Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem


  • This topic is locked This topic is locked
18 replies to this topic

#1 ZainulAbideen

ZainulAbideen

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 17 June 2011 - 03:54 PM

Hi,
I have noticed that while using Google, clicking on links leads to being redirected to unrelated suspicious pages. Rogers anti-virus program showed a virus "Gen:Variant.kazy.9095". I need help to clean my computer.
I 've already done following:

1= CD Emulation drivers are disabled
2= Logs from DDS are being posted

DDS TXT
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Windows at 16:37:25 on 2011-06-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.491 [GMT -4:00]
.
AV: Rogers Online Protection Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Rogers Online Protection Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Rogers Online Protection Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Rogers Online Protection\Rogers Online Protection\PrtlAgt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: H - No File
mURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [cdloader] "c:\users\windows\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NBHGui] c:\program files\nero\tools\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\tools\incd\InCD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TaskTray]
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Rogers SHS] c:\program files\rogers\selfhealing\shs.exe
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\windows\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\pixela\everio mediabrowser 3\MBCameraMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\windows\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\windows\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vjage.com/download/vjocx-en.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4E7CE73-F1C4-4BC7-8578-8B87B8F5D92A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4E7CE73-F1C4-4BC7-8578-8B87B8F5D92A}\443374E4F53535944403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4E7CE73-F1C4-4BC7-8578-8B87B8F5D92A}\D4F6F6E6 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\toolbar@alot.com\components\AlotXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com
FF - Ext: XULRunner: {51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B} - c:\users\windows\appdata\local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}
.
---- FIREFOX POLICIES ----
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.accept-encoding -
.
============= SERVICES / DRIVERS ===============
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-6-4 25608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\tools\incd\NBHRegInCDSrv.exe [2009-10-16 53560]
R2 Radialpoint Security Services;Rogers Online Protection;c:\program files\rogers online protection\rogers online protection\RpsSecurityAwareR.exe [2010-6-7 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-4 5832712]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2010-1-19 139264]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2009-11-9 169936]
R2 ServicepointService;ServicepointService;c:\program files\rogers online protection\rogers servicepoint agent\ServicepointService.exe [2011-6-4 689464]
R2 VaultClientSRV;Rogers Backup Manager Service;c:\program files\rogers backup manager\VaultClientSRV.exe [2010-6-7 1053936]
R2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;c:\program files\rogers backup manager\VaultClientUpgrade.exe [2010-6-7 120048]
R3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\drivers\arusb_win7.sys [2011-4-17 612352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-24 22712]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-4 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-4 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-4 21208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-4-17 197224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-24 366640]
S3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\drivers\arusb_lh.sys [2010-4-16 437760]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-7-7 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-5-27 13224]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-6-2 152064]
.
=============== Created Last 30 ================
.
2011-06-15 03:40:53 -------- d-----w- c:\program files\iPod
2011-06-15 03:40:52 -------- d-----w- c:\program files\iTunes
2011-06-05 00:44:16 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-06-05 00:44:03 -------- d-----w- c:\program files\Rogers Backup Manager
2011-06-05 00:43:40 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-06-05 00:43:30 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-06-05 00:43:22 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-06-05 00:43:07 -------- d-----w- c:\program files\Raxco
2011-06-05 00:38:23 -------- d-----w- c:\users\windows\appdata\roaming\Rogers Online Protection
2011-06-05 00:38:23 -------- d-----w- c:\programdata\Radialpoint
2011-06-05 00:38:21 -------- d-----w- c:\programdata\Rogers Online Protection
2011-06-05 00:38:21 -------- d-----w- c:\program files\Rogers Online Protection
2011-06-05 00:16:07 2205064 ----a-w- c:\programdata\shs_setup_4059-354328.exe
2011-06-05 00:04:14 -------- d-----w- c:\program files\Rogers
2011-06-03 16:32:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-03 16:31:16 -------- d-----w- c:\program files\SweetIM
2011-06-03 16:31:15 -------- d-----w- c:\programdata\SweetIM
2011-06-03 16:30:54 -------- d-----w- c:\program files\WhiteSmoke
2011-06-02 05:27:58 -------- d-----w- c:\programdata\Sony Ericsson
2011-06-02 05:27:58 -------- d-----w- c:\program files\Sony Ericsson
2011-06-01 03:57:48 -------- d-----w- c:\program files\Your Uninstaller! 7
2011-06-01 03:56:36 6302920 ----a-w- c:\program files\yu2011setupcnet7.3.2011.2.exe
2011-05-29 03:30:21 -------- d-----w- c:\users\windows\appdata\local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}
2011-05-29 01:10:46 -------- d-----w- c:\users\windows\appdata\local\{F2E5B13F-CA9B-4303-A51C-C935AE6599C3}
2011-05-29 01:10:12 -------- d-----w- c:\users\windows\appdata\local\{096DE62B-F8A1-4BD3-9B44-269D1FF8638C}
2011-05-27 20:53:18 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-27 20:53:18 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-27 20:53:18 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-24 04:03:50 -------- d-----w- c:\users\windows\appdata\local\{E4238E35-6905-4FE1-9491-8C8A3876B2BD}
2011-05-21 16:51:51 -------- d-----w- c:\users\windows\appdata\local\{1770C6D7-4D61-4263-B23E-0EB1B5E76237}
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 00:18:31 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-27 08:46:58 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-04-27 08:46:55 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-04-27 08:46:50 74752 ----a-w- c:\windows\system32\CLEyeDevices.dll
2011-04-27 08:39:26 1029000 ----a-w- c:\users\windows\SkypeSetup.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 19:33:48 3464104 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-04-06 14:15:36 952320 ----a-w- c:\windows\system32\RCoRes.dat
2011-03-31 20:49:14 4105832 ----a-w- c:\windows\system32\RtkAPO.dll
2011-03-31 20:49:14 2160744 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-03-24 20:03:18 70248 ----a-w- c:\windows\system32\RtkCoInst.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_ rev.GM3O -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x864076F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8640da10]; MOV EAX, [0x8640da8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83047458] -> \Device\Harddisk0\DR0[0x863E7688]
3 CLASSPNP[0x8394A59E] -> ntkrnlpa!IofCallDriver[0x83047458] -> [0x861D1B50]
5 ACPI[0x838213B2] -> ntkrnlpa!IofCallDriver[0x83047458] -> \00000072[0x854F1C78]
\Driver\nvstor32[0x863E81E0] -> IRP_MJ_CREATE -> 0x864076F0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000072 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDP725032GLA#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:40:05.56 ===============


Attach Txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2002 7:51:53 PM
System Uptime: 6/17/2011 4:30:22 PM (0 hours ago)
.
Motherboard: ACER | | MCP73VE
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 1602/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 77.779 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 56.837 GiB free.
E: is CDROM ()
J: is FIXED (NTFS) - 0 GiB total, 0.034 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&8CB234F&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP444: 6/4/2011 8:00:28 PM - Before uninstall WhiteSmoke
RP445: 6/4/2011 8:04:37 PM - Installed MSXML 6.0 Parser
RP446: 6/4/2011 8:16:08 PM - Installed MSXML 6.0 Parser
RP447: 6/4/2011 8:54:16 PM - avast! Free Antivirus Setup
RP448: 6/11/2011 12:21:42 AM - Installed MSXML 6.0 Parser
RP449: 6/11/2011 1:18:53 AM - Installed MSXML 6.0 Parser
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Acrobat.com
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Advertising Center
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
CL-Eye Driver
CloneDVD2
D3DX10
DiskAid 4.53
DivX Setup
DolbyFiles
Driver Genius Professional Edition
Drivers Install For Linksys Easylink Advisor
DVD Shrink 3.2
erLT
Everio MediaBrowser 3
Free Studio version 5.0.8
Free Video to DVD Converter version 1.6
Free YouTube Download version 2.10.29
Free YouTube Uploader version 3.3.16.602
GIMP 2.6.11
ImagXpress
ImgBurn
iTunes
K-Lite Mega Codec Pack 4.1.7
Linksys EasyLink Advisor 1.6 (0032)
Logitech SetPoint 6.20
magicJack
magicJack Outlook Add-In 1.0.3.521
Malwarebytes' Anti-Malware version 1.51.0.1200
Menu Templates - Starter Kit
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Firefox (3.6.13)
MSVCRT
Nero 9
Nero BurningROM
Nero BurningROM 10 Help (CHM)
Nero BurnRights
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InCD
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Update
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Control Panel 267.60
NVIDIA Drivers
NVIDIA Graphics Driver 267.60
NVIDIA Install Application
PerfectDisk 10 Professional
Power RM to MP3 Converter 1.5
QuickTime
Real Alternative 1.9.0 Lite
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Rogers Online Protection
Rogers Self Help Software 4059
Rogers Servicepoint Agent 3.7.44
Rogers Update Manager
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
RSH Home Networking Wizard
Safari
Skype™ 5.3
Sony Ericsson PC Companion 2.01.192
Sony Ericsson Update Service
SoundTrax
SPCA1528 PC Driver
SUPERAntiSpyware
SweetIM for Messenger 3.4
SweetIM Toolbar for Internet Explorer 4.1
The Rosetta Stone
The Sims Deluxe Edition
TL-WN821N Wireless Utility
TP-LINK Wireless Client Utility
TuneAid 3.76
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
VideoLAN VLC media player 0.8.6f
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
WinZip 15.0
Xilisoft DVD Ripper Platinum 5
Xilisoft Video Converter Ultimate 6
Xvid 1.2.1 final uninstall
Your Uninstaller! 2008 Version 6.0
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
6/17/2011 4:32:18 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/17/2011 4:31:30 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
6/17/2011 4:31:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
6/17/2011 4:31:16 PM, Error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The system cannot find the file specified.
6/17/2011 2:47:14 PM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
6/16/2011 9:57:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/16/2011 1:26:13 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/16/2011 1:24:13 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/16/2011 1:24:12 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
6/16/2011 1:24:12 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/15/2011 5:42:08 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume System.
6/15/2011 10:28:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/15/2011 10:26:17 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/14/2011 5:24:40 PM, Error: Service Control Manager [7034] - The Rogers Online Protection service terminated unexpectedly. It has done this 2 time(s).
6/14/2011 5:10:40 PM, Error: Service Control Manager [7034] - The Rogers Online Protection service terminated unexpectedly. It has done this 1 time(s).
6/14/2011 11:38:13 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
6/14/2011 11:37:13 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/14/2011 11:36:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/13/2011 4:50:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/13/2011 10:34:35 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
6/12/2011 4:54:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830fe2e1, 0x8ab1fb50, 0x8ab1f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061211-30466-01.
6/12/2011 4:02:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x004d005c, 0x00000002, 0x00000001, 0x83030a72). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061211-35459-01.
6/11/2011 12:29:42 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.13 with the system having network hardware address 00-21-85-38-33-48. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:53 PM

Posted 22 June 2011 - 08:34 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 22 June 2011 - 11:16 PM

Hello Gringo
Thanks for your help.

DDS.txt

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Windows at 23:57:37 on 2011-06-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.524 [GMT -4:00]
.
AV: Rogers Online Protection Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Rogers Online Protection Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Rogers Online Protection Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\PrtlAgt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: H - No File
mURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [cdloader] "c:\users\windows\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NBHGui] c:\program files\nero\tools\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\tools\incd\InCD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TaskTray]
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Rogers SHS] c:\program files\rogers\selfhealing\shs.exe
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WINSCHEDULER] c:\progra~1\interv~1\windvr\WINSCH~1.EXE
mRun: [WinRemote] "c:\program files\intervideo\windvr\WinRemote.exe"
mRun: [cleanddm] c:\windows\system32\config\systemprofile\appdata\local\cleanddm.exe
StartupFolder: c:\users\windows\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\pixela\everio mediabrowser 3\MBCameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\windows\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\windows\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vjage.com/download/vjocx-en.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4E7CE73-F1C4-4BC7-8578-8B87B8F5D92A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4E7CE73-F1C4-4BC7-8578-8B87B8F5D92A}\443374E4F53535944403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F4E7CE73-F1C4-4BC7-8578-8B87B8F5D92A}\D4F6F6E6 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\windows\appdata\roaming\mozilla\firefox\profiles\8ck00ioq.default\extensions\toolbar@alot.com\components\AlotXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com
FF - Ext: XULRunner: {51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B} - c:\users\windows\appdata\local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}
.
---- FIREFOX POLICIES ----
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.accept-encoding -
.
============= SERVICES / DRIVERS ===============
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-6-4 25608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\tools\incd\NBHRegInCDSrv.exe [2009-10-16 53560]
R2 Radialpoint Security Services;Rogers Online Protection;c:\program files\rogers online protection\rogers online protection\RpsSecurityAwareR.exe [2010-6-7 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-4 5832712]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2010-1-19 139264]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2009-11-9 169936]
R2 ServicepointService;ServicepointService;c:\program files\rogers online protection\rogers servicepoint agent\ServicepointService.exe [2011-6-4 689464]
R2 VaultClientSRV;Rogers Backup Manager Service;c:\program files\rogers backup manager\VaultClientSRV.exe [2010-6-7 1053936]
R2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;c:\program files\rogers backup manager\VaultClientUpgrade.exe [2010-6-7 120048]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2010-12-1 1141888]
R3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\drivers\arusb_win7.sys [2011-4-17 612352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-24 22712]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-4 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-4 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\rogers online protection\rogers online protection\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-4 21208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-4-17 197224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-24 366640]
S3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\drivers\arusb_lh.sys [2010-4-16 437760]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-7-7 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-5-27 13224]
.
=============== Created Last 30 ================
.
2011-06-22 04:31:08 -------- d-----w- c:\programdata\InterVideo
2011-06-22 04:29:34 20480 ----a-w- c:\windows\system32\IVIresize.dll
2011-06-22 04:29:33 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2011-06-22 04:29:33 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2011-06-22 04:29:32 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2011-06-22 04:29:32 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2011-06-22 04:29:32 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2011-06-22 04:29:32 -------- d-----w- c:\program files\InterVideo
2011-06-22 04:28:11 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-06-22 04:27:20 -------- d-----w- c:\users\windows\appdata\local\{A0F51E6F-B59C-4A69-9969-C3FB15C3C070}
2011-06-20 23:56:52 -------- d-----w- c:\users\windows\appdata\local\{C039B4BB-AD80-40BA-AB30-56055E23B7E8}
2011-06-18 22:37:41 -------- d-----w- c:\users\windows\appdata\local\{AEB7ADA5-A2F8-4A1D-A921-2B84F9B3C96F}
2011-06-15 03:40:53 -------- d-----w- c:\program files\iPod
2011-06-15 03:40:52 -------- d-----w- c:\program files\iTunes
2011-06-05 00:44:16 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-06-05 00:44:03 -------- d-----w- c:\program files\Rogers Backup Manager
2011-06-05 00:43:40 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-06-05 00:43:30 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-06-05 00:43:22 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-06-05 00:43:07 -------- d-----w- c:\program files\Raxco
2011-06-05 00:38:23 -------- d-----w- c:\users\windows\appdata\roaming\Rogers Online Protection
2011-06-05 00:38:23 -------- d-----w- c:\programdata\Radialpoint
2011-06-05 00:38:21 -------- d-----w- c:\programdata\Rogers Online Protection
2011-06-05 00:38:21 -------- d-----w- c:\program files\Rogers Online Protection
2011-06-05 00:16:07 2205064 ----a-w- c:\programdata\shs_setup_4059-354328.exe
2011-06-05 00:04:14 -------- d-----w- c:\program files\Rogers
2011-06-03 16:32:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-03 16:31:16 -------- d-----w- c:\program files\SweetIM
2011-06-03 16:31:15 -------- d-----w- c:\programdata\SweetIM
2011-06-03 16:30:54 -------- d-----w- c:\program files\WhiteSmoke
2011-06-01 03:57:48 -------- d-----w- c:\program files\Your Uninstaller! 7
2011-06-01 03:56:36 6302920 ----a-w- c:\program files\yu2011setupcnet7.3.2011.2.exe
2011-05-29 03:30:21 -------- d-----w- c:\users\windows\appdata\local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}
2011-05-29 01:10:46 -------- d-----w- c:\users\windows\appdata\local\{F2E5B13F-CA9B-4303-A51C-C935AE6599C3}
2011-05-29 01:10:12 -------- d-----w- c:\users\windows\appdata\local\{096DE62B-F8A1-4BD3-9B44-269D1FF8638C}
2011-05-27 20:53:18 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-27 20:53:18 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-27 20:53:18 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-24 04:03:50 -------- d-----w- c:\users\windows\appdata\local\{E4238E35-6905-4FE1-9491-8C8A3876B2BD}
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 00:18:31 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-27 08:46:58 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-04-27 08:46:55 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-04-27 08:46:50 74752 ----a-w- c:\windows\system32\CLEyeDevices.dll
2011-04-27 08:39:26 1029000 ----a-w- c:\users\windows\SkypeSetup.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 19:33:48 3464104 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-04-06 14:15:36 952320 ----a-w- c:\windows\system32\RCoRes.dat
2011-03-31 20:49:14 4105832 ----a-w- c:\windows\system32\RtkAPO.dll
2011-03-31 20:49:14 2160744 ----a-w- c:\windows\system32\RtkPgExt.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_ rev.GM3O -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x864076F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8640da10]; MOV EAX, [0x8640da8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8304B458] -> \Device\Harddisk0\DR0[0x863E6AC8]
3 CLASSPNP[0x839C259E] -> ntkrnlpa!IofCallDriver[0x8304B458] -> [0x854F1600]
5 ACPI[0x838993B2] -> ntkrnlpa!IofCallDriver[0x8304B458] -> \00000073[0x85E2C030]
\Driver\nvstor32[0x863E78B0] -> IRP_MJ_CREATE -> 0x864076F0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000073 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDP725032GLA#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:01:03.50 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2002 7:51:53 PM
System Uptime: 6/22/2011 11:40:00 PM (1 hours ago)
.
Motherboard: ACER | | MCP73VE
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 2003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 75.495 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 56.691 GiB free.
E: is CDROM ()
J: is FIXED (NTFS) - 0 GiB total, 0.037 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&8CB234F&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP449: 6/11/2011 1:18:53 AM - Installed MSXML 6.0 Parser
RP451: 6/19/2011 12:44:20 AM - Before uninstall Sony Ericsson PC Companion 2.01.192
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Acrobat.com
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Advertising Center
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
CL-Eye Driver
CloneDVD2
D3DX10
DiskAid 4.53
DivX Setup
DolbyFiles
Driver Genius Professional Edition
Drivers Install For Linksys Easylink Advisor
DVD Shrink 3.2
erLT
Everio MediaBrowser 3
Free Studio version 5.0.8
Free Video to DVD Converter version 1.6
Free YouTube Download version 2.10.29
Free YouTube Uploader version 3.3.16.602
GIMP 2.6.11
ImagXpress
ImgBurn
InterVideo WinDVR
iTunes
K-Lite Mega Codec Pack 4.1.7
Linksys EasyLink Advisor 1.6 (0032)
Logitech SetPoint 6.20
magicJack
magicJack Outlook Add-In 1.0.3.521
Malwarebytes' Anti-Malware version 1.51.0.1200
Menu Templates - Starter Kit
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Movie Templates - Starter Kit
Mozilla Firefox (3.6.13)
MSVCRT
Nero 9
Nero BurningROM
Nero BurningROM 10 Help (CHM)
Nero BurnRights
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InCD
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Update
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Control Panel 267.60
NVIDIA Drivers
NVIDIA Graphics Driver 267.60
NVIDIA Install Application
PerfectDisk 10 Professional
Power RM to MP3 Converter 1.5
QuickTime
Real Alternative 1.9.0 Lite
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Rogers Online Protection
Rogers Self Help Software 4059
Rogers Servicepoint Agent 3.7.44
Rogers Update Manager
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
RSH Home Networking Wizard
Safari
Skype™ 5.3
Sony Ericsson Update Service
SoundTrax
SPCA1528 PC Driver
SUPERAntiSpyware
SweetIM for Messenger 3.4
SweetIM Toolbar for Internet Explorer 4.1
The Rosetta Stone
The Sims Deluxe Edition
TL-WN821N Wireless Utility
TP-LINK Wireless Client Utility
TuneAid 3.76
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
VideoLAN VLC media player 0.8.6f
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
WinZip 15.0
Xilisoft DVD Ripper Platinum 5
Xilisoft Video Converter Ultimate 6
Xvid 1.2.1 final uninstall
Your Uninstaller! 2008 Version 6.0
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
6/22/2011 12:16:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/22/2011 12:14:04 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/22/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
6/22/2011 11:41:00 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/22/2011 11:40:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
6/22/2011 11:40:47 PM, Error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The system cannot find the file specified.
6/22/2011 11:40:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x83325809, 0xa79ebbc0, 0xa79eb7a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062211-25989-01.
6/21/2011 9:01:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e4 (0x00000001, 0x8ab23ca8, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062111-29515-01.
6/21/2011 3:51:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/21/2011 3:49:21 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/21/2011 3:46:27 PM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
6/21/2011 12:03:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/21/2011 1:05:33 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/20/2011 4:11:09 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/18/2011 9:38:21 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: A thread could not be created for the service.
6/18/2011 6:22:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/18/2011 6:05:56 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: Not enough storage is available to process this command.
6/18/2011 4:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1054" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/18/2011 2:35:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/18/2011 11:00:53 PM, Error: Service Control Manager [7034] - The Rogers Online Protection service terminated unexpectedly. It has done this 1 time(s).
6/18/2011 10:57:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
6/18/2011 10:57:20 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2011 10:36:36 PM, Error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: Not enough storage is available to process this command.
6/17/2011 4:31:30 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
6/16/2011 9:57:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================


Report.txt

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x90A11000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10506240 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 267.60 )
0x8300F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x8300F000 PnpManager 4259840 bytes
0x8300F000 RAW 4259840 bytes
0x8300F000 WMIxWDM 4259840 bytes
0x8FC34000 C:\Windows\system32\drivers\RTKVHDA.sys 3461120 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x94B10000 Win32k 2400256 bytes
0x94B10000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88E3D000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0xA5415000 C:\Windows\System32\Drivers\fd6d323a.sys 1241088 bytes
0x88A11000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8F227000 C:\Windows\system32\DRIVERS\3xHybrid.sys 1142784 bytes (NXP Semiconductors Germany GmbH, SAA713x TV Card Driver)
0x8F422000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1032192 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x94608000 C:\Windows\system32\DRIVERS\arusb_win7.sys 913408 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x91418000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88C14000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83709000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA062B000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9CE09000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83636000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83811000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x83A17000 C:\Windows\system32\DRIVERS\nvrd32.sys 438272 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8EE3B000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88B7E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E888000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9CF7E000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xA0764000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8EF6B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8393F000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83890000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x83AE9000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x94799000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x83BB5000 C:\Windows\system32\drivers\bdfsfltr.sys 282624 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender AntiVirus FS filter driver)
0x8F51E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x836C7000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E98C000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88FC0000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88CCB000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9CF0E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x914CF000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8341F000 ACPI_HAL 225280 bytes
0x8F57B000 C:\Windows\System32\Drivers\dump_nvstor32.sys 225280 bytes
0x8341F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83B30000 C:\Windows\system32\DRIVERS\nvstor32.sys 225280 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x83B70000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F33E000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88D47000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E856000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8FC00000 C:\Windows\System32\Drivers\RtsUStor.sys 204800 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7)
0x88F86000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FF81000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88E08000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8F375000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x88B40000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x838F4000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9CE98000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys 163840 bytes (AVG Technologies , IDS Application Activity Monitor Driver.)
0x839BE000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88D09000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x83AC4000 C:\Windows\system32\DRIVERS\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x83AA1000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9CEEB000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91553000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8E964000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA06CC000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8EEC5000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83600000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x837B4000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8EFC5000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x837D3000 C:\Windows\system32\DRIVERS\InCDFs.sys 126976 bytes (Nero AG, InCD File System Driver)
0x8399F000 C:\Windows\system32\DRIVERS\nvraid.sys 126976 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8E8E9000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94DA0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x94738000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9CF49000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E927000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x94753000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9CEC0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FFB0000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8EE9F000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EF02000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x91530000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91575000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F3A1000 C:\Windows\System32\Drivers\AnyDVD.sys 94208 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0x9158D000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x915A4000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E834000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x946FB000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8FFC9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x83A82000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9476D000 C:\Windows\System32\Drivers\DefragFS.SYS 86016 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xA07C1000 C:\Windows\System32\Drivers\e17a3a22.sys 86016 bytes
0x8FFEA000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88B6B000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8F5C3000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E941000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9151E000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8EEE6000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8EF39000 C:\Windows\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0x9CED9000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88D79000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F5B2000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83BA4000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x915EF000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8391E000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x836AE000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E908000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x94789000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88D37000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x947DF000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E954000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8392F000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EFB6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8EEB7000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8EF2B000 C:\Windows\system32\DRIVERS\L8042mou.Sys 57344 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0x8E919000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x839E3000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83991000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88BDB000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x915D1000 C:\Windows\system32\DRIVERS\rp_pkt32.sys 57344 bytes (Radialpoint, Inc., Radialpoint Filter)
0x915E1000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83882000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x91511000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8F56E000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EF1E000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EF4B000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA0757000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88BF2000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E9E6000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8F562000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x915BB000 C:\Windows\system32\DRIVERS\rp_skt32.sys 49152 bytes (Radialpoint Inc., Radialpoint Filter)
0x88C00000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FFDF000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9472D000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9471A000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x83A00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91548000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E84B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x838E9000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9CE8E000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys 40960 bytes (AVG Technologies , IDS Application Activity Monitor Filter Driver.)
0x90A07000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x946F1000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E9D7000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E9CD000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x915C7000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA06C2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EEF8000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA07B7000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys 40960 bytes (BitDefender S.R.L., Trufos Kernel Module)
0x8EF61000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x946E7000 C:\Windows\System32\drivers\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x83B67000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x83A98000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x88D2E000 C:\Windows\system32\drivers\AVGIDSEH.sys 36864 bytes (AVG Technologies , IDS Application Activity Monitor Helper Driver.)
0xA554F000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88BE9000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8EF58000 C:\Windows\system32\DRIVERS\nvsmu.sys 36864 bytes (NVIDIA Corporation, NVIDIA nForce™ SMU Microcontroller Driver)
0x94D70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88FB7000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x947EF000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x91508000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x838D8000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x836BF000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88E35000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x94712000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x94725000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x838E1000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88C0C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88A00000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88A08000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x88E00000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88DF4000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x94782000 C:\Windows\system32\DRIVERS\elagopro.sys 28672 bytes (Gteko Ltd., Gteko's GoProto protocol driver)
0x90A00000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA5548000 C:\Users\Windows\AppData\Local\Temp\mbr.sys 28672 bytes
0x88DED000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8398A000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8E8E2000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E986000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8E9E1000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x947F8000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys 16384 bytes (AVG Technologies , IDS Application Activity Monitor Loader Driver.)
0x88DE9000 C:\Windows\system32\DRIVERS\InCDRec.sys 16384 bytes (Nero AG, Nero InCD File System Recognizer)
0x8EF1A000 C:\Windows\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)
0xA5544000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xA07B3000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys 16384 bytes (BitDefender S.R.L., Profos Kernel Module)
0x8F372000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x86842000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x9CF7C000 C:\Windows\system32\DRIVERS\elaunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x91416000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 267.60 )
0x915DF000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FC32000 C:\Windows\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:53 PM

Posted 22 June 2011 - 11:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 23 June 2011 - 01:34 AM

Log From Combofix

ComboFix 11-06-22.02 - Windows 06/23/2011 1:59.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.624 [GMT -4:00]
Running from: c:\users\Windows\Desktop\ComboFix.exe
AV: Rogers Online Protection Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Rogers Online Protection Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Rogers Online Protection Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\shs_setup_4059-354328.exe
c:\users\Windows\AppData\Local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}
c:\users\Windows\AppData\Local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}\chrome.manifest
c:\users\Windows\AppData\Local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}\chrome\content\_cfg.js
c:\users\Windows\AppData\Local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}\chrome\content\overlay.xul
c:\users\Windows\AppData\Local\{51DC6137-F220-43AD-AFA0-9BC1DCE7BA6B}\install.rdf
c:\users\Windows\AppData\Roaming\EurekaLog
c:\users\Windows\AppData\Roaming\Sun\ddee.dat
c:\users\Windows\AppData\Roaming\Sun\mnj.dat
c:\users\Windows\AppData\Roaming\Sun\mxd1.txt
c:\users\Windows\AppData\Roaming\Sun\ppkk.dat
c:\users\Windows\AppData\Roaming\Sun\uuoo.dat
c:\users\Windows\SkypeSetup.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\32.ICO
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\Nagasoft\vjocx.exe
c:\windows\system32\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 06:15 . 2011-06-23 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 04:31 . 2011-06-22 04:31 -------- d-----w- c:\programdata\InterVideo
2011-06-22 04:29 . 2001-12-10 22:42 20480 ----a-w- c:\windows\system32\IVIresize.dll
2011-06-22 04:29 . 2001-12-10 22:42 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2011-06-22 04:29 . 2001-12-10 22:42 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2011-06-22 04:29 . 2011-06-22 04:29 -------- d-----w- c:\program files\InterVideo
2011-06-22 04:29 . 2001-12-10 22:42 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2011-06-22 04:29 . 2001-12-10 22:42 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2011-06-22 04:29 . 2001-12-10 22:42 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2011-06-22 04:28 . 1999-09-20 09:38 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-22 04:27 . 2011-06-22 04:27 -------- d-----w- c:\users\Windows\AppData\Local\{A0F51E6F-B59C-4A69-9969-C3FB15C3C070}
2011-06-20 23:56 . 2011-06-20 23:57 -------- d-----w- c:\users\Windows\AppData\Local\{C039B4BB-AD80-40BA-AB30-56055E23B7E8}
2011-06-18 22:37 . 2011-06-18 22:37 -------- d-----w- c:\users\Windows\AppData\Local\{AEB7ADA5-A2F8-4A1D-A921-2B84F9B3C96F}
2011-06-15 03:40 . 2011-06-15 03:40 -------- d-----w- c:\program files\iPod
2011-06-15 03:40 . 2011-06-15 03:41 -------- d-----w- c:\program files\iTunes
2011-06-05 00:44 . 2009-11-02 20:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-06-05 00:44 . 2011-06-05 00:46 -------- d-----w- c:\program files\Rogers Backup Manager
2011-06-05 00:43 . 2009-10-23 18:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-06-05 00:43 . 2011-06-05 00:43 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-06-05 00:43 . 2011-06-05 00:43 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-06-05 00:43 . 2011-06-05 00:43 -------- d-----w- c:\programdata\Raxco
2011-06-05 00:43 . 2011-06-05 00:43 -------- d-----w- c:\program files\Raxco
2011-06-05 00:38 . 2011-06-05 00:46 -------- d-----w- c:\users\Windows\AppData\Roaming\Rogers Online Protection
2011-06-05 00:38 . 2011-06-05 00:38 -------- d-----w- c:\programdata\Radialpoint
2011-06-05 00:38 . 2011-06-05 00:42 -------- d-----w- c:\program files\Rogers Online Protection
2011-06-05 00:38 . 2011-06-05 00:42 -------- d-----w- c:\programdata\Rogers Online Protection
2011-06-05 00:04 . 2011-06-11 05:18 -------- d-----w- c:\program files\Rogers
2011-06-03 16:32 . 2011-06-03 16:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-03 16:31 . 2011-06-03 16:31 -------- d-----w- c:\program files\SweetIM
2011-06-03 16:31 . 2011-06-03 16:31 -------- d-----w- c:\programdata\SweetIM
2011-06-03 16:30 . 2011-06-03 16:31 -------- d-----w- c:\program files\WhiteSmoke
2011-06-01 03:57 . 2011-06-01 03:57 -------- d-----w- c:\program files\Your Uninstaller! 7
2011-06-01 03:56 . 2011-06-01 03:56 6302920 ----a-w- c:\program files\yu2011setupcnet7.3.2011.2.exe
2011-05-31 23:41 . 2011-05-31 23:41 -------- d-----w- c:\windows\Sun
2011-05-29 01:10 . 2011-05-29 01:10 -------- d-----w- c:\users\Windows\AppData\Local\{F2E5B13F-CA9B-4303-A51C-C935AE6599C3}
2011-05-29 01:10 . 2011-05-29 01:10 -------- d-----w- c:\users\Windows\AppData\Local\{096DE62B-F8A1-4BD3-9B44-269D1FF8638C}
2011-05-27 20:53 . 2011-05-27 20:53 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-27 20:53 . 2011-05-27 20:53 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-27 20:53 . 2011-05-27 20:53 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-04-24 20:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-04-24 20:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2011-05-10 12:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 00:18 . 2011-04-18 00:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-27 08:46 . 2011-04-27 08:46 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-04-27 08:46 . 2011-04-27 08:46 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-04-27 08:46 . 2011-04-27 08:46 74752 ----a-w- c:\windows\system32\CLEyeDevices.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 19:33 . 2011-04-18 00:13 3464104 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-04-06 14:15 . 2011-04-18 00:13 952320 ----a-w- c:\windows\system32\RCoRes.dat
2011-03-31 20:49 . 2011-04-18 00:13 4105832 ----a-w- c:\windows\system32\RtkAPO.dll
2011-03-31 20:49 . 2011-04-18 00:13 2160744 ----a-w- c:\windows\system32\RtkPgExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 19:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 14:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-06-07 17:46 344064 ----a-w- c:\program files\Rogers Backup Manager\VaultClientMenu.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"cdloader"="c:\users\Windows\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 163872]
"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]
"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-09 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
"Rogers SHS"="c:\program files\rogers\selfhealing\shs.exe" [2010-01-21 2732032]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2011-01-04 4318520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]
.
c:\users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor 3.lnk - c:\program files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [2011-5-1 542064]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-6-22 131072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-05-27 13224]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-09 697328]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [2009-10-16 53560]
S2 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2010-06-07 166944]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-01-19 139264]
S2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2009-11-09 169936]
S2 ServicepointService;ServicepointService;c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe [2011-01-04 689464]
S2 VaultClientSRV;Rogers Backup Manager Service;c:\program files\Rogers Backup Manager\VaultClientSRV.exe [2010-06-07 1053936]
S2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;c:\program files\Rogers Backup Manager\VaultClientUpgrade.exe [2010-06-07 120048]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2010-12-02 1141888]
S3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7.sys [2010-06-01 612352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 0B86D1F8
*Deregistered* - 0b86d1f8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\NeroLiveEpgUpdate-Windows-PC_Windows.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Windows\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Windows\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\8ck00ioq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.accept-encoding -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-TaskTray - (no file)
AddRemove-Christmas 3D Screensaver_is1 - c:\program files\Christmas 3D Screensaver\unins000.exe
AddRemove-Clock Tower 3D Screensaver_is1 - c:\program files\Clock Tower 3D Screensaver\unins000.exe
AddRemove-Earth 3D Screensaver_is1 - c:\program files\Earth 3D Screensaver\unins000.exe
AddRemove-Fireplace 3D Screensaver_is1 - c:\program files\Fireplace 3D Screensaver\unins000.exe
AddRemove-Halloween 3D Screensaver_is1 - c:\program files\Halloween 3D Screensaver\unins000.exe
AddRemove-Lantern 3D Screensaver_is1 - c:\program files\Lantern 3D Screensaver\unins000.exe
AddRemove-Nature 3D Screensaver_is1 - c:\program files\Nature 3D Screensaver\unins000.exe
AddRemove-Voyage of Columbus 3D Screensaver_is1 - c:\program files\Voyage of Columbus 3D Screensaver\unins000.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_ rev.GM3O -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x864076F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8640da10]; MOV EAX, [0x8640da8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83092458] -> \Device\Harddisk0\DR0[0x863E8628]
3 CLASSPNP[0x839B559E] -> ntkrnlpa!IofCallDriver[0x83092458] -> [0x85E0AF08]
5 ACPI[0x8388C3B2] -> ntkrnlpa!IofCallDriver[0x83092458] -> \00000075[0x85DDDB48]
\Driver\nvstor32[0x863B2C38] -> IRP_MJ_CREATE -> 0x864076F0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000075 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDP725032GLA#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1376)
c:\program files\Nero\Tools\InCD\NBHshx.dll
c:\program files\Rogers Backup Manager\VaultClientMenu.dll
c:\program files\Rogers Backup Manager\LIBEXPAT.dll
c:\program files\Rogers Backup Manager\VaultClientCOM.dll
c:\windows\System32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Nero\Tools\InCD\InCDSrv.exe
c:\program files\Rogers Online Protection\Rogers Online Protection\Fws.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-06-23 02:33:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 06:33
.
Pre-Run: 82,869,514,240 bytes free
Post-Run: 82,656,325,632 bytes free
.
- - End Of File - - 5EBD90B3C82C2AE1895D18A5B6B8AAB1

#6 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 23 June 2011 - 01:41 AM

....and computer still have same problem

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:53 PM

Posted 23 June 2011 - 01:42 AM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 23 June 2011 - 10:00 PM

TDSS ROOTKIT REMOVING LOG


2011/06/23 22:55:29.0141 3268 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 22:55:29.0500 3268 ================================================================================
2011/06/23 22:55:29.0500 3268 SystemInfo:
2011/06/23 22:55:29.0500 3268
2011/06/23 22:55:29.0500 3268 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/23 22:55:29.0500 3268 Product type: Workstation
2011/06/23 22:55:29.0500 3268 ComputerName: WINDOWS-PC
2011/06/23 22:55:29.0500 3268 UserName: Windows
2011/06/23 22:55:29.0500 3268 Windows directory: C:\Windows
2011/06/23 22:55:29.0500 3268 System windows directory: C:\Windows
2011/06/23 22:55:29.0500 3268 Processor architecture: Intel x86
2011/06/23 22:55:29.0500 3268 Number of processors: 2
2011/06/23 22:55:29.0500 3268 Page size: 0x1000
2011/06/23 22:55:29.0500 3268 Boot type: Normal boot
2011/06/23 22:55:29.0500 3268 ================================================================================
2011/06/23 22:55:31.0309 3268 Initialize success
2011/06/23 22:55:49.0889 2236 ================================================================================
2011/06/23 22:55:49.0889 2236 Scan started
2011/06/23 22:55:49.0889 2236 Mode: Manual;
2011/06/23 22:55:49.0889 2236 ================================================================================
2011/06/23 22:55:51.0901 2236 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/23 22:55:51.0995 2236 3xHybrid (bc870e108c19c22916506676e5f4a2ca) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/06/23 22:55:52.0120 2236 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
2011/06/23 22:55:52.0182 2236 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/23 22:55:52.0307 2236 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/23 22:55:52.0369 2236 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/23 22:55:52.0432 2236 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/23 22:55:52.0494 2236 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/23 22:55:52.0619 2236 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/23 22:55:52.0697 2236 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/23 22:55:52.0775 2236 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/23 22:55:52.0884 2236 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/23 22:55:52.0946 2236 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/23 22:55:52.0993 2236 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/23 22:55:53.0071 2236 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/23 22:55:53.0134 2236 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/23 22:55:53.0227 2236 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/23 22:55:53.0290 2236 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/23 22:55:53.0321 2236 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/23 22:55:53.0446 2236 AnyDVD (198938a4c2b165e1778740a01c2f0690) C:\Windows\system32\Drivers\AnyDVD.sys
2011/06/23 22:55:53.0539 2236 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/23 22:55:53.0680 2236 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/23 22:55:53.0742 2236 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/23 22:55:53.0851 2236 arusb_lh (71c88479c98a5cfbf5ddbb9de64fbb0f) C:\Windows\system32\DRIVERS\arusb_lh.sys
2011/06/23 22:55:53.0960 2236 arusb_win7 (68a81c6146889164af2e99b984ffea24) C:\Windows\system32\DRIVERS\arusb_win7.sys
2011/06/23 22:55:54.0085 2236 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
2011/06/23 22:55:54.0179 2236 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/23 22:55:54.0257 2236 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/23 22:55:54.0382 2236 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
2011/06/23 22:55:54.0491 2236 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/23 22:55:54.0584 2236 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/23 22:55:54.0725 2236 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\Windows\system32\drivers\bdfsfltr.sys
2011/06/23 22:55:54.0787 2236 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/23 22:55:54.0881 2236 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/23 22:55:54.0974 2236 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/23 22:55:55.0084 2236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/23 22:55:55.0115 2236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/23 22:55:55.0224 2236 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/23 22:55:55.0271 2236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/23 22:55:55.0302 2236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/23 22:55:55.0380 2236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/23 22:55:55.0442 2236 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/23 22:55:55.0801 2236 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/23 22:55:55.0864 2236 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/23 22:55:55.0988 2236 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/23 22:55:56.0020 2236 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/23 22:55:56.0144 2236 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/23 22:55:56.0207 2236 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/23 22:55:56.0238 2236 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/23 22:55:56.0332 2236 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/23 22:55:56.0394 2236 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/23 22:55:56.0503 2236 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/23 22:55:56.0581 2236 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/23 22:55:56.0753 2236 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\Windows\system32\drivers\DefragFS.sys
2011/06/23 22:55:56.0831 2236 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/23 22:55:56.0893 2236 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/23 22:55:56.0971 2236 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/23 22:55:57.0112 2236 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/23 22:55:57.0174 2236 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/23 22:55:57.0361 2236 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/23 22:55:57.0517 2236 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
2011/06/23 22:55:57.0548 2236 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
2011/06/23 22:55:57.0611 2236 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/23 22:55:57.0751 2236 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/23 22:55:57.0782 2236 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/23 22:55:57.0923 2236 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/23 22:55:57.0970 2236 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/23 22:55:58.0094 2236 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/23 22:55:58.0141 2236 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/23 22:55:58.0172 2236 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/23 22:55:58.0204 2236 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/23 22:55:58.0313 2236 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/23 22:55:58.0360 2236 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/23 22:55:58.0391 2236 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/23 22:55:58.0516 2236 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/23 22:55:58.0578 2236 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/23 22:55:58.0672 2236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/23 22:55:58.0734 2236 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/06/23 22:55:58.0828 2236 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/06/23 22:55:58.0874 2236 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/23 22:55:58.0984 2236 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/23 22:55:59.0077 2236 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/23 22:55:59.0140 2236 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/23 22:55:59.0186 2236 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/23 22:55:59.0264 2236 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/23 22:55:59.0405 2236 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/23 22:55:59.0514 2236 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/23 22:55:59.0623 2236 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/23 22:55:59.0686 2236 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/23 22:55:59.0779 2236 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/23 22:55:59.0857 2236 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/23 22:55:59.0951 2236 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/23 22:56:00.0044 2236 InCDFs (26f2d2aa8c5942ebc5f4c626c4b37794) C:\Windows\system32\DRIVERS\InCDFs.sys
2011/06/23 22:56:00.0154 2236 InCDPass (4c5e4899d0fda39292d8e6e13a7148ee) C:\Windows\system32\DRIVERS\InCDPass.sys
2011/06/23 22:56:00.0247 2236 InCDRec (a08d75215a7852f7d496b6fc0df30361) C:\Windows\system32\DRIVERS\InCDRec.sys
2011/06/23 22:56:00.0466 2236 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/23 22:56:00.0575 2236 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/23 22:56:00.0637 2236 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/23 22:56:00.0668 2236 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/23 22:56:00.0793 2236 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/23 22:56:00.0824 2236 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/23 22:56:00.0965 2236 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/23 22:56:01.0012 2236 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/23 22:56:01.0043 2236 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/23 22:56:01.0168 2236 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/23 22:56:01.0230 2236 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/23 22:56:01.0277 2236 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/23 22:56:01.0355 2236 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/23 22:56:01.0433 2236 L8042Kbd (79d1dbfec599ec47244af7b06ae2a04e) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/06/23 22:56:01.0511 2236 L8042mou (55a473dd71b68ec0b5fe372aef24a83d) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/06/23 22:56:01.0682 2236 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/23 22:56:01.0760 2236 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/23 22:56:01.0885 2236 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/23 22:56:01.0916 2236 LMouKE (c734b8ba039e5cad9687d8885cbeaea3) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/06/23 22:56:02.0057 2236 