-07 14:40 - 2012-06-07 14:39 - 00000132 ____A C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-06-05 08:47 - 2012-07-10 21:57 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-10 21:57 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-10 21:57 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 00:59 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 00:59 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 00:59 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 00:58 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 00:58 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 00:57 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 00:59 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 00:58 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 00:57 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 10:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 10:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 10:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 10:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 10:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 10:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 10:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 10:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 10:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 10:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 10:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 10:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 10:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 10:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-10 21:57 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-10 21:57 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-22 17:08 - 2012-05-22 15:34 - 00000132 ____A C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-05-14 20:06 - 2012-05-14 20:06 - 00000514 ____A C:\Users\Administrator\Desktop\Fraps.lnk
2012-05-13 17:15 - 2012-05-13 17:15 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-13 17:15 - 2012-05-13 17:15 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-13 17:15 - 2012-05-13 17:15 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-13 17:15 - 2012-05-13 17:15 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-13 17:15 - 2011-08-19 15:00 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-01 06:03 - 2012-06-12 13:30 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

ZeroAccess:
C:\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}
C:\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\L
C:\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U
ZeroAccess:
C:\Users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}
C:\Users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\L
C:\Users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 36%
Total physical RAM: 957.88 MB
Available physical RAM: 610.89 MB
Total Pagefile: 803.26 MB
Available Pagefile: 658.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:288.04 GB) (Free:141.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (VISTA_32_PREMIUM) (CDROM) (Total:2.84 GB) (Free:0 GB) CDFS
3 Drive e: (BEN) (Removable) (Total:7.43 GB) (Free:6.87 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 10 GB
Disk 1 Online 7632 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 288 GB 10 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 47 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 288 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7629 MB 3180 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E BEN FAT32 Removable 7629 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-26 12:35
======================= End Of Log ==========================
kkj1116 is offline  
Old 07-27-2012, 08:11 AM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Before we proceed with the fix, navigate to this file:

C:\Windows\Minidump\Mini072412-01.dmp

Right click the file and select Send To>Compressed (zipped) folder. It should prompt you to save it to the desktop.
  • Please visit this site --> Submit Malware Sample

  • In the Link to topic where this file was requested area, copy and paste this link --> http://www.techsupportforum.com/forums/f50/redirect-virus-is-worse-than-i-had-thought-656553.html

  • Click on the Browse button and browse to where the Mini072412-01.zip folder is located. Double click so the path shows up in the File Name box.

  • Then click Send File

  • Once it shows:
    Quote:
    Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
  • Close the site and let me know when you've finished that upload.

====================================

Next, it is likely that you'll lose internet after we pull out the ZAccess folders. In anticipation of that, please download the following tools and save them to your flash drive in case we need them:

MiniToolBox
Farbar Service Scanner

====================================

Now, on to the fix.

Open notepad. Please copy the contents inside the quote box below into Notepad.

Quote:
C:\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}
C:\Users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}
C:\Windows\assembly\GAC\Desktop.ini
Save this as fixlist.txt and save it to the same flash drive where FRST.exe is located.


Same as you did before, boot into Repair your computer > Command Prompt.

At the prompt, type in the following and press Enter to launch FRST.exe

e:\frst.exe

When the tool opens, click the Fix button just once, and wait.

When it has completed, exit the Command prompt and restart the computer.

The tool will have made a log on your flash drive named Fix.txt Post that log in your next reply.

===================================

If after the fix you find that you have no internet, please run the tools you downloaded earlier:

Double click FSS.exe (Farbar's Service Scanner) to open it.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

=================================

Double click MiniToolBox.exe to launch that tool. Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-27-2012, 04:29 PM   #13
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



I have uploaded the file. The .zip folder did not ask me to save to the desktop, it saved to the path I navigated to. But I moved the zip folder to the desktop. I'm thinking this is not a huge deal.

I am going to try the fix now.

Thank you again for the help. I appreciate it very much.
kkj1116 is offline  
Old 07-27-2012, 04:43 PM   #14
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



FRST created a file named "fixlog.txt" instead of "fix.txt" but I think it is the same. My internet worked after the restart so here is the result of that log file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-27 15:38:44 Run:1
Running from E:\
==============================================
C:\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5} moved successfully.
C:\Users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
==== End of Fixlog ====
kkj1116 is offline  
Old 07-27-2012, 06:27 PM   #15
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Excellent, and thanks for the upload.

