Solved PC starts only in SAFE mode after a Facebook/Youtube viruse removal

Status
Not open for further replies.
I

InfectedTony

Posts: 9   +0
Hi!

My girlfriend got a FaceBook message, containing a link for a YouTube video. She couldn't open it, it was a fake youtube site which required the update of a fake flash player, which was the virus. So she infected her laptop, after that i tried to open the link on my PC (she send it through email so i didn't see the message) and then i also got infected, argh stupid me :) After that my PC shut down and we scanned both PC's with Malwarebytes and SuperAntispyware. Her laptop is now ok, but my PC is now starting only in safe mode. I saw this thread https://www.techspot.com/vb/topic158377-2.html, where someone had a similar problem.
Should i follow the steps you advised there?
I am really worried that my passwords were stolen and that i still might have some viruses on PC which SAS and MLWB couldn't detect. Now i'm wondering if i should just do a clean reinstall of windows 7 64bit (alot of work, because of a time consuming program to install - HoldemManager (a poker tracking software) - copying all the handhistory files takes a long time) or can i be sure that i have every nasty stuff removed?

Please help me out,
Thank You
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Safe Mode will be fine for now.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hey ;)

Before i found the pasted thread and so this forum through google search i already tried a few stuff myself, like scanning with SAS and MBAM. I also tried a system restore which now i see i shouldn't have done. It didn't restore to the last windows update (20.8.), it stayed like it is.
I use a TP-link wireless usb on this PC. Which now doesn't work, so i tried with the cable but again i can't acces the net (sound also doesn't work). Then i transfered Avira antivirus installer to the pc through usb, the front ports don't work but the back ones do. When i doubleclick on Remove Disk i get "Application not found" message, but opening in new window works. Scanning found 4 viruses which are now removed. I'm not sure if the virus database is updated when you first install the program (i downloaded the program today).

Here is the log for MBAM scan (updated database, scanned before PC went to safe mode; i probably ran SAS at the same time, which i usually did):

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7537

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

22.8.2011 20:36:57
mbam-log-2011-08-22 (20-36-57).txt

Scan type: Quick scan
Objects scanned: 187720
Time elapsed: 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1953528.exe (Trojan.Agent) -> Value: 1953528.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\Temp\8995773.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\96896686.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Vatachie\downloads\flash-player(1).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Vatachie\downloads\flash-player(2).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Vatachie\downloads\flash-player(3).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Vatachie\downloads\flash-player(4).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Vatachie\downloads\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\1843030.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1909658.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1953528.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5942115.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\196863613.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

GMER appeared to scan just for a second after the program launched and after i saved the file it was empty. So i relaunched the program and clicked scan. Scan was only possible for services, registry, files, ADS. Other checkboxes were greyed out so i couldn't select them (automatic scan at startup worked for the another laptop with all the options checked). After the scan i got the message that GMER hasn't found any system modification.

DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Vatachie at 4:55:06 on 2011-08-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.386.1060.18.6142.3426 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\osk.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.si/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_0.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID – Pomoč pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_0.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Google Update] "C:\Users\Vatachie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [osk.exe] osk.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4B53E68D-7B6F-47CE-A02E-DE68A44E28E5} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: ?.?.????5-?0?/?/????/0?/?-?/???8oth C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID - Pomoź pri vpisu: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_0.dll
BHO-X64: BS Player - No File
TB-X64: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
AppInit_DLLs-X64: ?.?.????5-?0?/?/????/0?/?-?/???8oth C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vatachie\AppData\Roaming\Mozilla\Firefox\Profiles\egu9fne3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Vatachie\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-8-23 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-8-23 269480]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-5 136176]
S2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-3-23 65536]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-8-14 30192]
S3 gttap1;GoTrusted-x64 Adapter;C:\Windows\system32\DRIVERS\gttap1.sys --> C:\Windows\system32\DRIVERS\gttap1.sys [?]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-5 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-5 2280312]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2011-08-23 01:37:28 -------- d-----w- C:\Users\Vatachie\AppData\Roaming\Avira
2011-08-23 01:37:04 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-08-23 01:37:04 -------- d-----w- C:\ProgramData\Avira
2011-08-23 01:37:04 -------- d-----w- C:\Program Files (x86)\Avira
2011-08-22 19:44:47 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23AA05E0-D103-45DE-98DB-516EC11E9B2A}\mpengine.dll
2011-08-22 18:13:57 -------- d--h--w- C:\Windows\update.tray-15-0
2011-08-22 18:03:45 -------- d--h--w- C:\Windows\update.2
2011-08-22 18:01:58 -------- d--h--w- C:\Windows\update.5.0
2011-08-22 17:57:19 -------- d--h--w- C:\Windows\update.1
2011-08-17 02:27:08 -------- d-----w- C:\Users\Vatachie\AppData\Roaming\SUPERAntiSpyware.com
2011-08-17 02:26:54 -------- d-----w- C:\ProgramData\!SASCORE
2011-08-14 00:02:09 119808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll
2011-08-13 22:31:05 -------- d-----w- C:\ProgramData\Win7codecs
2011-08-01 17:45:24 1269248 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2011-07-30 09:57:46 3999744 ----a-w- C:\Windows\SysWow64\x264vfw.dll
.
==================== Find3M ====================
.
2011-08-12 14:00:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-01 17:49:04 1555456 ----a-w- C:\Windows\System32\VSFilter.dll
2011-07-30 09:57:48 3835904 ----a-w- C:\Windows\System32\x264vfw.dll
2011-07-23 17:06:14 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-07-23 17:05:46 176640 ----a-w- C:\Windows\System32\ac3acm.acm
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 17:56:50 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-03 20:48:48 144896 ----a-w- C:\Windows\System32\lagarith.dll
2011-07-03 20:48:42 147456 ----a-w- C:\Windows\SysWow64\lagarith.dll
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-17 07:36:08 87040 ----a-w- C:\Windows\System32\xvid.ax
2011-06-17 07:34:42 73728 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-06-17 07:27:42 258560 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-06-17 07:26:10 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-06-17 07:20:04 703488 ----a-w- C:\Windows\System32\xvidcore.dll
2011-06-17 07:17:28 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-05-29 07:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 4:55:14,92 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22.3.2011 17:19:07
System Uptime: 23.8.2011 3:15:10 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | Socket 1366 | 2833/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 119 GiB total, 16,637 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 287,465 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
L: - No root directory. Drive type could not be determined.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP43: 20.8.2011 2:42:29 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
ASIO4ALL
ATI Catalyst Registration
µTorrent
Avira AntiVir Personal - Free Antivirus
Bing Bar
Bing Bar Platform
BS Player Toolbar
BS.Player FREE
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Conduit Engine
D3DX10
DisplayFusion 3.1.6
Download Updater (AOL LLC)
Drift City
FL Studio 10
Free Alpha 3
Gigabyte Raid Cinfigurer
Google Chrome
Google Desktop
Google Update Helper
Google Zemlja
HydraVision
IL Download Manager
ImgBurn
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Junk Mail filter update
KeyTweak - Keyboard Remapper (remove only)
Logitech SetPoint
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0 (x86 sl)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Nero 8
neroxml
Notepad++
ON_OFF Charge B10.0301.1
OpenAL
OpenOffice.org 3.3
OpenVPN Tap Adapter 9.0
OverPlay VPN
Poker Calculator Pro
PokerStars
PokerStove version 1.23
PostgreSQL 8.4
PowerISO
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Reason 5.0
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
SitNGo Wizard
Skype Toolbars
Skype™ 5.3
Smart Buddy
Stamina 2.5
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Sublight 2.7.1
TableNinja
TeamViewer 6
The KMPlayer (remove only)
TmNationsForever
Tournament Shark
TP-LINK Wireless Client Utility
Turbo Sliders (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update Manager B09.1008.1
uTorrentBar Toolbar
VLC media player 1.1.10
Win7codecs
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Winner Poker
.
==== Event Viewer Messages From Past Week ========
.
23.8.2011 4:54:11, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
23.8.2011 3:26:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
23.8.2011 3:20:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23.8.2011 3:17:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
23.8.2011 3:17:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
23.8.2011 3:15:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23.8.2011 3:15:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23.8.2011 3:15:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23.8.2011 3:15:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The DNS Client service depends on the Gonilnik za podporo NetIO za podedovani TDI service which failed to start because of the following error: A device attached to the system is not functioning.
23.8.2011 3:15:21, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
22.8.2011 20:15:08, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
22.8.2011 19:57:48, Error: Service Control Manager [7034] - The srvsysdriver32 service terminated unexpectedly. It has done this 1 time(s).
22.8.2011 1:04:59, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.
17.8.2011 4:26:42, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
17.8.2011 19:28:28, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
After doubleclicking aswMBR i got this message at startup:
"This application can use the Avst! Free Antivirus for scanning.
It is recommended to download it for better detection results.
Would you like to download latest Avast! virus definitions?"

I clicked No, because internet is not working, i hope that's OK?

anwMBR:

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-23 12:39:27
-----------------------------
12:39:27.791 OS Version: Windows x64 6.1.7601 Service Pack 1
12:39:27.791 Number of processors: 8 586 0x1A05
12:39:27.791 ComputerName: VENTILATORRR UserName: Vatachie
12:39:28.118 Initialize success
12:44:59.712 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:44:59.712 Disk 0 Vendor: WDC_WD15 80.0 Size: 1430799MB BusType: 3
12:44:59.712 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:44:59.728 Disk 1 Vendor: KINGSTON D100 Size: 122104MB BusType: 3
12:44:59.728 Disk 1 MBR read successfully
12:44:59.728 Disk 1 MBR scan
12:44:59.728 Disk 1 Windows 7 default MBR code
12:44:59.728 Service scanning
12:45:00.602 Modules scanning
12:45:00.602 Disk 1 trace - called modules:
12:45:00.617 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:45:00.633 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006302060]
12:45:00.664 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8005ccf050]
12:45:00.695 Scan finished successfully
12:45:45.514 Disk 1 MBR has been saved successfully to "C:\Users\Vatachie\Desktop\MBR.dat"
12:45:45.514 The log file has been saved successfully to "C:\Users\Vatachie\Desktop\aswMBR.txt"


ComboFix:

