Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus soft and blue screen


  • This topic is locked This topic is locked
9 replies to this topic

#1 nevetsx

nevetsx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 19 March 2010 - 07:11 AM

desk top contracted antivirus soft tried using reimage to remove (mistake) and have been working at removal for several days. i was able to correct most problems but there is still part of this thing left. the pc is now glitchy and freezes up randomly and really enjoys the blue screen with IRQL_NOT+LESS_OR_EQUAL 0x000000a very frustrating.
here are the initial logs.

Attached Files

  • Attached File  DDS.txt   23.32KB   8 downloads
  • Attached File  Attach.txt   15.24KB   10 downloads
  • Attached File  ark.txt   219.58KB   7 downloads


BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 19 March 2010 - 07:27 AM

Hi there smile.gif

If you already have a copy of ComboFix, please delete it.

Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3





IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 nevetsx

nevetsx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 19 March 2010 - 08:02 PM

O.K. it took a few minutes (about 5 hours) to trick my pc into letting combofix (cleverly renamed help) into running with out going to blue screen. side note ( I manually made a slip stream copy of windows xp with service pack 2 and loaded it on my pc prior to running combo fix because the pc would go to blue screen (tech stop info 0x000007f, (0x000000000d,oxoooooooo,oxoooooooo,oxooooooo) while trying to load the recovery console so if allowed by the form I would be happy to down load a that CD to the form. combo fix ran no problem after that here are the results.


ComboFix 10-03-18.02 - Steven 03/19/2010 20:28:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1721 [GMT -5:00]
Running from: c:\documents and settings\Steven\Desktop\help.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Steven\LOCALS~1\Temp\install_flash_player.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys
.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 00:55 . 2010-03-20 01:03 -------- d-----w- C:\I386
2010-03-18 04:10 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-03-18 04:10 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-03-18 04:10 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-03-18 04:10 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-03-18 04:10 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-03-18 04:09 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-03-18 04:09 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-03-18 04:09 . 2004-08-04 05:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-03-18 04:09 . 2004-08-04 05:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-03-18 04:09 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-03-18 04:06 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-03-18 04:05 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-03-18 04:04 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-03-18 04:03 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-03-18 04:02 . 2008-04-14 00:12 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-03-18 04:01 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-03-18 04:01 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-03-18 03:58 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-03-18 03:58 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-03-18 03:57 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-03-18 03:57 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-03-18 03:55 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-03-18 03:55 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-03-18 03:55 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-03-18 03:54 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-03-18 03:54 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-03-18 03:53 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-03-18 03:53 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-03-18 03:53 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-03-18 03:52 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-03-18 03:52 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-03-18 03:52 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-03-18 03:52 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-03-18 03:52 . 2001-08-17 17:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-03-18 03:52 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2010-03-18 03:52 . 2001-08-17 17:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-03-18 03:52 . 2001-08-18 03:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-03-18 03:52 . 2001-08-18 03:36 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-03-18 03:52 . 2001-08-17 17:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2010-03-18 03:52 . 2004-08-04 05:39 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-03-18 03:50 . 2001-08-17 17:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-03-18 03:50 . 2001-08-18 03:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-03-18 03:50 . 2008-04-14 00:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-03-18 03:50 . 2008-04-14 00:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2010-03-18 03:49 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-03-18 03:49 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-03-18 03:47 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-03-18 03:47 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-03-18 03:47 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-03-18 03:47 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-03-18 03:47 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-03-18 03:47 . 2001-08-17 18:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-03-18 03:47 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-03-18 03:47 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-03-18 03:47 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-03-18 03:47 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-03-18 03:46 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-03-18 03:46 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-03-18 03:46 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-03-18 03:46 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-03-18 03:46 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-03-18 03:46 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-03-18 03:41 . 2004-08-04 05:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-03-18 03:41 . 2008-04-14 00:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-03-18 03:41 . 2001-08-17 17:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-03-18 03:41 . 2001-08-17 19:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-03-18 03:41 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-03-18 03:41 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-18 03:36 . 2001-08-17 18:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-03-18 03:36 . 2001-08-17 18:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-03-18 03:36 . 2001-08-17 18:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2010-03-18 03:36 . 2001-08-17 18:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2010-03-18 03:36 . 2001-08-17 18:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2010-03-18 03:36 . 2001-08-17 18:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-03-18 03:36 . 2001-08-17 18:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-03-18 03:36 . 2001-08-18 03:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-03-18 03:36 . 2001-08-17 18:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2010-03-18 03:34 . 2008-04-13 18:40 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2010-03-18 03:34 . 2001-08-17 18:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2010-03-18 03:34 . 2001-08-17 18:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-03-18 03:34 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-03-18 03:34 . 2008-04-13 18:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-03-18 03:34 . 2001-08-17 17:49 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2010-03-18 03:34 . 2001-08-17 19:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-03-18 03:34 . 2001-08-17 17:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-03-18 03:34 . 2001-08-17 19:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-03-18 03:34 . 2001-08-17 17:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2010-03-18 03:33 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-03-18 03:33 . 2001-08-17 17:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-03-18 03:33 . 2001-08-17 17:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-03-18 03:33 . 2001-08-17 17:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-03-18 03:33 . 2001-08-17 17:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-03-18 03:33 . 2001-08-17 17:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-03-18 03:33 . 2004-08-04 05:31 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-03-18 03:33 . 2001-08-18 03:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-03-18 03:31 . 2001-08-17 18:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2010-03-18 03:30 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-03-18 03:30 . 2001-08-17 17:12 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-03-18 03:30 . 2001-08-17 17:12 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2010-03-18 03:30 . 2001-08-17 17:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-03-18 03:28 . 2001-08-17 17:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2010-03-18 03:27 . 2001-08-18 03:36 80896 -c--a-w- c:\windows\system32\dllcache\dc210usd.dll
2010-03-18 03:27 . 2001-08-18 03:36 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2010-03-18 03:27 . 2001-08-17 18:52 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
2010-03-18 03:27 . 2001-08-17 18:52 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys
2010-03-18 03:27 . 2001-08-17 17:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2010-03-18 03:27 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-03-18 03:27 . 2001-08-17 18:50 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys
2010-03-18 03:27 . 2001-08-18 03:36 27136 -c--a-w- c:\windows\system32\dllcache\cyzcoins.dll
2010-03-18 03:27 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyyports.dll
2010-03-18 03:27 . 2001-08-17 18:50 50176 -c--a-w- c:\windows\system32\dllcache\cyyport.sys
2010-03-18 03:27 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2010-03-18 03:27 . 2001-08-17 18:50 14848 -c--a-w- c:\windows\system32\dllcache\cyclom-y.sys
2010-03-18 03:25 . 2001-08-17 17:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-03-18 03:25 . 2001-08-18 03:36 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2010-03-18 03:25 . 2001-08-17 18:51 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2010-03-18 03:25 . 2001-08-17 18:51 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2010-03-18 03:25 . 2001-08-17 18:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-03-18 03:25 . 2001-08-17 19:56 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2010-03-18 03:25 . 2001-08-17 19:56 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2010-03-18 03:25 . 2001-08-17 18:57 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2010-03-18 03:25 . 2001-08-17 19:56 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2010-03-18 03:25 . 2001-08-17 19:02 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2010-03-18 03:25 . 2001-08-17 17:13 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 13:08 . 2010-01-24 13:41 -------- d-----w- c:\program files\Free Window Registry Repair
2010-03-17 12:57 . 2009-07-07 10:14 -------- d-----w- c:\program files\thinkorswim
2010-03-12 03:20 . 2010-03-12 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-03-12 03:20 . 2010-03-12 03:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-03-07 14:38 . 2004-08-04 07:56 897024 ----a-w- c:\windows\system32\wmspdmoe.dll
2010-03-07 14:36 . 2001-08-23 12:00 6656 ----a-w- c:\windows\system32\laprxy.dll
2010-03-07 14:36 . 2001-08-23 12:00 29696 ----a-w- c:\windows\system32\mimefilt.dll
2010-03-07 14:36 . 2001-08-23 12:00 103936 ----a-w- c:\windows\system32\logagent.exe
2010-03-07 14:36 . 2009-07-07 13:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-07 14:36 . 2001-08-23 12:00 695808 ----a-w- c:\windows\system32\drmv2clt.dll
2010-03-07 14:36 . 2001-08-23 12:00 87040 ----a-w- c:\windows\system32\drmstor.dll
2010-03-07 14:36 . 2001-08-23 12:00 299520 ----a-w- c:\windows\system32\drmclien.dll
2010-03-07 14:36 . 2001-08-23 12:00 286720 ----a-w- c:\windows\system32\blackbox.dll
2010-03-07 14:36 . 2001-08-23 12:00 159232 ----a-w- c:\windows\system32\cewmdm.dll
2010-03-07 13:55 . 2001-08-23 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-07 13:55 . 2001-08-17 13:48 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-06 20:27 . 2009-07-18 19:21 90112 ----a-w- c:\windows\DUMPb7a2.tmp
2010-03-02 23:58 . 2009-07-07 11:24 3172 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-05 15:39 . 2010-02-05 15:39 251376 ------w- c:\documents and settings\Steven\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-01-23 14:12 . 2010-01-23 14:12 -------- d-----w- c:\documents and settings\Steven\Application Data\ArcSoft
2010-01-23 14:11 . 2010-01-23 13:57 -------- d-----w- c:\documents and settings\Steven\Application Data\EPSON
2010-01-23 13:02 . 2010-01-23 12:46 -------- d-----w- c:\program files\EPSON
2010-01-23 12:59 . 2010-01-23 12:59 -------- d-----w- c:\program files\ArcSoft
2010-01-23 12:59 . 2009-07-07 14:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:59 . 2010-01-23 12:59 -------- d-----w- c:\program files\Common Files\Python
2010-01-23 12:47 . 2010-01-23 12:47 -------- d-----w- c:\program files\Common Files\EPSON
2010-01-19 23:28 . 2009-07-07 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-01-18 01:02 . 2010-01-18 01:02 5115824 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-07 21:07 . 2009-07-17 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-07-17 13:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 17:52 . 2009-12-24 17:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"SiS KHooker"="c:\windows\system32\khooker.exe" [2001-08-11 266499]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Steven\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-30 813584]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
TruDirectTray.lnk - c:\program files\TruDirect\TruDirectTray.exe [2008-2-18 421888]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Steven\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Steven\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/30/2009 21:21 10384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/7/2009 04:52 845184]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/17/2009 08:39 38224]
S3 SiS300;SiS300;c:\windows\system32\drivers\sis300p.sys [7/8/2009 05:12 108672]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1844237615-839522115-1003Core.job
- c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-19 19:39]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1844237615-839522115-1003UA.job
- c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-19 19:39]

2010-03-18 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Steven.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-17 21:07]

2010-03-18 c:\windows\Tasks\Malwarebytes' Scheduled Update for Steven.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-17 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SiS Tray - c:\windows\system32\sistray.EXE
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 20:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
"DisplayName"="??H\17?\11\09"
"DeviceDesc"="??H\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2968)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
.
**************************************************************************
.
Completion time: 2010-03-19 20:59:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 01:58

Pre-Run: 95,376,793,600 bytes free
Post-Run: 96,217,636,864 bytes free

- - End Of File - - 1A16C734A26F3C9BFCDD75D7DD8859E7


#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 20 March 2010 - 04:41 AM

Hi,

That looks better, let's continue cleaning.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

DirLook::
c:\program files\Free Window Registry Repair
c:\program files\thinkorswim


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post ComboFix.txt in your next reply.[/list]


Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.
  • Please go here then click on:
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Let me know how things are running now.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 nevetsx

nevetsx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 20 March 2010 - 02:51 PM

O.K. here are the logs from the last 2 scans computer is better no blue screens thumbup.gif still a trifle slow at times. i am actually able to post this reply with it. had to post the combo fix in an attachment the system said the post was to long other wise.





ESET LOG


C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\4WBO80Y8\oH02f08ec4V0100f070006R182a887a102T497c30af201l0409K77442b16317[1].pdf JS/Exploit.Pdfka.NUI trojan
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\U3XF9QVJ\KAV2[1].htm JS/Exploit.Agent.NBA trojan
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP261\A0034134.exe a variant of Win32/Adware.SpywareRemover.B application
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP262\A0036332.exe a variant of Win32/Adware.SpywareRemover.B application
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP263\A0036781.exe a variant of Win32/Adware.SpywareRemover.B application
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP263\A0036818.exe a variant of Win32/Adware.SpywareRemover.B application
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP336\A0085581.dll probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP337\A0087517.dll probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP338\A0092472.dll probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP338\A0094542.dll probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{4B4B74D2-550D-473F-B625-A12DB14E24AD}\RP342\A0111510.sys Win32/Olmarik.TM trojan

Attached Files

  • Attached File  log.txt   247KB   5 downloads


#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 21 March 2010 - 06:17 AM

Hi,

That's much better. Most of the items that ESET found will be cleared when we flush System Restore at the end, and we'll deal with the top two now.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


Is it just the slowness you have left now? Please post a new DDS log so we can see if there's anything we can do for that.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 nevetsx

nevetsx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 21 March 2010 - 07:22 AM

hysterical.gif Happy system just like the day i built it JP rocks, here are the dds logs.
many thanks to the creator of this blog and all that help here.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2009 09:40:49
System Uptime: 3/21/2010 07:52:41 (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | M3A78
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5800+ | AM2 | 3013/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 128 GiB total, 89.165 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP227: 12/18/2009 07:02:34 - System Checkpoint
RP228: 12/19/2009 08:02:33 - System Checkpoint
RP229: 12/20/2009 09:02:32 - System Checkpoint
RP230: 12/21/2009 06:59:22 - Restore Operation
RP231: 12/21/2009 07:16:11 - Software Distribution Service 3.0
RP232: 12/21/2009 07:48:27 - Software Distribution Service 3.0
RP233: 12/22/2009 07:59:19 - System Checkpoint
RP234: 12/23/2009 08:23:30 - System Checkpoint
RP235: 12/24/2009 08:52:32 - System Checkpoint
RP236: 12/25/2009 09:51:27 - System Checkpoint
RP237: 12/26/2009 10:51:27 - System Checkpoint
RP238: 12/27/2009 11:51:27 - System Checkpoint
RP239: 12/28/2009 12:38:50 - System Checkpoint
RP240: 12/29/2009 13:38:47 - System Checkpoint
RP241: 12/30/2009 17:01:05 - System Checkpoint
RP242: 12/31/2009 17:07:21 - System Checkpoint
RP243: 1/1/2010 17:41:02 - System Checkpoint
RP244: 1/2/2010 17:42:29 - System Checkpoint
RP245: 1/3/2010 18:07:15 - System Checkpoint
RP246: 1/4/2010 19:07:12 - System Checkpoint
RP247: 1/5/2010 19:20:51 - System Checkpoint
RP248: 1/6/2010 20:19:21 - System Checkpoint
RP249: 1/7/2010 20:33:13 - System Checkpoint
RP250: 1/8/2010 22:07:24 - System Checkpoint
RP251: 1/9/2010 23:08:28 - System Checkpoint
RP252: 1/10/2010 23:19:23 - System Checkpoint
RP253: 1/12/2010 00:19:23 - System Checkpoint
RP254: 1/13/2010 01:07:32 - System Checkpoint
RP255: 1/14/2010 01:08:13 - System Checkpoint
RP256: 1/15/2010 02:08:11 - System Checkpoint
RP257: 1/16/2010 02:20:11 - System Checkpoint
RP258: 1/17/2010 03:20:10 - System Checkpoint
RP259: 1/17/2010 07:33:37 - Installed MalwareBot
RP260: 1/17/2010 07:53:23 - Removed MalwareBot
RP261: 1/17/2010 07:55:44 - Restore Operation
RP262: 1/17/2010 16:44:51 - Restore Operation
RP263: 1/17/2010 17:41:17 - Restore Operation
RP264: 1/18/2010 18:14:48 - System Checkpoint
RP265: 1/19/2010 18:28:08 - Removed WinZip 12.1
RP266: 1/20/2010 18:59:19 - System Checkpoint
RP267: 1/21/2010 19:32:39 - System Checkpoint
RP268: 1/22/2010 20:19:09 - System Checkpoint
RP269: 1/23/2010 07:45:42 - Installed EPSON TWAIN 5
RP270: 1/23/2010 07:49:39 - Installed Smart Panel
RP271: 1/23/2010 07:51:40 - Installed Smart Panel
RP272: 1/23/2010 07:52:22 - Installed Applet_Web
RP273: 1/23/2010 07:52:53 - Installed ScanToWeb
RP274: 1/23/2010 07:53:27 - Installed Applet_Epp
RP275: 1/23/2010 07:53:58 - Installed EPSON Photo Print
RP276: 1/23/2010 07:54:35 - Installed Applet_Creativity
RP277: 1/23/2010 07:55:07 - Installed Applet_File
RP278: 1/23/2010 07:55:43 - Installed Applet_Copy
RP279: 1/23/2010 07:56:13 - Installed EPSON Copy Utility
RP280: 1/23/2010 07:56:58 - Installed Applet_Ocr
RP281: 1/23/2010 07:57:31 - Installed Applet_Email
RP282: 1/23/2010 07:58:02 - Installed Applet_App
RP283: 1/23/2010 07:58:34 - Installed Applet_CopyToFax
RP284: 1/23/2010 07:59:06 - Installed Python
RP285: 1/24/2010 08:32:48 - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP286: 1/25/2010 09:05:36 - System Checkpoint
RP287: 1/26/2010 10:47:57 - System Checkpoint
RP288: 1/27/2010 11:15:12 - System Checkpoint
RP289: 1/28/2010 12:28:53 - System Checkpoint
RP290: 1/29/2010 12:51:34 - System Checkpoint
RP291: 1/30/2010 13:51:35 - System Checkpoint
RP292: 1/31/2010 14:20:01 - System Checkpoint
RP293: 2/1/2010 14:23:47 - System Checkpoint
RP294: 2/2/2010 14:40:12 - System Checkpoint
RP295: 2/3/2010 15:10:38 - System Checkpoint
RP296: 2/4/2010 16:03:49 - System Checkpoint
RP297: 2/5/2010 17:08:07 - System Checkpoint
RP298: 2/6/2010 17:53:07 - System Checkpoint
RP299: 2/7/2010 18:13:34 - System Checkpoint
RP300: 2/8/2010 19:13:32 - System Checkpoint
RP301: 2/9/2010 20:14:36 - System Checkpoint
RP302: 2/10/2010 21:29:37 - System Checkpoint
RP303: 2/11/2010 22:14:38 - System Checkpoint
RP304: 2/12/2010 23:13:32 - System Checkpoint
RP305: 2/14/2010 00:13:32 - System Checkpoint
RP306: 2/15/2010 01:13:41 - System Checkpoint
RP307: 2/16/2010 02:13:43 - System Checkpoint
RP308: 2/17/2010 03:13:42 - System Checkpoint
RP309: 2/18/2010 03:14:47 - System Checkpoint
RP310: 2/19/2010 04:13:42 - System Checkpoint
RP311: 2/20/2010 04:33:53 - System Checkpoint
RP312: 2/21/2010 05:33:50 - System Checkpoint
RP313: 2/22/2010 06:33:56 - System Checkpoint
RP314: 2/23/2010 07:44:13 - Restore Operation
RP315: 2/23/2010 07:50:25 - Restore Operation
RP316: 2/24/2010 07:55:35 - System Checkpoint
RP317: 2/25/2010 08:54:03 - System Checkpoint
RP318: 2/26/2010 09:52:59 - System Checkpoint
RP319: 2/27/2010 10:53:21 - System Checkpoint
RP320: 2/28/2010 10:54:04 - System Checkpoint
RP321: 3/1/2010 10:59:59 - System Checkpoint
RP322: 3/2/2010 05:41:14 - Restore Operation
RP323: 3/3/2010 08:32:57 - System Checkpoint
RP324: 3/4/2010 09:28:21 - System Checkpoint
RP325: 3/4/2010 16:48:19 - Restore Operation
RP326: 3/5/2010 18:56:32 - System Checkpoint
RP327: 3/6/2010 19:04:48 - Installed AutoStreamer
RP328: 3/7/2010 10:20:58 - Removed AutoStreamer
RP329: 3/8/2010 05:43:16 - Installed AutoStreamer
RP330: 3/10/2010 13:53:01 - Installed Seagate DiscWizard
RP331: 3/11/2010 18:38:57 - System Checkpoint
RP332: 3/11/2010 21:54:30 - Removed AutoStreamer
RP333: 3/11/2010 21:56:16 - Removed Seagate DiscWizard
RP334: 3/11/2010 22:19:11 - Installed Norton Ghost.
RP335: 3/12/2010 17:44:21 - Removed Norton Ghost.
RP336: 3/16/2010 22:58:42 - Restore Operation
RP337: 3/17/2010 06:35:58 - Restore Operation
RP338: 3/17/2010 08:37:21 - Restore Operation
RP339: 3/17/2010 10:00:43 - test
RP340: 3/17/2010 10:05:20 - Restore Operation
RP341: 3/18/2010 05:35:11 - Removed Snagit 9.1.2
RP342: 3/18/2010 05:44:20 - Removed Snagit 9.1.2
RP343: 3/20/2010 07:50:01 - ComboFix created restore point

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
Bonjour
CDDRV_Installer
erLT
Google Chrome
Google Talk Plugin
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Image Web Server 8.1 IE Plugins (Build:3,4,0,242)
iTunes
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
MSXML 6.0 Parser (KB933579)
Nero 8 Essentials
neroxml
NinjaTrader 6.5
NVIDIA Drivers
NVIDIA PhysX v8.10.13
Platform
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Safari
Security Update for Windows Internet Explorer 8 (KB969897)
SiS305_305 V1.13c
thinkorswim
TruDirect
Update for Windows Internet Explorer 8 (KB971930)
VCRedistSetup
VIA Platform Device Manager
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Search 4.0
Windows XP Service Pack 3
WinZip 12.1

==== Event Viewer Messages From Past Week ========

3/19/2010 20:27:40, information: Windows File Protection [64004] - The protected system file atapi.sys could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x000006b5 [The interface is unknown. ].
3/19/2010 19:49:08, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
3/19/2010 13:49:51, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 0000001c, parameter3 00000001, parameter4 80502376.
3/19/2010 07:04:10, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'ark.txt' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/18/2010 23:52:49, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
3/18/2010 20:40:56, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 00:21:63:A2:76:BD. Network operations on this system may be disrupted as a result.
3/18/2010 18:48:37, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 002354D7601C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/17/2010 23:10:39, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
3/17/2010 22:10:46, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2010 22:09:31, information: Windows File Protection [64016] - Windows File Protection file scan was started.
3/17/2010 21:45:04, error: System Error [1003] - Error code 1000000a, parameter1 ad2af000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.
3/17/2010 19:49:22, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/17/2010 19:35:42, error: System Error [1003] - Error code 1000000a, parameter1 00000054, parameter2 0000001c, parameter3 00000001, parameter4 80502cb0.
3/17/2010 19:24:15, error: System Error [1003] - Error code 1000000a, parameter1 ffffffe0, parameter2 00000002, parameter3 00000000, parameter4 805373d2.
3/17/2010 19:04:50, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 8c5cabc4, parameter3 8c5ca8c0, parameter4 805beb1b.
3/17/2010 18:56:39, error: System Error [1003] - Error code 100000c5, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 8054bfd2.
3/17/2010 18:55:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/17/2010 18:55:00, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/17/2010 18:34:19, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a753668, parameter3 8a7537dc, parameter4 805d2970.
3/17/2010 14:05:11, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/17/2010 14:05:11, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/17/2010 14:04:56, error: System Error [1003] - Error code 1000000a, parameter1 ac8af000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.
3/17/2010 14:04:05, error: Service Control Manager [7022] - The Windows Search service hung on starting.
3/17/2010 13:17:51, error: System Error [1003] - Error code 1000000a, parameter1 ad10a000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.
3/17/2010 12:34:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
3/17/2010 10:13:42, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/17/2010 09:45:56, error: System Error [1003] - Error code 1000000a, parameter1 ace78000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.
3/17/2010 09:45:44, error: System Error [1003] - Error code 1000000a, parameter1 af279000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.
3/17/2010 09:45:00, error: System Error [1003] - Error code 1000000a, parameter1 8f6ca000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.
3/17/2010 07:18:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/17/2010 07:15:43, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
3/17/2010 07:15:43, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2010 07:15:43, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2010 07:15:43, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2010 07:15:43, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2010 07:15:43, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2010 07:15:43, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2010 07:15:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/17/2010 06:38:19, error: System Error [1003] - Error code 1000000a, parameter1 acda4000, parameter2 00000006, parameter3 00000000, parameter4 806ecb12.

==== End Of File ===========================




DDS (Ver_10-03-17.01) - NTFSx86
Run by Steven at 8:12:00.56 on Sun 03/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2772 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TruDirect\TruDirectTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Steven\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\steven\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [SiS KHooker] c:\windows\system32\khooker.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\steven\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246933481817
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/NCS.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-11-30 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-17 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-17 19160]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-7 845184]
S3 SiS300;SiS300;c:\windows\system32\drivers\sis300p.sys [2009-7-8 108672]

=============== Created Last 30 ================

2010-03-20 01:17:36 98816 ----a-w- c:\windows\sed.exe
2010-03-20 01:17:36 77312 ----a-w- c:\windows\MBR.exe
2010-03-20 01:17:36 261632 ----a-w- c:\windows\PEV.exe
2010-03-20 01:17:36 161792 ----a-w- c:\windows\SWREG.exe
2010-03-20 01:07:42 0 d-sha-r- C:\cmdcons
2010-03-20 01:07:22 0 d-----w- c:\windows\setupupd
2010-03-20 00:55:59 0 d-----w- C:\I386
2010-03-18 10:55:29 0 ----a-w- c:\documents and settings\steven\defogger_reenable
2010-03-18 04:10:37 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-03-18 04:10:37 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-03-18 04:10:36 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-03-18 04:10:36 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-03-18 04:10:35 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-03-18 04:09:41 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-03-18 04:09:41 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-03-18 04:09:40 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-03-18 04:09:38 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-03-18 04:09:25 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-03-18 04:09:24 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-03-18 04:06:57 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-03-18 04:05:57 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-03-18 04:04:19 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-03-18 04:03:53 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-03-18 04:02:58 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-03-18 04:01:15 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-03-18 04:01:15 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-03-18 03:58:31 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-03-18 03:58:15 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-03-18 03:57:34 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-03-18 03:57:28 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-03-18 03:55:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-03-18 03:55:23 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-03-18 03:55:22 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-03-18 03:55:21 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-03-18 03:54:42 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-03-18 03:54:09 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-03-18 03:53:51 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-03-18 03:53:21 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-03-18 03:53:00 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-03-18 03:52:59 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-03-18 03:52:48 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-03-18 03:52:48 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-03-18 03:52:47 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-03-18 03:52:39 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-03-18 03:52:21 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2010-03-18 03:52:12 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-03-18 03:52:11 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-03-18 03:52:10 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-03-18 03:52:07 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2010-03-18 03:52:05 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-03-18 03:50:58 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-03-18 03:50:45 47066 -c--a-w- c:\windows\system32\dllcache\ksc.nls
2010-03-18 03:50:42 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-03-18 03:50:19 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-03-18 03:50:18 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2010-03-18 03:49:18 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-03-18 03:49:17 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-03-18 03:47:38 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-03-18 03:47:37 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-03-18 03:47:37 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-03-18 03:47:36 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-03-18 03:47:08 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-03-18 03:47:07 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-03-18 03:47:05 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-03-18 03:47:04 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-03-18 03:47:03 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-03-18 03:47:00 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-03-18 03:46:29 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-03-18 03:46:27 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-03-18 03:46:26 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-03-18 03:46:24 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-03-18 03:46:21 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-03-18 03:46:19 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-03-18 03:41:57 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-03-18 03:41:56 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-03-18 03:41:55 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-03-18 03:41:52 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-03-18 03:41:51 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-03-18 03:41:48 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-18 03:36:08 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-03-18 03:36:07 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-03-18 03:36:06 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2010-03-18 03:36:06 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2010-03-18 03:36:04 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2010-03-18 03:36:03 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-03-18 03:36:02 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-03-18 03:36:01 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-03-18 03:36:00 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2010-03-18 03:34:52 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2010-03-18 03:34:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2010-03-18 03:34:48 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-03-18 03:34:26 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-03-18 03:34:25 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-03-18 03:34:24 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2010-03-18 03:34:22 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-03-18 03:34:21 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-03-18 03:34:20 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-03-18 03:34:19 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2010-03-18 03:33:40 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-03-18 03:33:38 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-03-18 03:33:34 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-03-18 03:33:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-03-18 03:33:13 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-03-18 03:33:12 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-03-18 03:33:06 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-03-18 03:33:00 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-03-18 03:31:45 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2010-03-18 03:30:49 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-03-18 03:30:49 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-03-18 03:30:47 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2010-03-18 03:30:09 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-03-18 03:30:07 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-03-18 03:28:56 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2010-03-18 03:27:59 80896 -c--a-w- c:\windows\system32\dllcache\dc210usd.dll
2010-03-18 03:27:58 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2010-03-18 03:27:37 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
2010-03-18 03:27:36 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys
2010-03-18 03:27:09 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2010-03-18 03:27:08 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-03-18 03:27:07 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys
2010-03-18 03:27:05 27136 -c--a-w- c:\windows\system32\dllcache\cyzcoins.dll
2010-03-18 03:27:04 27648 -c--a-w- c:\windows\system32\dllcache\cyyports.dll
2010-03-18 03:27:02 50176 -c--a-w- c:\windows\system32\dllcache\cyyport.sys
2010-03-18 03:27:01 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2010-03-18 03:27:00 14848 -c--a-w- c:\windows\system32\dllcache\cyclom-y.sys
2010-03-18 03:25:46 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2010-03-18 03:25:45 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2010-03-18 03:25:33 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2010-03-18 03:25:29 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2010-03-18 03:25:25 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-03-18 03:25:23 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2010-03-18 03:25:22 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2010-03-18 03:25:20 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2010-03-18 03:25:19 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2010-03-18 03:25:09 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2010-03-18 03:25:00 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2010-03-18 03:23:51 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-18 03:23:38 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-03-18 03:23:36 22044 -c--a-w- c:\windows\system32\dllcache\cem33n5.sys
2010-03-18 03:23:35 22044 -c--a-w- c:\windows\system32\dllcache\cem28n5.sys
2010-03-18 03:23:34 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2010-03-18 03:23:33 21530 -c--a-w- c:\windows\system32\dllcache\ce2n5.sys
2010-03-18 03:23:19 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2010-03-18 03:23:13 714698 -c--a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2010-03-18 03:23:12 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2010-03-18 03:23:10 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2010-03-18 03:23:08 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2010-03-18 03:21:58 66082 -c--a-w- c:\windows\system32\dllcache\c_21025.nls
2010-03-18 03:20:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1146.nls
2010-03-18 03:19:59 3968 -c--a-w- c:\windows\system32\dllcache\brfiltup.sys
2010-03-18 03:18:58 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-03-18 03:17:56 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys
2010-03-18 03:17:56 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys
2010-03-18 03:17:54 289664 -c--a-w- c:\windows\system32\dllcache\atimpab.sys
2010-03-18 03:17:52 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-03-18 03:17:51 268160 -c--a-w- c:\windows\system32\dllcache\atidvai.dll
2010-03-18 03:17:50 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2010-03-18 03:17:48 382592 -c--a-w- c:\windows\system32\dllcache\atidrab.dll
2010-03-18 03:17:47 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys
2010-03-18 03:17:22 77568 -c--a-w- c:\windows\system32\dllcache\ati.sys
2010-03-18 03:17:20 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2010-03-18 03:17:10 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-03-18 03:17:04 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
2010-03-18 03:17:03 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
2010-03-18 03:16:58 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2010-03-18 03:16:44 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-03-18 03:16:39 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-03-18 03:16:37 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2010-03-18 03:16:34 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2010-03-18 03:16:32 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2010-03-18 03:16:32 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-03-18 03:16:31 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-03-18 03:16:29 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2010-03-18 03:16:28 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-03-18 03:16:27 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-03-18 03:16:10 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-03-18 03:13:30 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-18 02:49:48 0 d-----w- c:\windows\B440D659FECA4BDDA12B5C9F05790FF3.TMP
2010-03-17 15:07:51 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-17 13:09:23 0 d-----w- c:\windows\system32\CatRoot_bak
2010-03-17 13:08:24 0 d-----w- c:\program files\AutoStreamer
2010-03-16 18:18:18 0 d-----w- c:\windows\tmp
2010-03-13 01:36:28 0 d--h--w- c:\windows\PIF
2010-03-12 03:27:46 0 d-----w- c:\docume~1\steven\applic~1\Symantec
2010-03-12 03:22:42 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-12 03:22:42 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-03-12 03:22:35 0 d-----w- c:\program files\Symantec
2010-03-12 03:20:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-03-12 03:20:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-03-12 03:20:18 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-03-12 03:19:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-12 03:19:27 0 d-----w- c:\docume~1\alluse~1\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-03-11 20:06:42 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-03-11 20:06:25 0 d-----w- c:\program files\NVIDIA Corporation
2010-03-10 19:04:19 1885536 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-03-10 19:04:19 1024 ----a-w- c:\windows\system32\AutoPartNt.let
2010-03-10 18:53:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate
2010-03-10 18:53:29 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-03-10 18:53:29 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-03-10 18:53:21 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-03-10 18:53:18 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-03-08 23:43:38 2048 ----a-w- C:\w2ksect.bin
2010-03-08 22:48:53 9662 ----a-w- c:\windows\EPISME00.SWB
2010-03-08 10:47:46 0 d---a-w- C:\$AutoStreamer$
2010-03-07 16:08:33 0 d-----w- C:\symbols
2010-03-07 14:55:02 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-03-07 14:55:02 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-03-07 14:55:02 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-03-07 14:55:02 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2010-03-07 14:55:02 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-03-07 14:55:02 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-03-07 14:55:02 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-03-07 14:55:02 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-03-07 14:55:02 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2010-03-07 14:55:02 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-03-07 14:55:02 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-03-07 14:55:02 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-03-07 14:53:33 1891 ----a-w- c:\windows\imsins.BAK
2010-03-07 14:53:32 90624 -c--a-w- c:\windows\system32\dllcache\muisetup.exe
2010-03-07 14:52:08 3932160 ----a-w- c:\windows\debugpack.cmp
2010-03-07 13:38:50 986 ----a-w- c:\windows\system32\Compress.res
2010-03-07 12:48:45 0 d-----w- c:\program files\Reimage
2010-03-06 19:29:13 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-03-07 14:38:12 897024 ----a-w- c:\windows\system32\wmspdmoe.dll
2010-03-07 14:36:34 6656 ----a-w- c:\windows\system32\laprxy.dll
2010-03-07 14:36:34 29696 ----a-w- c:\windows\system32\mimefilt.dll
2010-03-07 14:36:34 103936 ----a-w- c:\windows\system32\logagent.exe
2010-03-07 14:36:14 695808 ----a-w- c:\windows\system32\drmv2clt.dll
2010-03-07 14:36:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-07 14:36:13 87040 ----a-w- c:\windows\system32\drmstor.dll
2010-03-07 14:36:13 299520 ----a-w- c:\windows\system32\drmclien.dll
2010-03-07 14:36:09 286720 ----a-w- c:\windows\system32\blackbox.dll
2010-03-07 14:36:09 159232 ----a-w- c:\windows\system32\cewmdm.dll
2010-03-07 13:55:07 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2010-03-07 13:55:02 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2010-03-06 20:27:19 90112 ----a-w- c:\windows\DUMPb7a2.tmp
2010-03-02 23:58:34 3172 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-07 16:47:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120720091208\index.dat

============= FINISH: 8:12:26.29 ===============


#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 21 March 2010 - 07:46 AM

Hi,

Your logs look great thumbup2.gif

Click Start >> Run, and then type ComboFix /Uninstall and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.
  • You appear to be without any AntiVirus software. If this is the case, I strongly recommend you install some, since they are essential to keeping your computer secure. A few free ones that I recommend are Avast!, Avira and AVG.

  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#9 nevetsx

nevetsx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 21 March 2010 - 08:17 AM

problems seem to be gone hysterical.gif thumbup2.gif thumbup.gif clapping.gif again thank you so such for your help

#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 21 March 2010 - 08:28 AM

No worries, thank you for your kind donation smile.gif

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users