Now try again to run ComboFix. Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts. If it alerts you that an update is available, please allow it to update.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-28-2012, 11:04 PM   #16
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



ComboFix 12-07-27.03 - Administrator 07/28/2012 21:37:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.402 [GMT -7:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\@
c:\users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\n
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\@
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\L\[email protected]
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\L\1afb2d56
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\L\201d3dde
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\n
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected]
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected]
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected]
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected]
c:\windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected]
.
c:\windows\system32\services.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 04:46 . 2012-07-29 04:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-29 04:46 . 2012-07-29 04:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 06:44 . 2012-07-27 06:44 -------- d-----w- C:\FRST
2012-07-24 19:17 . 2012-07-24 19:17 -------- d-----w- C:\found.004
2012-07-20 03:43 . 2012-07-20 03:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 20:23 . 2012-07-17 20:23 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2012-07-11 18:27 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:07 . 2012-07-11 08:07 -------- d-----w- c:\program files\WinSCP
2012-07-11 05:57 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 05:57 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:57 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 05:57 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:57 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 05:57 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-09 05:08 . 2012-07-09 05:08 -------- d-----w- c:\program files\GOG.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 23:23 . 2012-04-04 03:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 23:23 . 2011-08-19 03:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-05-05 19:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 08:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 08:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:59 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 08:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 08:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 08:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 08:58 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-14 01:15 . 2012-05-14 01:15 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-14 01:15 . 2011-08-19 23:00 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 14:03 . 2012-06-12 21:30 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{69E577B8-C8A2-4441-A9EF-94B765D84D1D}: NameServer = 192.168.2.1
DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20100303.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-28 21:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,c6,88,1f,38,26,cd,01
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,de,
c5,72,f3,36,08,a6,77,d7,65,c6,83,ce,b2
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:9f,4c,24,fd,5a,5e,cc,01
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,f7,a3,07,4f,15,3e,44,92,f6,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,f7,a3,07,4f,15,3e,44,92,f6,d1,\
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="avifile"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Paint.Picture"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp3"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rbc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Rubikon.script"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AMXX_Studio.exe"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1470426689-753794680-3828612783-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4028)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-28 21:57:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 04:56
.
Pre-Run: 150,661,206,016 bytes free
Post-Run: 150,935,355,392 bytes free
.
- - End Of File - - 533FCE89D44E3F24C85A8481299149AD
kkj1116 is offline  
Old 07-28-2012, 11:14 PM   #17
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Much better.

It's important to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

How is the machine behaving now?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-30-2012, 02:29 PM   #18
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



It is much better, no more redirects and popups.
Still some lag spikes but they seem to be normal.
I ran the scan and there are still viruses on my machine, however.

C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected] Win32/Conedex.D trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected] Win32/Conedex.E trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected] a variant of Win32/Sirefef.FA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edbefd47-958e-c3b7-7408-150d4b8bebe5}\U\[email protected] a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win32/Sirefef.FB.Gen trojan
kkj1116 is offline  
Old 07-30-2012, 03:10 PM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Glad to hear the machine is behaving as expected.

Those findings by Eset are backups that were made during the course of this fix. This last clean up step will take care of clearing those out.

Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.


On your keyboard, press the Windows Logo key and the letter R to bring up the Run command box. Copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - https://www.windowsupdate.com
    Ensure Windows Update is enabled. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, and revisit the site until there are no more critical updates.
  • WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.

  • Scan here Free Online Computer Scan - Online Software Inspector (OSI) - Secunia for out of date & vulnerable common applications on your computer

  • BACKING UP YOUR REGISTRY
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

    Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-31-2012, 12:37 AM   #20
Registered Member
 
Join Date: Dec 2010
Posts: 71
OS:



Thanks so much Ried. I am glad that the world has people like you - true altruism!

I copied and pasted the command into Run. It tells me that Windows cannot find "ComboFix".

I reinstalled Microsoft Security Essentials and found the backups. May I delete them?
kkj1116 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus slowing down my PC and blocking me out to remove it.
Hi. I've been having this problem with a virus for sometime now it is slowing down my computer blocks me to use famous antiviruses websites and i keep getting this msg telling me that MBAM cough a Trojan.Downloader virus in system32 i keep getting it like every 15 minutes and i have alot of...
Znoti Resolved HJT Threads 15 04-18-2012 03:49 PM
google redirect virus
I am experiencing a problem that I have seen being called the google redirect virus. All search engine result links redirect me to incorrect search or ad pages. I attempted to rid the virus using programs from online advice (e.g. tdsskiller, antimalwarebytes, manuel fixes) to no avail. The scans...
robk22 Resolved HJT Threads 16 08-25-2011 12:53 PM
Blue Screen of Death AND Google Redirect Virus?!?!
Hey guys! :) So as of last night, my computer has been experiencing many problems that seem to just get worse and worse. It started with a Google search that I was doing; I must have clicked on a bad link or something because then my computer kept asking me for permission to install some sort...
breakthesky Virus/Trojan/Spyware Help 1 04-23-2011 04:36 PM
google redirect + another virus
I have the google redirect virus and a virus that brings up new anti virus software that it asks me to download. Sometimes it wont let me open any other programs and when i click internet explorer it brings up a message that my computer is unprotected and i cant go to any other website. I have...
jakobmatics Resolved HJT Threads 1 01-10-2011 03:45 AM
Google redirect virus, center mouse auto scrolling virus
I have two issue at the same time. First is the google redirect virus. I have mcafee antivirus. I have installed Malwarebytes. I have scanned using both and it is not getting deducted. Also, I installed Hijackthis, Hitman Pro, other anti malware and anti sypware software and scanned. None is...
sudarshanbala Resolved HJT Threads 1 01-09-2011 04:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:57 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts