Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google search redirects


  • This topic is locked This topic is locked
23 replies to this topic

#1 thedelwanderer

thedelwanderer

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 27 February 2011 - 03:44 PM

Hello BC Forums,

A few days ago, Google searches via Firefox were hijacked on my machine. This issue does not affect Chrome (yay), and I never use IE so I haven't bothered testing it out there.
With any given Google search, some or all of the resultant links will redirect to unwanted sites, including tazinga.com. This hijack is not reliably reproducible between searches (so searching for "Dragon Age" may yield 1 infected link, but which link this is changes from search to search), though it does appear somewhat reproducible within searches (so if an infected link is produced by searching for "Dragon Age", clicking that link multiple times without reloading the page will redirect to the same site). Initially, I noticed that infected links would display an incorrect link in Firefox Status Bar at the bottom of the page (so dragonage.wikia.com would display as something along the lines of google.com/?...[long string of characters]). This is no longer the case - all links show up in the Status Bar correctly, but may or may not be infected.

I have run the following programmes in an attempt to cleanse my computer:
- Malwarebytes' Anti-Malware
- SpyBot Search & Destroy
- SUPERAntiSpyware
Each have found a number of suspicious entries (mostly tracking cookies), but none have resolved the redirect issue.

I attempted to run DDS.scr (both in normal and Safe mode, with Avast! anti-script modules disabled), but in all cases my system froze after about 5 minutes and a hard reboot was necessary. I have instead replaced the DDS reports (dds.txt and attach.txt) with RSIT reports (pasted here, and info.txt), which ran without a problem.

Thanks! Any help will of course be much appreciated. Here are the reports (RSIT & GMER, I also have a HijackThis report available if needed):

========================

Logfile of random's system information tool 1.08 (written by random/random)
Run by Delos at 2011-02-27 14:35:17
Microsoft Windows 7 Professional
System drive C: has 16 GB (23%) free of 70 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:35:20 PM, on 27/02/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Software\Mouse Drivers\SetPoint\SetPointP\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Delos\Audio\Players\Winamp\winampa.exe
D:\Software\Security\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Delos\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Delos\Desktop\Roots\RSIT.exe
C:\Program Files\trend micro\Delos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Software\Security\Spybot\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Software\Java\plugin\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EvtMgr6] D:\Software\Mouse Drivers\SetPoint\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Software\PDF\Adobe\Acrobat\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Delos\Audio\Players\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast5] "D:\Software\Security\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Google Update] "C:\Users\Delos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ashDisp.exe.lnk = D:\Software\Security\Avast\ashDisp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Software\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Software\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Security\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Security\Spybot\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Software\Security\Avast\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Software\Security\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - D:\Software\Security\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Software\Security\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Software\Security\Avast5\AvastSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Software\Security\Spybot\SDWinSec.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5836 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4039312336-2905830941-3446957082-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4039312336-2905830941-3446957082-1000UA.job
C:\Windows\tasks\Ubhwn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Software\Security\Spybot\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Software\Java\plugin\bin\jp2ssv.dll [2011-02-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-11 30192]
"EvtMgr6"=D:\Software\Mouse Drivers\SetPoint\SetPointP\SetPoint.exe [2010-06-25 1311312]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]
""= []
"Adobe Reader Speed Launcher"=D:\Software\PDF\Adobe\Acrobat\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"WinampAgent"=D:\Delos\Audio\Players\Winamp\winampa.exe [2010-12-09 74752]
"avast5"=D:\Software\Security\Avast5\avastUI.exe [2010-09-07 2838912]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Delos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Software\Security\Spybot\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Delos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
D:\Software\Burning\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

C:\Users\Delos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ashDisp.exe.lnk - D:\Software\Security\Avast\ashDisp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-05-06 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-27 14:30:42 ----D---- C:\rsit
2011-02-27 14:30:42 ----D---- C:\Program Files\trend micro
2011-02-26 20:52:29 ----D---- C:\Users\Delos\AppData\Roaming\SUPERAntiSpyware.com
2011-02-26 20:52:29 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-02-26 10:01:01 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2011-02-26 10:01:01 ----A---- C:\Windows\system32\drivers\sdbus.sys
2011-02-26 10:00:59 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2011-02-26 10:00:58 ----A---- C:\Windows\system32\drivers\ks.sys
2011-02-26 10:00:29 ----A---- C:\Windows\system32\kerberos.dll
2011-02-26 10:00:28 ----A---- C:\Windows\system32\atmlib.dll
2011-02-26 10:00:28 ----A---- C:\Windows\system32\atmfd.dll
2011-02-26 10:00:26 ----A---- C:\Windows\system32\wmp.dll
2011-02-26 10:00:24 ----A---- C:\Windows\system32\wmploc.DLL
2011-02-26 10:00:22 ----A---- C:\Windows\system32\mshtml.dll
2011-02-26 10:00:21 ----A---- C:\Windows\system32\ieframe.dll
2011-02-26 10:00:19 ----A---- C:\Windows\system32\urlmon.dll
2011-02-26 10:00:18 ----A---- C:\Windows\system32\wininet.dll
2011-02-26 10:00:18 ----A---- C:\Windows\system32\mstime.dll
2011-02-26 10:00:18 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-26 10:00:18 ----A---- C:\Windows\system32\iertutil.dll
2011-02-26 10:00:18 ----A---- C:\Windows\system32\iepeers.dll
2011-02-26 10:00:18 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-26 10:00:17 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-26 10:00:17 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-26 10:00:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-26 10:00:17 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-26 10:00:17 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-26 10:00:17 ----A---- C:\Windows\system32\ieui.dll
2011-02-26 10:00:10 ----A---- C:\Windows\system32\mfc40u.dll
2011-02-26 10:00:10 ----A---- C:\Windows\system32\mfc40.dll
2011-02-26 10:00:09 ----A---- C:\Windows\system32\odbc32.dll
2011-02-26 10:00:00 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-02-26 10:00:00 ----A---- C:\Windows\system32\taskschd.dll
2011-02-26 10:00:00 ----A---- C:\Windows\system32\taskeng.exe
2011-02-26 10:00:00 ----A---- C:\Windows\system32\taskcomp.dll
2011-02-26 10:00:00 ----A---- C:\Windows\system32\schtasks.exe
2011-02-26 10:00:00 ----A---- C:\Windows\system32\schedsvc.dll
2011-02-26 09:59:59 ----A---- C:\Windows\system32\spoolsv.exe
2011-02-26 09:59:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-26 09:59:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-26 09:59:58 ----A---- C:\Windows\system32\ntdll.dll
2011-02-26 09:59:53 ----A---- C:\Windows\system32\ole32.dll
2011-02-26 09:59:52 ----A---- C:\Windows\system32\win32k.sys
2011-02-26 09:59:50 ----A---- C:\Windows\system32\comctl32.dll
2011-02-26 09:59:47 ----A---- C:\Windows\system32\tzres.dll
2011-02-26 09:59:39 ----A---- C:\Windows\system32\schannel.dll
2011-02-26 09:59:38 ----A---- C:\Windows\system32\webio.dll
2011-02-26 09:59:37 ----A---- C:\Windows\system32\t2embed.dll
2011-02-26 09:59:36 ----A---- C:\Windows\system32\vbscript.dll
2011-02-26 09:59:36 ----A---- C:\Windows\system32\jscript.dll
2011-02-26 09:59:35 ----A---- C:\Windows\system32\wmpmde.dll
2011-02-26 09:58:14 ----A---- C:\Windows\system32\consent.exe
2011-02-26 09:55:34 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-02-26 09:35:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-02-25 23:17:30 ----A---- C:\TDSSKiller.2.4.18.0_25.02.2011_23.17.30_log.txt
2011-02-21 12:36:12 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-02-21 12:25:26 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-02-21 12:25:18 ----D---- C:\Program Files\Adobe
2011-02-21 12:02:30 ----RASH---- C:\Windows\system32\vdsutil1.dll
2011-02-19 13:30:06 ----D---- C:\Program Files\Common Files\Java
2011-02-19 13:29:54 ----A---- C:\Windows\system32\javaws.exe
2011-02-19 13:29:54 ----A---- C:\Windows\system32\javaw.exe
2011-02-19 13:29:54 ----A---- C:\Windows\system32\java.exe
2011-02-15 17:34:25 ----A---- C:\Windows\system32\pdfcmnnt.dll
2011-02-15 17:34:24 ----A---- C:\Windows\system32\MSMPIDE.DLL
2011-02-07 17:25:57 ----A---- C:\Windows\system32\drivers\athr.sys
2011-02-07 17:24:13 ----D---- C:\Program Files\Wireless Console 2
2011-02-07 17:16:54 ----D---- C:\Users\Delos\AppData\Roaming\Download Manager
2011-01-29 22:07:28 ----D---- C:\Users\Delos\AppData\Roaming\inkscape

======List of files/folders modified in the last 1 months======

2011-02-27 14:30:58 ----D---- C:\Windows\Prefetch
2011-02-27 14:30:42 ----RD---- C:\Program Files
2011-02-27 14:29:41 ----D---- C:\Windows\Temp
2011-02-27 14:23:35 ----D---- C:\Windows\system32\catroot2
2011-02-27 13:31:36 ----A---- C:\Windows\ntbtlog.txt
2011-02-27 12:08:32 ----D---- C:\Windows\system32\NDF
2011-02-26 20:52:29 ----HD---- C:\ProgramData
2011-02-26 18:01:05 ----D---- C:\Windows\system32\drivers
2011-02-26 18:01:05 ----D---- C:\Windows\Resources
2011-02-26 14:31:16 ----D---- C:\Windows\rescache
2011-02-26 10:41:09 ----RSD---- C:\Windows\assembly
2011-02-26 10:41:09 ----D---- C:\Windows\Microsoft.NET
2011-02-26 10:21:50 ----D---- C:\Windows\system32\config
2011-02-26 10:12:21 ----D---- C:\Windows\System32
2011-02-26 10:12:21 ----D---- C:\Windows\inf
2011-02-26 10:12:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-26 10:08:37 ----D---- C:\Windows
2011-02-26 10:08:20 ----D---- C:\Windows\winsxs
2011-02-26 10:05:15 ----D---- C:\Windows\system32\migration
2011-02-26 10:05:15 ----D---- C:\Windows\system32\en-US
2011-02-26 10:05:15 ----D---- C:\Program Files\Windows Media Player
2011-02-26 10:05:15 ----D---- C:\Program Files\Windows Mail
2011-02-26 10:05:15 ----D---- C:\Program Files\Internet Explorer
2011-02-26 10:05:14 ----D---- C:\Windows\system32\DriverStore
2011-02-26 10:03:54 ----SHD---- C:\Windows\Installer
2011-02-26 10:03:53 ----SHD---- C:\Config.Msi
2011-02-26 10:01:03 ----D---- C:\Windows\system32\catroot
2011-02-26 09:20:17 ----D---- C:\Windows\Minidump
2011-02-25 20:33:47 ----D---- C:\Windows\system32\drivers\etc
2011-02-22 10:50:11 ----D---- C:\Windows\system32\Tasks
2011-02-22 10:49:32 ----D---- C:\ProgramData\Adobe
2011-02-22 10:38:57 ----RSD---- C:\Windows\Fonts
2011-02-21 21:01:46 ----SHD---- C:\System Volume Information
2011-02-21 17:23:02 ----D---- C:\Program Files\Common Files\Adobe
2011-02-21 15:53:53 ----D---- C:\Users\Delos\AppData\Roaming\Adobe
2011-02-21 12:25:26 ----D---- C:\Program Files\Common Files
2011-02-21 12:02:30 ----D---- C:\Windows\Tasks
2011-02-20 15:08:43 ----D---- C:\Users\Delos\AppData\Roaming\uTorrent
2011-02-16 16:58:45 ----D---- C:\Users\Delos\AppData\Roaming\Mozilla
2011-02-15 17:25:06 ----D---- C:\Users\Delos\AppData\Roaming\gtk-2.0
2011-02-13 23:52:44 ----D---- C:\Users\Delos\AppData\Roaming\Dropbox
2011-02-13 15:44:21 ----D---- C:\Users\Delos\AppData\Roaming\Canon
2011-02-07 17:24:13 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 00:00:07 ----D---- C:\Users\Delos\AppData\Roaming\skypePM
2011-02-06 11:56:14 ----D---- C:\Users\Delos\AppData\Roaming\Skype
2011-02-05 21:07:14 ----D---- C:\Users\Delos\AppData\Roaming\vlc
2011-02-05 11:10:29 ----D---- C:\Users\Delos\AppData\Roaming\jazzconfig
2011-02-04 17:34:02 ----A---- C:\Windows\system32\MRT.exe
2011-02-02 21:40:23 ----A---- C:\Windows\system32\deployJava1.dll
2011-02-02 18:30:14 ----SD---- C:\Users\Delos\AppData\Roaming\Microsoft
2011-01-31 21:43:21 ----A---- C:\Windows\kgt2k.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2010-09-07 190416]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2010-09-07 99792]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2010-09-07 340048]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 SASDIFSV;SASDIFSV; \??\D:\Software\Security\SAS\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\D:\Software\Security\SAS\SASKUTIL.SYS [2010-05-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-03 6096384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-03 214016]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-03-02 1263104]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-03-18 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-03-18 37328]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-13 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-09 84992]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-03 6096384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-13 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-13 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-13 58880]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 129536]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2010-06-16 75776]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]
S3 zwvxrevolutionfilter;zwvxrevolutionfilter; C:\Windows\system32\drivers\zwvxrevolutionfilter.sys [2010-09-11 8192]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-03 176128]
R2 avast! Antivirus;avast! Antivirus; D:\Software\Security\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 avast! Firewall;avast! Firewall; D:\Software\Security\Avast5\afwServ.exe [2010-09-07 119200]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Software\Security\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Software\Security\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 aswUpdSv;avast! iAVS4 Control Service; D:\Software\Security\Avast\aswUpdSv.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SBSDWSCService;SBSD Security Center Service; D:\Software\Security\Spybot\SDWinSec.exe [2009-01-26 1153368]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-11 30192]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   17.33KB   1 downloads
  • Attached File  ark.txt   31.02KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 27 February 2011 - 06:17 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 27 February 2011 - 11:41 PM

Hi Gringo,

Thanks for the reply. I have attempted to run Combofix but so far no luck. In both normal and Safe modes, I've left the programme to run for ~30 mins (with nothing else open) sometime during which the system hangs. I am running avast! 5.0 (on Win7Pro32bit), and have manually disabled all real-time scanners while attempting to run Combofix. This looks like the same problem I was having when trying to run dds.scr earlier on today. Any suggestions?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 28 February 2011 - 08:30 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 28 February 2011 - 07:44 PM

Hmm...no luck. I tried running Combofix in Safe Mode again, and once again after ~30 mins, the computer becomes unresponsive. Are there alternatives to Combofix that would give you the same info you'd need?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 28 February 2011 - 08:27 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 28 February 2011 - 08:55 PM

No infections found. Report copy-pasta'd here:

==============

2011/02/28 20:53:40.0792 4876 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 20:53:40.0932 4876 ================================================================================
2011/02/28 20:53:40.0932 4876 SystemInfo:
2011/02/28 20:53:40.0932 4876
2011/02/28 20:53:40.0932 4876 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/28 20:53:40.0932 4876 Product type: Workstation
2011/02/28 20:53:40.0932 4876 ComputerName: DELOS-LAPTOP
2011/02/28 20:53:40.0932 4876 UserName: Delos
2011/02/28 20:53:40.0932 4876 Windows directory: C:\Windows
2011/02/28 20:53:40.0932 4876 System windows directory: C:\Windows
2011/02/28 20:53:40.0932 4876 Processor architecture: Intel x86
2011/02/28 20:53:40.0932 4876 Number of processors: 2
2011/02/28 20:53:40.0932 4876 Page size: 0x1000
2011/02/28 20:53:40.0932 4876 Boot type: Normal boot
2011/02/28 20:53:40.0932 4876 ================================================================================
2011/02/28 20:53:42.0196 4876 Initialize success
2011/02/28 20:53:43.0475 3500 ================================================================================
2011/02/28 20:53:43.0475 3500 Scan started
2011/02/28 20:53:43.0475 3500 Mode: Manual;
2011/02/28 20:53:43.0475 3500 ================================================================================
2011/02/28 20:53:45.0971 3500 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/28 20:53:46.0174 3500 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/28 20:53:46.0408 3500 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/28 20:53:47.0047 3500 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/28 20:53:47.0344 3500 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/28 20:53:47.0500 3500 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/28 20:53:48.0015 3500 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/02/28 20:53:48.0607 3500 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/02/28 20:53:49.0060 3500 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/28 20:53:49.0590 3500 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/02/28 20:53:50.0016 3500 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/28 20:53:50.0184 3500 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/02/28 20:53:50.0244 3500 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/28 20:53:50.0381 3500 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/28 20:53:50.0716 3500 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 20:53:51.0006 3500 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/28 20:53:51.0086 3500 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/28 20:53:51.0150 3500 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/28 20:53:51.0291 3500 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/28 20:53:51.0343 3500 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/28 20:53:51.0455 3500 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/02/28 20:53:51.0623 3500 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/02/28 20:53:51.0644 3500 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/28 20:53:51.0816 3500 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/28 20:53:52.0003 3500 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\Windows\system32\drivers\aswFW.sys
2011/02/28 20:53:52.0190 3500 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/28 20:53:52.0377 3500 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
2011/02/28 20:53:52.0565 3500 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\Windows\system32\drivers\aswNdis2.sys
2011/02/28 20:53:52.0643 3500 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/02/28 20:53:52.0721 3500 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\Windows\system32\drivers\aswSnx.sys
2011/02/28 20:53:52.0814 3500 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/02/28 20:53:52.0986 3500 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/02/28 20:53:53.0048 3500 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/28 20:53:53.0173 3500 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/28 20:53:53.0282 3500 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
2011/02/28 20:53:53.0641 3500 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 20:53:53.0844 3500 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/02/28 20:53:54.0109 3500 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/02/28 20:53:54.0249 3500 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/28 20:53:54.0374 3500 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/02/28 20:53:54.0546 3500 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/28 20:53:54.0608 3500 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/28 20:53:54.0702 3500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/28 20:53:54.0795 3500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/28 20:53:54.0858 3500 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/02/28 20:53:55.0014 3500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/28 20:53:55.0092 3500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/28 20:53:55.0185 3500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/28 20:53:55.0279 3500 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/28 20:53:55.0341 3500 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/28 20:53:55.0497 3500 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/28 20:53:55.0653 3500 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/02/28 20:53:55.0825 3500 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/28 20:53:55.0965 3500 catchme (d94b86ad01a3cc323619d4ff512ed6fa) C:\Users\Delos\AppData\Local\Temp\catchme.sys
2011/02/28 20:53:56.0168 3500 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/28 20:53:56.0465 3500 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/28 20:53:56.0652 3500 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/28 20:53:56.0699 3500 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/02/28 20:53:56.0886 3500 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/28 20:53:56.0979 3500 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/28 20:53:57.0073 3500 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/02/28 20:53:57.0213 3500 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/28 20:53:57.0307 3500 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/28 20:53:57.0416 3500 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/28 20:53:57.0603 3500 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/02/28 20:53:57.0806 3500 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/02/28 20:53:57.0869 3500 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/02/28 20:53:57.0931 3500 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/02/28 20:53:58.0056 3500 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/02/28 20:53:58.0165 3500 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/28 20:53:58.0430 3500 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/02/28 20:53:58.0680 3500 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/28 20:53:58.0758 3500 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/28 20:53:58.0898 3500 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/02/28 20:53:58.0992 3500 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/02/28 20:53:59.0132 3500 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/28 20:53:59.0210 3500 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/02/28 20:53:59.0257 3500 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/02/28 20:53:59.0319 3500 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/28 20:53:59.0438 3500 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/02/28 20:53:59.0555 3500 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/02/28 20:53:59.0728 3500 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/28 20:53:59.0813 3500 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/28 20:53:59.0993 3500 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/28 20:54:00.0163 3500 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/28 20:54:00.0326 3500 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/02/28 20:54:00.0400 3500 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/28 20:54:00.0425 3500 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/28 20:54:00.0453 3500 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/28 20:54:00.0618 3500 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/28 20:54:00.0741 3500 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/28 20:54:00.0891 3500 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/28 20:54:00.0969 3500 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/02/28 20:54:01.0058 3500 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/28 20:54:01.0219 3500 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/28 20:54:01.0347 3500 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/28 20:54:01.0425 3500 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/28 20:54:01.0472 3500 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/28 20:54:01.0565 3500 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/28 20:54:01.0596 3500 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/28 20:54:01.0862 3500 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/28 20:54:01.0971 3500 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/02/28 20:54:02.0064 3500 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/02/28 20:54:02.0174 3500 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/28 20:54:02.0330 3500 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/28 20:54:02.0454 3500 itecir (83a0305939e1d113a8d8bc2b2ea64774) C:\Windows\system32\DRIVERS\itecir.sys
2011/02/28 20:54:02.0517 3500 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/28 20:54:02.0595 3500 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/28 20:54:02.0688 3500 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/28 20:54:02.0829 3500 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/28 20:54:03.0016 3500 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/02/28 20:54:03.0125 3500 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/28 20:54:03.0234 3500 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/02/28 20:54:03.0422 3500 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/28 20:54:03.0484 3500 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/28 20:54:03.0562 3500 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/28 20:54:03.0609 3500 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/28 20:54:03.0734 3500 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/02/28 20:54:03.0936 3500 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/02/28 20:54:04.0014 3500 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/02/28 20:54:04.0155 3500 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/28 20:54:04.0264 3500 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/28 20:54:04.0311 3500 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/02/28 20:54:04.0389 3500 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/28 20:54:04.0436 3500 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/28 20:54:04.0545 3500 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/28 20:54:04.0623 3500 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/02/28 20:54:04.0685 3500 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/28 20:54:04.0732 3500 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/28 20:54:04.0841 3500 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/28 20:54:04.0888 3500 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/28 20:54:04.0982 3500 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/28 20:54:05.0106 3500 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/28 20:54:05.0216 3500 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/28 20:54:05.0325 3500 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/28 20:54:05.0528 3500 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/02/28 20:54:05.0590 3500 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/28 20:54:05.0715 3500 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/28 20:54:05.0886 3500 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/28 20:54:05.0933 3500 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/28 20:54:06.0042 3500 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/02/28 20:54:06.0089 3500 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/02/28 20:54:06.0183 3500 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/28 20:54:06.0261 3500 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/02/28 20:54:06.0308 3500 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/28 20:54:06.0448 3500 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/02/28 20:54:06.0526 3500 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/02/28 20:54:06.0588 3500 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/28 20:54:06.0713 3500 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/02/28 20:54:06.0838 3500 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/28 20:54:07.0025 3500 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/28 20:54:07.0088 3500 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/28 20:54:07.0119 3500 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/28 20:54:07.0181 3500 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/02/28 20:54:07.0244 3500 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/28 20:54:07.0259 3500 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/28 20:54:07.0431 3500 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/28 20:54:07.0509 3500 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/02/28 20:54:07.0634 3500 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/28 20:54:07.0712 3500 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/02/28 20:54:07.0836 3500 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/02/28 20:54:07.0946 3500 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/28 20:54:08.0024 3500 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/28 20:54:08.0086 3500 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/28 20:54:08.0242 3500 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/28 20:54:08.0414 3500 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/02/28 20:54:08.0492 3500 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/02/28 20:54:08.0538 3500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/28 20:54:08.0663 3500 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/02/28 20:54:08.0741 3500 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/28 20:54:08.0835 3500 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/28 20:54:08.0913 3500 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/02/28 20:54:08.0944 3500 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/02/28 20:54:09.0209 3500 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/28 20:54:09.0272 3500 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/02/28 20:54:09.0412 3500 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/28 20:54:09.0568 3500 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/28 20:54:09.0677 3500 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/28 20:54:09.0833 3500 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/28 20:54:09.0958 3500 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/28 20:54:10.0067 3500 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/28 20:54:10.0161 3500 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/28 20:54:10.0332 3500 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/28 20:54:10.0504 3500 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/28 20:54:10.0644 3500 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/28 20:54:10.0707 3500 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/28 20:54:10.0754 3500 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/28 20:54:10.0863 3500 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/28 20:54:10.0925 3500 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/02/28 20:54:11.0066 3500 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/28 20:54:11.0128 3500 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/28 20:54:11.0222 3500 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/02/28 20:54:11.0331 3500 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/02/28 20:54:11.0409 3500 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/28 20:54:11.0580 3500 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/02/28 20:54:11.0643 3500 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/02/28 20:54:11.0690 3500 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/28 20:54:11.0752 3500 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/02/28 20:54:11.0892 3500 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/28 20:54:11.0986 3500 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/02/28 20:54:12.0158 3500 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/28 20:54:12.0360 3500 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Software\Security\SAS\SASDIFSV.SYS
2011/02/28 20:54:12.0423 3500 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Software\Security\SAS\SASKUTIL.SYS
2011/02/28 20:54:12.0594 3500 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/28 20:54:12.0766 3500 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/28 20:54:12.0875 3500 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/28 20:54:13.0031 3500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/28 20:54:13.0203 3500 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/28 20:54:13.0374 3500 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/02/28 20:54:13.0437 3500 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/28 20:54:13.0593 3500 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/28 20:54:13.0640 3500 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/28 20:54:13.0733 3500 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/28 20:54:13.0858 3500 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/28 20:54:13.0998 3500 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/02/28 20:54:14.0123 3500 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/28 20:54:14.0201 3500 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/28 20:54:14.0310 3500 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/02/28 20:54:14.0498 3500 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/02/28 20:54:14.0607 3500 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/28 20:54:14.0700 3500 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/28 20:54:14.0810 3500 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/28 20:54:14.0903 3500 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/28 20:54:14.0981 3500 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/28 20:54:15.0090 3500 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/28 20:54:15.0200 3500 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/28 20:54:15.0465 3500 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/02/28 20:54:15.0668 3500 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/28 20:54:15.0746 3500 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/28 20:54:15.0824 3500 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/02/28 20:54:15.0886 3500 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/28 20:54:15.0917 3500 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/28 20:54:16.0104 3500 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/28 20:54:16.0245 3500 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/28 20:54:16.0416 3500 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/28 20:54:16.0510 3500 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/28 20:54:16.0650 3500 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/28 20:54:16.0838 3500 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/28 20:54:16.0916 3500 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/28 20:54:16.0978 3500 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/28 20:54:17.0243 3500 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/02/28 20:54:17.0321 3500 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/28 20:54:17.0430 3500 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/28 20:54:17.0477 3500 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/28 20:54:17.0571 3500 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/28 20:54:17.0696 3500 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/28 20:54:17.0820 3500 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/28 20:54:17.0976 3500 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/28 20:54:18.0023 3500 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/28 20:54:18.0070 3500 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/28 20:54:18.0195 3500 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/28 20:54:18.0351 3500 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/28 20:54:18.0476 3500 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/28 20:54:18.0522 3500 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/02/28 20:54:18.0554 3500 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/28 20:54:18.0710 3500 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/02/28 20:54:18.0756 3500 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/02/28 20:54:18.0819 3500 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/28 20:54:18.0897 3500 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/28 20:54:19.0037 3500 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/28 20:54:19.0178 3500 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/28 20:54:19.0256 3500 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/02/28 20:54:19.0334 3500 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/28 20:54:19.0490 3500 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/28 20:54:19.0583 3500 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/28 20:54:19.0630 3500 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/28 20:54:19.0739 3500 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/28 20:54:19.0895 3500 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 20:54:19.0926 3500 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 20:54:20.0051 3500 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/02/28 20:54:20.0160 3500 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/28 20:54:20.0363 3500 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/28 20:54:20.0410 3500 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/02/28 20:54:20.0628 3500 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/28 20:54:20.0675 3500 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/28 20:54:20.0831 3500 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/28 20:54:20.0909 3500 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/02/28 20:54:20.0987 3500 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/28 20:54:21.0174 3500 zwvxrevolutionfilter (039d5a1c076df499f4abbfe52665166a) C:\Windows\system32\drivers\zwvxrevolutionfilter.sys
2011/02/28 20:54:21.0752 3500 ================================================================================
2011/02/28 20:54:21.0752 3500 Scan finished
2011/02/28 20:54:21.0752 3500 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 28 February 2011 - 09:15 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 28 February 2011 - 09:35 PM

OTL logfile created on: 2/28/2011 9:29:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Delos\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.13 Gb Total Space | 15.87 Gb Free Space | 23.29% Space Free | Partition Type: NTFS
Drive D: | 154.99 Gb Total Space | 54.42 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive E: | 7.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 596.17 Gb Total Space | 260.50 Gb Free Space | 43.70% Space Free | Partition Type: NTFS

Computer Name: DELOS-LAPTOP | User Name: Delos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Delos\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Delos\Audio\Players\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - D:\Delos\Audio\Players\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - D:\Software\Security\Avast5\AvastUI.exe (AVAST Software)
PRC - D:\Software\Security\Avast5\AvastSvc.exe (AVAST Software)
PRC - D:\Software\Security\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - D:\Software\Mouse Drivers\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Software\Security\Spybot\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Delos\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (aswUpdSv) -- File not found
SRV - (avast! Web Scanner) -- D:\Software\Security\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- D:\Software\Security\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- D:\Software\Security\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- D:\Software\Security\Avast5\afwServ.exe (AVAST Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- D:\Software\Security\Spybot\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Delos\AppData\Local\Temp\catchme.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (zwvxrevolutionfilter) -- C:\Windows\System32\drivers\zwvxrevolutionfilter.sys ()
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (SASKUTIL) -- D:\Software\Security\SAS\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SASDIFSV) -- D:\Software\Security\SAS\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 57 17 15 D3 90 CB 01 [binary data]
IE - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "news.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..extensions.enabledItems: facebookBlocker@webgraph.com:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {992791ee-61dc-7b98-a8fd-dc49b7deeee9}:3.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Software\Firefox\components [2011/02/26 10:21:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Software\Firefox\plugins [2011/02/26 10:21:23 | 000,000,000 | ---D | M]

[2010/09/10 21:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delos\AppData\Roaming\Mozilla\Extensions
[2011/02/28 17:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions
[2011/02/03 17:58:33 | 000,000,000 | ---D | M] (TryAgain) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}
[2010/12/24 00:28:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/08 21:52:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/13 18:14:17 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2011/02/23 16:14:20 | 000,000,000 | ---D | M] ("Exif Viewer") -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\exif_viewer@mozilla.doslash.org
[2010/10/26 06:02:02 | 000,000,000 | ---D | M] ("FacebookBlocker") -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\facebookBlocker@webgraph.com
[2011/02/25 07:19:31 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\firefox@ghostery.com
[2011/01/09 22:53:10 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\firegestures@xuldev.org
[2011/02/12 11:29:07 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Delos\AppData\Roaming\Mozilla\Firefox\Profiles\mdk8eoz8.default\extensions\https-everywhere@eff.org
[2008/10/13 18:06:02 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/19 19:38:36 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/11 20:50:22 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 18:25:28 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/25 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/17 19:56:31 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/23 19:47:25 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/11 12:22:12 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/02 17:48:02 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 11:34:11 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 12:43:02 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 13:29:56 | 000,000,000 | ---D | M] (Java Console) -- D:\SOFTWARE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/02/21 12:14:04 | 000,000,852 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Software\Security\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Software\Java\plugin\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Software\PDF\Adobe\Acrobat\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\Software\Security\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] D:\Software\Mouse Drivers\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] D:\Delos\Audio\Players\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Delos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ashDisp.exe.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Software\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Software\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Security\Spybot\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ed21d7b-3d82-11e0-a3af-002215431502}\Shell - "" = AutoRun
O33 - MountPoints2\{6ed21d7b-3d82-11e0-a3af-002215431502}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 21:27:49 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Delos\Desktop\OTL.exe
[2011/02/28 19:09:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/28 19:09:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/27 22:33:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/27 22:33:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/27 22:33:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/27 22:33:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/27 22:31:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/27 14:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/27 14:20:18 | 000,000,000 | ---D | C] -- C:\Users\Delos\Desktop\Roots
[2011/02/26 20:52:29 | 000,000,000 | ---D | C] -- C:\Users\Delos\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/26 20:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/26 10:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/26 10:00:58 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/02/26 10:00:28 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/26 10:00:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/26 10:00:24 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/02/26 10:00:18 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/26 10:00:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/26 10:00:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/26 10:00:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/26 10:00:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/26 10:00:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/26 10:00:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/26 10:00:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/26 10:00:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/26 10:00:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/26 10:00:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/26 10:00:10 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/02/26 10:00:10 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/02/26 10:00:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/26 10:00:00 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/26 10:00:00 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/26 10:00:00 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/26 10:00:00 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/02/26 09:59:58 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/26 09:59:58 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/26 09:59:52 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/26 09:59:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/26 09:59:38 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/02/26 09:59:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/02/26 09:59:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/26 09:59:36 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/26 09:59:35 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/02/26 09:58:14 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/26 09:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/21 12:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/02/21 12:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/21 12:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/02/19 13:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/19 13:29:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/19 13:29:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/19 13:29:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/15 17:34:25 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2011/02/15 17:34:25 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011/02/15 17:34:25 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011/02/15 17:34:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011/02/07 17:25:57 | 001,263,104 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/02/07 17:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wireless Console 2
[2011/02/07 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\Delos\AppData\Roaming\Download Manager
[2011/01/29 22:07:28 | 000,000,000 | ---D | C] -- C:\Users\Delos\AppData\Roaming\inkscape

========== Files - Modified Within 30 Days ==========

[2011/02/28 21:27:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Delos\Desktop\OTL.exe
[2011/02/28 21:07:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4039312336-2905830941-3446957082-1000UA.job
[2011/02/28 19:48:47 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 19:48:47 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 19:41:38 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Ubhwn.job
[2011/02/28 19:41:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 19:41:02 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 22:28:43 | 004,276,140 | R--- | M] () -- C:\Users\Delos\Desktop\ComboFix.exe
[2011/02/27 15:55:26 | 000,659,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/27 15:55:26 | 000,122,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/27 14:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Delos\defogger_reenable
[2011/02/26 10:21:25 | 000,000,713 | ---- | M] () -- C:\Users\Delos\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/26 10:08:21 | 003,765,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/24 10:00:53 | 000,089,579 | ---- | M] () -- C:\Users\Delos\Desktop\2010 - Christakis - Role of the interview in admissions.pdf
[2011/02/21 12:14:04 | 000,000,852 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/21 12:02:30 | 000,052,224 | RHS- | M] () -- C:\Windows\System32\vdsutil1.dll
[2011/02/15 17:34:46 | 000,029,509 | ---- | M] () -- C:\Users\Delos\.recently-used.xbel
[2011/02/15 07:07:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4039312336-2905830941-3446957082-1000Core.job
[2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/01/31 21:43:21 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2011/01/31 20:15:44 | 000,007,597 | ---- | M] () -- C:\Users\Delos\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2011/02/27 22:33:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/27 22:33:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/27 22:33:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/27 22:33:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/27 22:33:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/27 22:28:09 | 004,276,140 | R--- | C] () -- C:\Users\Delos\Desktop\ComboFix.exe
[2011/02/27 14:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Delos\defogger_reenable
[2011/02/26 10:21:25 | 000,000,713 | ---- | C] () -- C:\Users\Delos\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/24 10:01:23 | 000,089,579 | ---- | C] () -- C:\Users\Delos\Desktop\2010 - Christakis - Role of the interview in admissions.pdf
[2011/02/21 13:03:14 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.lnk
[2011/02/21 12:02:30 | 000,052,224 | RHS- | C] () -- C:\Windows\System32\vdsutil1.dll
[2011/02/21 12:02:30 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\Ubhwn.job
[2011/02/15 17:34:46 | 000,029,509 | ---- | C] () -- C:\Users\Delos\.recently-used.xbel
[2011/02/15 17:34:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/02/08 20:14:16 | 000,001,276 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakGDS.lnk
[2011/01/23 10:20:39 | 000,000,173 | ---- | C] () -- C:\Users\Delos\AppData\Local\msmathematics.qat.Delos
[2010/12/31 12:19:33 | 000,758,272 | ---- | C] () -- C:\Windows\System32\RGSS104E.dll
[2010/12/31 12:19:32 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2010/12/31 12:19:32 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2010/12/31 12:19:32 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2010/12/31 12:19:32 | 000,761,856 | ---- | C] () -- C:\Windows\System32\RGSS104J.dll
[2010/12/31 12:19:32 | 000,685,056 | ---- | C] () -- C:\Windows\System32\RGSS103J.dll
[2010/12/24 22:31:14 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2010/11/17 22:09:30 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/11/11 18:54:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/06 21:35:12 | 000,000,266 | ---- | C] () -- C:\Users\Delos\AppData\Roaming\turing_files.ini
[2010/11/06 21:34:31 | 000,000,096 | ---- | C] () -- C:\Users\Delos\AppData\Roaming\turing.ini
[2010/09/16 22:52:38 | 000,007,597 | ---- | C] () -- C:\Users\Delos\AppData\Local\Resmon.ResmonCfg
[2010/09/12 16:24:18 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/09/11 10:17:08 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\zwvxrevolutionfilter.sys
[2010/09/11 00:10:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/16 08:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 17:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,765,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,659,958 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,122,860 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 16:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 19:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

< End of report >

#10 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 02 March 2011 - 09:38 PM

Hi Gringo, just bumping this thread as you haven't replied in 48 hours. Thanks!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 03 March 2011 - 03:09 PM

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-4039312336-2905830941-3446957082-1000..\Run: [AdobeBridge] File not found
    O4 - Startup: C:\Users\Delos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ashDisp.exe.lnk = File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{6ed21d7b-3d82-11e0-a3af-002215431502}\Shell - "" = AutoRun  
    [2011/02/28 19:41:38 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Ubhwn.job
    [2011/02/21 12:02:30 | 000,052,224 | RHS- | C] () -- C:\Windows\System32\vdsutil1.dll
    [2010/09/11 00:10:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 03 March 2011 - 05:16 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4039312336-2905830941-3446957082-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\Users\Delos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ashDisp.exe.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ed21d7b-3d82-11e0-a3af-002215431502}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ed21d7b-3d82-11e0-a3af-002215431502}\ not found.
C:\Windows\Tasks\Ubhwn.job moved successfully.
C:\Windows\System32\vdsutil1.dll moved successfully.
C:\Windows\ativpsrm.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Delos\Desktop\Roots\cmd.bat deleted successfully.
C:\Users\Delos\Desktop\Roots\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Delos
->Temp folder emptied: 13454686 bytes
->Temporary Internet Files folder emptied: 6258855 bytes
->Java cache emptied: 646429 bytes
->FireFox cache emptied: 81431646 bytes
->Google Chrome cache emptied: 233660835 bytes
->Flash cache emptied: 1099108 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7819269 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 328.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Delos
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.2 log created on 03032011_171229

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 03 March 2011 - 06:51 PM

Hello


how are the redirects at this time?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 thedelwanderer

thedelwanderer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 03 March 2011 - 10:11 PM

Hi Gringo,

So far the issue seems resolved. As I mentioned initially, it occurred fairly stochastically to begin with - I'll do some more testing over the next day and post back tomorrow to confirm that things are back to where they should be. What was it that OTL did that seems to have remedied the situation, and what can I do to prevent this in the future?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 PM

Posted 04 March 2011 - 05:00 AM

ld like to see if combofix will run now can you try and run it for me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users