ComboFix 11-08-23.01 - Vatachie 23.08.2011 12:49:06.1.8 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.386.1060.18.6142.5422 [GMT 2:00]
Running from: c:\users\Vatachie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 10:51 . 2011-08-23 10:51 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-08-23 10:51 . 2011-08-23 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 01:37 . 2011-08-23 01:37 -------- d-----w- c:\users\Vatachie\AppData\Roaming\Avira
2011-08-23 01:37 . 2011-07-20 09:30 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-23 01:37 . 2011-08-23 01:37 -------- d-----w- c:\programdata\Avira
2011-08-23 01:37 . 2011-08-23 01:37 -------- d-----w- c:\program files (x86)\Avira
2011-08-23 01:37 . 2011-07-20 09:30 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-22 19:44 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23AA05E0-D103-45DE-98DB-516EC11E9B2A}\mpengine.dll
2011-08-22 18:13 . 2011-08-22 18:27 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-17 02:27 . 2011-08-22 19:35 -------- d-----w- c:\users\Vatachie\AppData\Roaming\SUPERAntiSpyware.com
2011-08-17 02:26 . 2011-08-22 19:40 -------- d-----w- c:\programdata\!SASCORE
2011-08-14 00:02 . 2011-08-14 00:02 119808 ----a-w- c:\program files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll
2011-08-13 22:31 . 2011-08-22 19:41 -------- d-----w- c:\programdata\Win7codecs
2011-08-01 17:45 . 2011-08-01 17:45 1269248 ----a-w- c:\windows\SysWow64\VSFilter.dll
2011-07-30 09:57 . 2011-07-30 09:57 3999744 ----a-w- c:\windows\SysWow64\x264vfw.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 14:00 . 2011-05-14 07:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 17:06 . 2011-07-23 17:06 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-07-21 00:14 . 2011-07-21 00:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-21 00:14 . 2011-07-21 00:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-21 00:14 . 2011-07-21 00:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-21 00:14 . 2011-07-21 00:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-07-21 00:14 . 2011-07-21 00:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-07-21 00:14 . 2011-07-21 00:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-07-21 00:14 . 2011-07-21 00:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-07-21 00:14 . 2011-07-21 00:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-21 00:14 . 2011-07-21 00:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-07-21 00:14 . 2011-07-21 00:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-07-21 00:14 . 2011-07-21 00:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-07-21 00:14 . 2011-07-21 00:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-07-21 00:14 . 2011-07-21 00:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-21 00:14 . 2011-07-21 00:14 448512 ----a-w- c:\windows\system32\html.iec
2011-07-21 00:14 . 2011-07-21 00:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-21 00:14 . 2011-07-21 00:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-07-21 00:14 . 2011-07-21 00:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-07-21 00:14 . 2011-07-21 00:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-21 00:14 . 2011-07-21 00:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-21 00:14 . 2011-07-21 00:14 222208 ----a-w- c:\windows\system32\msls31.dll
2011-07-21 00:14 . 2011-07-21 00:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-21 00:14 . 2011-07-21 00:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-07-21 00:14 . 2011-07-21 00:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-07-21 00:14 . 2011-07-21 00:14 160256 ----a-w- c:\windows\system32\wextract.exe
2011-07-21 00:14 . 2011-07-21 00:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-07-21 00:14 . 2011-07-21 00:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-07-21 00:14 . 2011-07-21 00:14 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-21 00:14 . 2011-07-21 00:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-21 00:14 . 2011-07-21 00:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-21 00:14 . 2011-07-21 00:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-21 00:14 . 2011-07-21 00:14 12288 ----a-w- c:\windows\system32\mshta.exe
2011-07-21 00:14 . 2011-07-21 00:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-07-21 00:14 . 2011-07-21 00:14 114176 ----a-w- c:\windows\system32\admparse.dll
2011-07-21 00:14 . 2011-07-21 00:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-21 00:14 . 2011-07-21 00:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-07-21 00:14 . 2011-07-21 00:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-07-16 04:26 . 2011-08-11 09:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 17:56 . 2011-07-12 17:56 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-07-04 11:43 . 2011-07-20 23:44 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-03 20:48 . 2011-07-03 20:48 147456 ----a-w- c:\windows\SysWow64\lagarith.dll
2011-06-17 07:34 . 2011-06-17 07:34 73728 ----a-w- c:\windows\SysWow64\xvid.ax
2011-06-17 07:26 . 2011-06-17 07:26 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-06-17 07:17 . 2011-06-17 07:17 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-06-11 03:07 . 2011-07-20 23:50 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-29 07:11 . 2011-03-23 12:54 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-03-23 12:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-17 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"R577SO"="c:\program files (x86)\GIGABYTE\R577SO\R577SO.exe" [2010-04-08 192512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-14 30192]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-23 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-08-14 30192]
R3 gttap1;GoTrusted-x64 Adapter;c:\windows\system32\DRIVERS\gttap1.sys [x]
R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-17 140672]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 10:14]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 10:14]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355019367-3897208917-2597756600-1000Core.job
- c:\users\Vatachie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 22:20]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355019367-3897208917-2597756600-1000UA.job
- c:\users\Vatachie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-02 22:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.si/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vatachie\AppData\Roaming\Mozilla\Firefox\Profiles\egu9fne3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-GoTrusted - c:\program files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3355019367-3897208917-2597756600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3355019367-3897208917-2597756600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-23 12:53:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-23 10:53
.
Pre-Run: 17.735.049.216 bytes free
Post-Run: 21.791.088.640 bytes free
.
- - End Of File - - E7D9BBC86A6C86C0954FBE8D38636FFB


Aftre the ComboFix san, PC restarted still in Safe Mode with everything same as before.
 
