Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Total Security but can't remove it


  • This topic is locked This topic is locked
8 replies to this topic

#1 r4recycle

r4recycle

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 08 September 2009 - 06:36 AM

Hi,
hoping I can get some help after trying various solutions that appear and have had no success.

I have a laptop that runs vista and it has been infected by something called "total security" - a malware program that keeps shutting down and re-starting the system. I have tried some of the obvious things like malawarebytes but it keeps closing it down. It seems to be a more intelligent version than some of the postings I have read as the files mentioned don't appear.
I have even tried the rename malawarebytes to winlogin.exe but it let's it run for 7 seconds then blocks it.

Can someone support me in fixing this please.

I do have my daughter's laptop that is clean so can access anything I need to help the problem.

Thanks in advance
Arthur

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 08 September 2009 - 11:06 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 r4recycle

r4recycle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 09 September 2009 - 05:11 AM

Thanks for your response.

I also got a message saying
"could not read the system registry, Please contact the author!"
and another saying
"unrecognized partition type 6 (0 x 6)!"

report below

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/09 07:22
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x90C7F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90C74000 Size: 45056 File Visible: No Signed: -
Status: -

Name: HDAudBus
Image Path: \Driver\HDAudBus
Address: 0x92973000 Size: 73728 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: HSF_DPV
Image Path: \Driver\HSF_DPV
Address: 0x96A01000 Size: 1060864 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: IntcAzAudAddService
Image Path: \Driver\IntcAzAudAddService
Address: 0x9640D000 Size: 1648512 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Modem
Image Path: \Driver\Modem
Address: 0x96BB8000 Size: 53248 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Parameters
Image Path: ControlSet\Services\ACPI\Parameters
Address: 0x93364000 Size: 249856 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x90CDC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srv2
Image Path: \FileSystem\srv2
Address: 0x929D1000 Size: 159744 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Tun Miniport Adapter

Image Path: Tun Miniport Adapter

Address: 0x933A1000 Size: 258048 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: win32k.sys:1
Image Path: C:\Windows\win32k.sys:1
Address: 0x90C91000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\Windows\win32k.sys:2
Address: 0x90C96000 Size: 61440 File Visible: No Signed: -
Status: -

Name: winachsf
Image Path: \Driver\winachsf
Address: 0x96B04000 Size: 737280 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: wpd_ci.mof
Image Path: m\wpd_ci.mof
Address: 0x929B9000 Size: 98304 File Visible: No Signed: -
Status: Hidden from the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

==EOF==

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 09 September 2009 - 03:44 PM

Download and Run Scan with SREng2

Please download SREng2 from here and save it to your desktop.
  • Please Extract it to Desktop. To do this, right-click on the Sreng2.zip file and select Extract All.... Follow the prompts to extract it. (Click here for information on how to do this if not sure. Win 2000 users click here. )
  • Open the Sreng2 folder and then Double-click on SREngLdr.exe to run it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan on the left side.
  • Make sure ALL the scan options there are checked and that Verify Digital Signatures of process modules is checked at the bottom as well.
  • Please close all open programs and applications except Sreng.
  • Now click on the Scan button.
  • Please be patient until the scan is complete. Once the scan is complete, please click on the Save Reports button.
  • Save the log file on your desktop and please post back with the contents of that log file in your next reply.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 r4recycle

r4recycle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 09 September 2009 - 05:39 PM

edited money manager to xxxxxxx

2009-09-09,23:35:07

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
	<????r><>  [N/A]
	<ehTray.exe><C:\Windows\ehome\ehTray.exe>  [(Verified)Microsoft Windows]
	<updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1>  [File is missing]
	<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe">  [(Verified)Google Inc]
	<Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [(Verified)Skype Technologies SA]
	<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows]
	<Monopod><C:\Users\Rob\AppData\Local\Temp\b.exe>  []
	<userinit><C:\Users\Rob\AppData\Roaming\sdra64.exe>  [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)Microsoft Windows]
	<RtHDVCpl><RtHDVCpl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<eDataSecurity Loader><C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe>  [(Verified)HiTRUST Inc.]
	<Acer Tour><>  [N/A]
	<SetPanel><>  [N/A]
	<LManager><C:\PROGRA~1\LAUNCH~1\LManager.exe>  [Dritek System Inc.]
	<WarReg_PopUp><C:\Acer\WR_PopUp\WarReg_PopUp.exe>  [Acer Inc.]
	<eRecoveryService><>  [N/A]
	<PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
	<GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
	<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
	<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
	<Windows Mobile Device Center><%windir%\WindowsMobile\wmdc.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<atwtusb><atwtusb.exe beta>  [N/A]
	<NokiaMServer><C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles>  [(Verified)NOKIA]
	<IgfxTray><C:\Windows\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<HotKeysCmds><C:\Windows\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Persistence><C:\Windows\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Google Quick Search Box><"C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun>  [(Verified)Google Inc]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe">  []
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<netc><C:\Windows\svc.exe>  []
	<odby><C:\Windows\odb.exe>  []
	<10418744><C:\ProgramData\10418744\10418744.exe>  []
	<vlc><C:\Windows\vlc.exe>  []
	<netx><C:\Windows\svx.exe>  []
	<wdmon><C:\Windows\wdmon.exe>  []
	<netw><C:\Windows\svw.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
	<Malwarebytes' Anti-Malware><C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent>  [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
	<WinlogonNotify: avldr><avldr.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
	<WinlogonNotify: klogon><C:\Windows\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\Windows\Acer.scr>  []

==================================
Startup Folders
[Empowering Technology Launcher]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk --> C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Nokia Nseries PC Suite]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk --> C:\PROGRA~1\Nokia\NNPCS\RUNLAU~1.EXE []><N>
[Empowering Technology Launcher]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk --> C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]><N>
[HP Digital Imaging Monitor]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Nokia Nseries PC Suite]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk --> C:\PROGRA~1\Nokia\NNPCS\RUNLAU~1.EXE []><N>

==================================
Services
[Kaspersky Internet Security / AVP][Stopped/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><N/A>
[##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Stopped/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><(File is missing)>
[eDataSecurity Service / eDataSecurity Service][Stopped/Auto Start]
  <"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"><HiTRSUT>
[eLock Service / eLockService][Stopped/Auto Start]
  <C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe><Acer Inc.>
[eNet Service / eNet Service][Stopped/Auto Start]
  <C:\Acer\Empowering Technology\eNet\eNet Service.exe><Acer Inc.>
[eRecovery Service / eRecoveryService][Stopped/Auto Start]
  <C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe><Acer Inc.>
[eSettings Service / eSettingsService][Stopped/Auto Start]
  <C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe><>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Google Software Updater / gusvc][Stopped/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[hpqcxs08 / hpqcxs08][Stopped/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Stopped/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Auto Start]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[MobilityService / MobilityService][Stopped/Auto Start]
  <C:\Acer\Mobility Center\MobilityService.exe -p><N/A>
[Net Driver HPZ12 / Net Driver HPZ12][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[Protexis Licensing V2 / PSI_SVC_2][Stopped/Auto Start]
  <"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"><Protexis Inc.>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Stopped/Auto Start]
  <"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[VJVodServices / vvdsvc][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k vvdsvc-->C:\Windows\system32\Nagasoft\vjocx.dll><??????????>
[ePower Service / WMIService][Stopped/Auto Start]
  <C:\Acer\Empowering Technology\ePower\ePowerSvc.exe><acer>
[XAudioService / XAudioService][Stopped/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Dritek General Port I/O / DritekPortIO][Stopped/System Start]
  <\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys><Dritek System Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[EMSCR / EMSCR][Running/Manual Start]
  <system32\DRIVERS\EMS7SK.sys><ENE Technology Inc.>
[ESDCR / ESDCR][Running/Manual Start]
  <system32\DRIVERS\ESD7SK.sys><ENE Technology Inc.>
[ESMCR / ESMCR][Running/Manual Start]
  <system32\DRIVERS\ESM7SK.sys><ENE Technology Inc.>
[FGUARD32 / FGUARD32][Stopped/Manual Start]
  <\??\C:\Program Files\Folder Guard Pro\FGUARD32.SYS><WinAbility® Software Corporation>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSFHWAZL / HSFHWAZL][Stopped/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Stopped/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Stopped/Manual Start]
  <system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[igfx / igfx][Stopped/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[int15 / int15][Stopped/Auto Start]
  <\??\C:\Acer\Empowering Technology\eRecovery\int15.sys><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[kl1 / kl1][Stopped/System Start]
  <system32\DRIVERS\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Stopped/Manual Start]
  <system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Stopped/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS 6 Filter / KLIM6][Stopped/System Start]
  <system32\DRIVERS\klim6.sys><Kaspersky Lab>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Stopped/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[PANDA NDIS IM Filter Miniport / NETIMFLT][Stopped/Manual Start]
  <system32\DRIVERS\netimflt.sys><N/A>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit / NETw3v32][Stopped/Manual Start]
  <system32\DRIVERS\NETw3v32.sys><Intel® Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
  <system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[PSDFilter / PSDFilter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\psdfilter.sys><HiTRUST>
[PSDNSERVER / PSDNServ][Running/Boot Start]
  <\SystemRoot\system32\drivers\PSDNServ.sys><HiTRUST>
[psdvdisk / psdvdisk][Running/Boot Start]
  <\SystemRoot\system32\drivers\psdvdisk.sys><HiTRUST>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Windows (R) Codename Longhorn DDK provider>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Windows (R) Codename Longhorn DDK provider>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[winachsf / winachsf][Stopped/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Stopped/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Freecorder Toolbar]
  {1392b8d2-5c05-419f-a8f6-b9f15a596612} <C:\Program Files\Freecorder\tbFree.dll, (Signed) Conduit Ltd.>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[]
  {5C255C8A-E604-49b4-9D64-90988571CECB} <, >
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[ShowBarObj Class]
  {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} <C:\Windows\system32\ActiveToolBand.dll, HiTRUST>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[Web traffic protection statistics]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\Windows\WindowsMobile\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\Windows\WindowsMobile\INetRepl.dll, (Signed) Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Acer eDataSecurity Management]
  {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} <C:\Windows\system32\eDStoolbar.dll, HiTRUST>
[Freecorder Toolbar]
  {1392b8d2-5c05-419f-a8f6-b9f15a596612} <C:\Program Files\Freecorder\tbFree.dll, (Signed) Conduit Ltd.>
[Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Facebook Photo Uploader 5 Control]
  {0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\Windows\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\Windows\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[Snapfish Activia]
  {406B5949-7190-4245-91A9-30A17DE16AD0} <C:\Windows\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>
[UploadListView Class]
  {474F00F5-3853-492C-AC3A-476512BBC336} <C:\Windows\Downloaded Program Files\UploaderX.dll, (Signed) >
[MySpace Uploader Control]
  {48DD0448-9209-4F81-9F6D-D83562940134} <C:\Windows\Downloaded Program Files\MySpaceUploader.ocx, MySpace, Inc.>
[Egg Money Manager Digital Safe]
  {4E62C4DE-627D-4604-B157-4B7D6B09F02E} <C:\Windows\Downloaded Program Files\accounttracking.dll, (Signed) eWise Systems Pty Ltd>
[System Requirements Lab Class]
  {5727FF4C-EF4E-4d96-A96C-03AD91910448} <C:\Windows\Downloaded Program Files\sysreqlab_ind.dll, (Signed) Husdawg, LLC>
[Java Plug-in 1.6.0_12]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[JamShellLinkX Control]
  {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[Java Plug-in 1.5.0_12]
  {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
  {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_12.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, >
[]
  {00000000-0000-0000-0000-000000000000} <, >
[Microsoft Outlook 8.0 Object Library]
  {0006F033-0000-0000-C000-000000000046} <, >
[Microsoft Office Outlook]
  {0006F03A-0000-0000-C000-000000000046} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[]
  {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} <, >
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[Microsoft Office Template and Media Control]
  {02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\PROGRA~1\MIC273~1\WEB2~1\Office12\IEAWSDC.DLL, (Signed) >
[]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, >
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[PhotoboxPhotowaysUploader5 Control]
  {0972B098-DEE9-4279-AC7E-4BAAA029102D} <C:\Windows\Downloaded Program Files\ImageUploader5.ocx, (Signed) PhotoBox Photoways>
[Facebook Photo Uploader 5 Control]
  {0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\Windows\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Freecorder Toolbar]
  {1392B8D2-5C05-419F-A8F6-B9F15A596612} <C:\Program Files\Freecorder\tbFree.dll, (Signed) Conduit Ltd.>
[]
  {166B1BCA-3F9C-11CF-8075-444553540000} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\Windows\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\Windows\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, >
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <, >
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {304171C0-65EA-4B51-B5D9-93A311E26EB1} <, >
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\Windows\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\Windows\system32\tdc.ocx, (Signed) Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
[Snapfish Activia]
  {406B5949-7190-4245-91A9-30A17DE16AD0} <C:\Windows\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>
[UploadListView Class]
  {474F00F5-3853-492C-AC3A-476512BBC336} <C:\Windows\Downloaded Program Files\UploaderX.dll, (Signed) >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[MySpace Uploader Control]
  {48DD0448-9209-4F81-9F6D-D83562940134} <C:\Windows\Downloaded Program Files\MySpaceUploader.ocx, MySpace, Inc.>
[TVAnts ActiveX Control]
  {4C833081-D026-4FF8-968F-7EAB660D2FBA} <C:\PROGRA~1\TVAnts\TvantsX.ocx, Zhejiang University>
[Egg Money Manager Digital Safe]
  {xxxxxxxxxxxxxxxxxxxxxxxxxxx} <C:\Windows\Downloaded Program Files\accounttracking.dll, (Signed) eWise Systems Pty Ltd>
[Microsoft Licensed Class Manager 1.0]
  {5220CB21-C88D-11CF-B347-00AA00A28331} <C:\Windows\system32\licmgr10.dll, (Signed) Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[System Requirements Lab Class]
  {5727FF4C-EF4E-4D96-A96C-03AD91910448} <C:\Windows\Downloaded Program Files\sysreqlab_ind.dll, (Signed) Husdawg, LLC>
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[JamShellComboX Control]
  {5999A3EE-E436-434A-A277-5A8A83CF3E98} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[InstallShield Update Service Agent]
  {5B7524C8-2446-40E9-9474-94A779DBA224} <C:\Windows\Downloaded Program Files\isusweb.dll, Macrovision Corporation>
[]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[Acer eDataSecurity Management]
  {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} <C:\Windows\system32\eDStoolbar.dll, HiTRUST>
[Microsoft Shell UI Helper]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[SWHTTPUploader Object]
  {7306A0C7-E97C-46CD-BBAD-0DD72CFD32CB} <C:\Windows\DOWNLO~1\SWHTTP~1.DLL, (Signed) SWSoft>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[ShowBarObj Class]
  {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} <C:\Windows\system32\ActiveToolBand.dll, HiTRUST>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
  {88D969C1-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
  {88D969C3-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
  {88D969E6-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XSL Template 5.0]
  {88D969E8-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Java Plug-in 1.6.0_12]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {917623D1-D8E5-11D2-BE8B-00104B06BDE3} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[VideoLAN VLC ActiveX Plugin v2]
  {9BE31822-FDAD-461B-AD51-BE1D1C159921} <C:\Program Files\VideoLAN\VLC\axvlc.dll, >
[JamShellListX Control]
  {9CDE10DA-6917-4FEA-9E89-9FBB451D8BC8} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[Skype Detection Object]
  {9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, >
[]
  {A8080502-0C9E-44BD-AE83-D44698E43992} <, >
[JamShellLinkX Control]
  {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\Windows\System32\msnetobj.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[]
  {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} <, >
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, (Signed) N/A>
[]
  {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <, >
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MIC273~1\WEB2~1\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[]
  {CAC677B6-4963-4305-9066-0BD135CD9233} <, >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AUDIO__X_MS_WAX Moniker Class]
  {CD3AFA83-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <, >
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Windows\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[VodClient Control Class]
  {D4003189-95B1-4A2F-9A87-F2B03665960D} <C:\Windows\system32\Nagasoft\vjocx.dll, ??????????>
[]
  {D6A5A215-FBF3-45E5-ABF8-22FF50916184} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Expression\Web 2\Office12\NAME.DLL, (Signed) Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[JScript Language]
  {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll, (Signed) Kaspersky Lab>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, (Signed) RealNetworks, Inc.>
[JamShellTreeX Control]
  {FEF7EDB0-837D-429B-8FD0-EF890F70C5B3} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 256 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 380 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 416 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 424 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll]  [N/A, ]
[PID: 468 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 500 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll]  [N/A, ]
[PID: 512 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 520 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 664 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 720 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll]  [N/A, ]
[PID: 764 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 844 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll]  [N/A, ]
[PID: 872 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 924 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1112 / Rob][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\SmartFTP Client\sfShellTools.dll]  [SmartSoft Ltd, 1.0.4.1]
	[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 84, 83, 7]
	[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 84, 100, 4]
	[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr]  [Nokia, 6, 84, 51, 0]
	[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 84, 15, 1]
	[C:\Windows\system32\CryptoAPI.dll]  [HiTRUST, 2, 2, 0, 34]
	[C:\Program Files\Freecorder\tbFree.dll]  [Conduit Ltd., 4, 5, 186, 4]
[PID: 1076 / Rob][C:\Users\Rob\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 856 / Rob][C:\Users\Rob\Desktop\SREfd93f932.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Users\Rob\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll]  [N/A, ]
	[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.506]
	[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.506]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
::1			 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Edited by r4recycle, 09 September 2009 - 05:47 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 09 September 2009 - 05:49 PM

I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 6. Don't worry about the DDS log. Just post the RootRepeal and System Repair Engineer logs.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 r4recycle

r4recycle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 09 September 2009 - 06:20 PM

Thanks I have done as you have instructed. Would you just check that it is okay and I have'nt missed anything?

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 09 September 2009 - 06:32 PM

Your post looks okay. Unfortunately they are VERY busy in the HijackThis forum at the moment so it may take a while before someone gets around to your log. Good luck.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:09 PM

Posted 09 September 2009 - 07:43 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/256508/infected-with-total-security-virus/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users