I don't really see much there.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
It found no infection.

2011/08/24 02:54:22.0734 1676 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 02:54:22.0765 1676 ================================================================================
2011/08/24 02:54:22.0765 1676 SystemInfo:
2011/08/24 02:54:22.0765 1676
2011/08/24 02:54:22.0765 1676 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/24 02:54:22.0765 1676 Product type: Workstation
2011/08/24 02:54:22.0765 1676 ComputerName: VENTILATORRR
2011/08/24 02:54:22.0765 1676 UserName: Vatachie
2011/08/24 02:54:22.0765 1676 Windows directory: C:\Windows
2011/08/24 02:54:22.0765 1676 System windows directory: C:\Windows
2011/08/24 02:54:22.0765 1676 Running under WOW64
2011/08/24 02:54:22.0765 1676 Processor architecture: Intel x64
2011/08/24 02:54:22.0765 1676 Number of processors: 8
2011/08/24 02:54:22.0765 1676 Page size: 0x1000
2011/08/24 02:54:22.0765 1676 Boot type: Safe boot
2011/08/24 02:54:22.0765 1676 ================================================================================
2011/08/24 02:54:23.0186 1676 Initialize success
2011/08/24 02:54:27.0320 1708 ================================================================================
2011/08/24 02:54:27.0320 1708 Scan started
2011/08/24 02:54:27.0320 1708 Mode: Manual;
2011/08/24 02:54:27.0320 1708 ================================================================================
2011/08/24 02:54:27.0398 1708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/24 02:54:27.0601 1708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/24 02:54:27.0632 1708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/24 02:54:27.0679 1708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/24 02:54:27.0726 1708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/24 02:54:27.0757 1708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/24 02:54:27.0835 1708 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/24 02:54:27.0866 1708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/24 02:54:27.0913 1708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/24 02:54:27.0960 1708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/24 02:54:28.0006 1708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/24 02:54:28.0116 1708 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/24 02:54:28.0209 1708 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/24 02:54:28.0256 1708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/24 02:54:28.0303 1708 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/24 02:54:28.0334 1708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/24 02:54:28.0381 1708 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/24 02:54:28.0412 1708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/24 02:54:28.0443 1708 AppleCharger (ec36746e224a3431463ef8124ebf2fec) C:\Windows\system32\DRIVERS\AppleCharger.sys
2011/08/24 02:54:28.0474 1708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/24 02:54:28.0490 1708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/24 02:54:28.0506 1708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/24 02:54:28.0521 1708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/24 02:54:28.0568 1708 athur (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys
2011/08/24 02:54:28.0599 1708 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/08/24 02:54:28.0615 1708 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/24 02:54:28.0646 1708 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/24 02:54:28.0662 1708 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/24 02:54:28.0708 1708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/24 02:54:28.0724 1708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/24 02:54:28.0755 1708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/24 02:54:28.0786 1708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/24 02:54:28.0802 1708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/24 02:54:28.0818 1708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/24 02:54:28.0849 1708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/24 02:54:28.0864 1708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/24 02:54:28.0880 1708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/24 02:54:28.0896 1708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/24 02:54:28.0927 1708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/24 02:54:28.0942 1708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/24 02:54:28.0974 1708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/24 02:54:28.0989 1708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/24 02:54:29.0036 1708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/24 02:54:29.0052 1708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/24 02:54:29.0098 1708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/24 02:54:29.0114 1708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/24 02:54:29.0145 1708 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/24 02:54:29.0161 1708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/24 02:54:29.0176 1708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/24 02:54:29.0208 1708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/24 02:54:29.0239 1708 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/24 02:54:29.0286 1708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/24 02:54:29.0301 1708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/24 02:54:29.0317 1708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/24 02:54:29.0348 1708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/24 02:54:29.0395 1708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/24 02:54:29.0442 1708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/24 02:54:29.0520 1708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/24 02:54:29.0535 1708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/24 02:54:29.0582 1708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/24 02:54:29.0598 1708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/24 02:54:29.0613 1708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/24 02:54:29.0644 1708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/24 02:54:29.0660 1708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/24 02:54:29.0676 1708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/24 02:54:29.0722 1708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/24 02:54:29.0738 1708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/24 02:54:29.0754 1708 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/24 02:54:29.0785 1708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/24 02:54:29.0800 1708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/24 02:54:29.0832 1708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/24 02:54:29.0863 1708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/24 02:54:29.0894 1708 gttap1 (2efbcc1790c80af3d51501ed01ab2501) C:\Windows\system32\DRIVERS\gttap1.sys
2011/08/24 02:54:29.0925 1708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/24 02:54:29.0956 1708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/24 02:54:29.0972 1708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/24 02:54:29.0988 1708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/24 02:54:30.0019 1708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/24 02:54:30.0034 1708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/24 02:54:30.0050 1708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/24 02:54:30.0081 1708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/24 02:54:30.0112 1708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/24 02:54:30.0144 1708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/24 02:54:30.0159 1708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/24 02:54:30.0175 1708 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/24 02:54:30.0206 1708 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/24 02:54:30.0222 1708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/24 02:54:30.0284 1708 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/24 02:54:30.0315 1708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/24 02:54:30.0346 1708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/24 02:54:30.0362 1708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/24 02:54:30.0378 1708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/24 02:54:30.0409 1708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/24 02:54:30.0424 1708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/24 02:54:30.0456 1708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/24 02:54:30.0471 1708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/24 02:54:30.0502 1708 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
2011/08/24 02:54:30.0534 1708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/24 02:54:30.0549 1708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/24 02:54:30.0565 1708 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/24 02:54:30.0596 1708 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/24 02:54:30.0612 1708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/24 02:54:30.0627 1708 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/08/24 02:54:30.0658 1708 L8042mou (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/08/24 02:54:30.0674 1708 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/08/24 02:54:30.0690 1708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/24 02:54:30.0721 1708 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/08/24 02:54:30.0736 1708 LMouKE (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/08/24 02:54:30.0768 1708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/24 02:54:30.0783 1708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/24 02:54:30.0799 1708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/24 02:54:30.0814 1708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/24 02:54:30.0846 1708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/24 02:54:30.0861 1708 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/24 02:54:30.0877 1708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/24 02:54:30.0908 1708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/24 02:54:30.0924 1708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/24 02:54:30.0939 1708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/24 02:54:30.0970 1708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/24 02:54:30.0986 1708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/24 02:54:31.0002 1708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/24 02:54:31.0033 1708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/24 02:54:31.0048 1708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/24 02:54:31.0080 1708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/24 02:54:31.0095 1708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/24 02:54:31.0111 1708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/24 02:54:31.0142 1708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/24 02:54:31.0158 1708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/24 02:54:31.0173 1708 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/24 02:54:31.0204 1708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/24 02:54:31.0220 1708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/24 02:54:31.0236 1708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/24 02:54:31.0282 1708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/24 02:54:31.0298 1708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/24 02:54:31.0314 1708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/24 02:54:31.0345 1708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/24 02:54:31.0360 1708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/24 02:54:31.0376 1708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/24 02:54:31.0407 1708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/24 02:54:31.0423 1708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/24 02:54:31.0454 1708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/24 02:54:31.0470 1708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/24 02:54:31.0501 1708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/24 02:54:31.0532 1708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/24 02:54:31.0548 1708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/24 02:54:31.0579 1708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/24 02:54:31.0594 1708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/24 02:54:31.0610 1708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/24 02:54:31.0641 1708 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/24 02:54:31.0657 1708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/24 02:54:31.0688 1708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/24 02:54:31.0735 1708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/24 02:54:31.0766 1708 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/24 02:54:31.0797 1708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/24 02:54:31.0828 1708 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/08/24 02:54:31.0844 1708 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/08/24 02:54:31.0860 1708 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/24 02:54:31.0891 1708 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/24 02:54:31.0906 1708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/24 02:54:31.0922 1708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/24 02:54:31.0938 1708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/24 02:54:31.0969 1708 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/24 02:54:31.0984 1708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/24 02:54:32.0000 1708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/24 02:54:32.0031 1708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/24 02:54:32.0047 1708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/24 02:54:32.0078 1708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/24 02:54:32.0140 1708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/24 02:54:32.0156 1708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/24 02:54:32.0203 1708 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/24 02:54:32.0218 1708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/24 02:54:32.0265 1708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/24 02:54:32.0281 1708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/24 02:54:32.0296 1708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/24 02:54:32.0312 1708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/24 02:54:32.0343 1708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/24 02:54:32.0359 1708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/24 02:54:32.0374 1708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/24 02:54:32.0406 1708 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/24 02:54:32.0437 1708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/24 02:54:32.0452 1708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/24 02:54:32.0484 1708 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/24 02:54:32.0499 1708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/24 02:54:32.0530 1708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/24 02:54:32.0546 1708 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/24 02:54:32.0577 1708 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/24 02:54:32.0593 1708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/24 02:54:32.0624 1708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/24 02:54:32.0655 1708 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/24 02:54:32.0671 1708 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/24 02:54:32.0702 1708 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/08/24 02:54:32.0702 1708 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/08/24 02:54:32.0718 1708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/24 02:54:32.0749 1708 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/24 02:54:32.0780 1708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/24 02:54:32.0796 1708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/24 02:54:32.0842 1708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/24 02:54:32.0858 1708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/24 02:54:32.0874 1708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/24 02:54:32.0905 1708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/24 02:54:32.0920 1708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/24 02:54:32.0952 1708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/24 02:54:32.0967 1708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/24 02:54:32.0983 1708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/24 02:54:32.0998 1708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/24 02:54:33.0030 1708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/24 02:54:33.0045 1708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/24 02:54:33.0092 1708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/24 02:54:33.0108 1708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/24 02:54:33.0139 1708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/24 02:54:33.0170 1708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/24 02:54:33.0186 1708 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/24 02:54:33.0217 1708 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/24 02:54:33.0232 1708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/24 02:54:33.0279 1708 tap0901 (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
2011/08/24 02:54:33.0310 1708 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/24 02:54:33.0357 1708 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/24 02:54:33.0388 1708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/24 02:54:33.0420 1708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/24 02:54:33.0435 1708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/24 02:54:33.0466 1708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/24 02:54:33.0482 1708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/24 02:54:33.0529 1708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/24 02:54:33.0544 1708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/24 02:54:33.0591 1708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/24 02:54:33.0607 1708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/24 02:54:33.0638 1708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/24 02:54:33.0654 1708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/24 02:54:33.0669 1708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/24 02:54:33.0700 1708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/24 02:54:33.0732 1708 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/24 02:54:33.0747 1708 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/24 02:54:33.0778 1708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/24 02:54:33.0794 1708 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/24 02:54:33.0825 1708 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/24 02:54:33.0841 1708 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/24 02:54:33.0856 1708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/24 02:54:33.0872 1708 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/24 02:54:33.0888 1708 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/24 02:54:33.0919 1708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/24 02:54:33.0934 1708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/24 02:54:33.0966 1708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/24 02:54:34.0012 1708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/24 02:54:34.0028 1708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/24 02:54:34.0044 1708 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/24 02:54:34.0059 1708 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/24 02:54:34.0090 1708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/24 02:54:34.0106 1708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/24 02:54:34.0137 1708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/24 02:54:34.0153 1708 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/08/24 02:54:34.0168 1708 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/08/24 02:54:34.0184 1708 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/08/24 02:54:34.0215 1708 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
2011/08/24 02:54:34.0231 1708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/24 02:54:34.0262 1708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/24 02:54:34.0293 1708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/24 02:54:34.0309 1708 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/24 02:54:34.0340 1708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/24 02:54:34.0356 1708 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/24 02:54:34.0371 1708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/24 02:54:34.0402 1708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/24 02:54:34.0449 1708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/24 02:54:34.0480 1708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/24 02:54:34.0512 1708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/24 02:54:34.0558 1708 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/24 02:54:34.0590 1708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/24 02:54:34.0621 1708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/24 02:54:34.0652 1708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/24 02:54:34.0668 1708 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/24 02:54:34.0714 1708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/24 02:54:35.0198 1708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/08/24 02:54:35.0214 1708 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk6\DR6
2011/08/24 02:54:35.0260 1708 Boot (0x1200) (26748c72e5557cc214892412ab12248a) \Device\Harddisk0\DR0\Partition0
2011/08/24 02:54:35.0276 1708 Boot (0x1200) (738bcf3f631ca9f92cc079ce40900604) \Device\Harddisk0\DR0\Partition1
2011/08/24 02:54:35.0276 1708 Boot (0x1200) (65e0a862fd4269b88150f8bd5a377e20) \Device\Harddisk1\DR1\Partition0
2011/08/24 02:54:35.0292 1708 Boot (0x1200) (67ae28adbe847b1482d37424120d80a6) \Device\Harddisk6\DR6\Partition0
2011/08/24 02:54:35.0292 1708 ================================================================================
2011/08/24 02:54:35.0292 1708 Scan finished
2011/08/24 02:54:35.0292 1708 ================================================================================
2011/08/24 02:54:35.0307 1700 Detected object count: 0
2011/08/24 02:54:35.0307 1700 Actual detected object count: 0
 
I guess i have no viruses left?
Should i try this: start>run> type "msconfig", go to the "boot.ini" tab and deselect the option "/SAFEBOOT"
Or maybe try running disk scan?
 
While in Safe Mode...

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?
 
Maybe i should mention that the startup looks different. After the same sreens as in normal mode there is a screen of "Loading Windows Files" followed by the "windows is starting in the Safe mode", then windows load.

Aftert disabling stuff at services and startup tab and unchecking Safe boot at Boot tab windows load normally.

Is this everything? Can i reenable wanted startup and services?
My PC isn't infected for sure?
Do you recommend that i change all the passwords for gmail,..., various programs accounts? Is it possible they stole the numbers for my Visa Electron? I don't have the number saved anywhere on my PC or in gmail, but i bought some stuff from ebay, other sites in the past, although i mostly use paypal.
 
Now wait.
That was for testing purposes only.

Reverse all changes and try to restart normally again.
 
reenabling all the services and startup, leaving safe boot unchecked and my pc starts in normal mode with everything working.
 
Great ;)

Can you also answer me this:
Do you recommend that i change all the passwords for gmail,..., various programs accounts? Is it possible they stole the numbers for my Visa Electron?
 
Aaaa, Super :D
Thanx very much for the help, i really appreciate what you're doing, now more than ever, i got really scared because of this. You're like a computer doctor ;)

Thank You!
 
Status
Not open for further replies.

Similar threads

midian182
Facebook is trying to shake off its 'old person's platform' image
Replies
10
Views
700
Hodor
Hodor
Cal Jeffrey
PS VR2 works "out of the box" on PC but only in cinema mode
Replies
5
Views
673
MakeMSGreatAgain
M
midian182
Twitch streamer Amouranth launches her own AI bot that fans can chat with for $1 per minute
Replies
24
Views
1K
Thatsdisgusting
T

Latest posts

Back