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/23 22:56:02.0119 2236 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/23 22:56:02.0228 2236 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/23 22:56:02.0275 2236 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/23 22:56:02.0338 2236 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/23 22:56:02.0462 2236 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/23 22:56:02.0587 2236 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/23 22:56:02.0696 2236 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/23 22:56:02.0774 2236 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/23 22:56:02.0884 2236 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/23 22:56:02.0946 2236 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/23 22:56:03.0102 2236 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/23 22:56:03.0133 2236 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/23 22:56:03.0180 2236 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/23 22:56:03.0227 2236 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/23 22:56:03.0305 2236 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/23 22:56:03.0398 2236 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/23 22:56:03.0476 2236 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/23 22:56:03.0508 2236 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/23 22:56:03.0601 2236 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/23 22:56:03.0664 2236 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/23 22:56:03.0757 2236 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
2011/06/23 22:56:03.0866 2236 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/23 22:56:03.0882 2236 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/23 22:56:03.0929 2236 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/23 22:56:04.0054 2236 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/23 22:56:04.0100 2236 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/23 22:56:04.0132 2236 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/23 22:56:04.0163 2236 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/23 22:56:04.0256 2236 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/23 22:56:04.0303 2236 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/23 22:56:04.0334 2236 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/23 22:56:04.0412 2236 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/23 22:56:04.0490 2236 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/23 22:56:04.0646 2236 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/23 22:56:04.0709 2236 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/23 22:56:04.0787 2236 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/23 22:56:04.0834 2236 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/23 22:56:04.0865 2236 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/23 22:56:04.0896 2236 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/23 22:56:05.0036 2236 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/23 22:56:05.0083 2236 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/23 22:56:05.0224 2236 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/23 22:56:05.0286 2236 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/23 22:56:05.0317 2236 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/23 22:56:05.0380 2236 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/06/23 22:56:05.0473 2236 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/23 22:56:05.0567 2236 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/06/23 22:56:05.0941 2236 nvlddmkm (5b55214a8e8e31a6aa6236aec10fee89) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/23 22:56:06.0128 2236 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/23 22:56:06.0191 2236 nvrd32 (6f922993c8aa8bf555b0a8428aab5731) C:\Windows\system32\DRIVERS\nvrd32.sys
2011/06/23 22:56:06.0316 2236 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/06/23 22:56:06.0362 2236 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/23 22:56:06.0394 2236 nvstor32 (269de658deaf032564e8b6430b5bd170) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/06/23 22:56:06.0518 2236 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/23 22:56:06.0581 2236 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/23 22:56:06.0721 2236 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/23 22:56:06.0752 2236 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/23 22:56:06.0784 2236 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/23 22:56:06.0830 2236 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/23 22:56:06.0908 2236 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/23 22:56:06.0955 2236 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/23 22:56:06.0986 2236 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/23 22:56:07.0080 2236 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/23 22:56:07.0252 2236 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/23 22:56:07.0314 2236 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/23 22:56:07.0548 2236 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
2011/06/23 22:56:07.0688 2236 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/23 22:56:07.0751 2236 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/23 22:56:07.0860 2236 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/23 22:56:07.0891 2236 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/23 22:56:08.0125 2236 RadialpointIDSDriver (ae7089f65d84cab3e04452bffd5739a9) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/06/23 22:56:08.0234 2236 RadialpointIDSEH (9690e9bc05c27e0e9956a1ea7cd56161) C:\Windows\system32\drivers\AVGIDSEH.sys
2011/06/23 22:56:08.0453 2236 RadialpointIDSFilter (cb0fac3fe6e765d3d3d7d63afa9bd223) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/06/23 22:56:08.0484 2236 RadialpointIDSShim (5f975c549b9ee7693eec8e3753549797) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
2011/06/23 22:56:08.0578 2236 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/23 22:56:08.0609 2236 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/23 22:56:08.0640 2236 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/23 22:56:08.0765 2236 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/23 22:56:08.0796 2236 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/23 22:56:08.0843 2236 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/23 22:56:08.0874 2236 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/23 22:56:08.0952 2236 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/23 22:56:08.0999 2236 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/23 22:56:09.0061 2236 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/23 22:56:09.0124 2236 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/23 22:56:09.0186 2236 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/23 22:56:09.0248 2236 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/23 22:56:09.0451 2236 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\Windows\system32\DRIVERS\rp_pkt32.sys
2011/06/23 22:56:09.0514 2236 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\Windows\system32\DRIVERS\rp_skt32.sys
2011/06/23 22:56:09.0623 2236 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/23 22:56:09.0701 2236 RSUSBSTOR (247b0a8164069cd4fe6f3094c581b13b) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/23 22:56:09.0794 2236 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/23 22:56:09.0919 2236 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/23 22:56:09.0966 2236 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/23 22:56:10.0091 2236 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/23 22:56:10.0153 2236 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/23 22:56:10.0247 2236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/23 22:56:10.0418 2236 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/23 22:56:10.0465 2236 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/23 22:56:10.0512 2236 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/23 22:56:10.0684 2236 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/23 22:56:10.0730 2236 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/23 22:56:10.0777 2236 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/23 22:56:10.0808 2236 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/23 22:56:10.0949 2236 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/23 22:56:10.0996 2236 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/23 22:56:11.0027 2236 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/23 22:56:11.0136 2236 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/23 22:56:11.0214 2236 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/23 22:56:11.0370 2236 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\System32\Drivers\sptd.sys
2011/06/23 22:56:11.0417 2236 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/06/23 22:56:11.0510 2236 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/23 22:56:11.0526 2236 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/23 22:56:11.0666 2236 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/23 22:56:11.0776 2236 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/23 22:56:11.0822 2236 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/23 22:56:11.0854 2236 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/23 22:56:11.0963 2236 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/06/23 22:56:12.0103 2236 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/23 22:56:12.0150 2236 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/23 22:56:12.0197 2236 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/23 22:56:12.0244 2236 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/23 22:56:12.0275 2236 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/23 22:56:12.0337 2236 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/23 22:56:12.0571 2236 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
2011/06/23 22:56:12.0680 2236 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/23 22:56:12.0743 2236 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/23 22:56:12.0774 2236 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/23 22:56:12.0868 2236 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/23 22:56:12.0961 2236 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/23 22:56:13.0039 2236 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/23 22:56:13.0133 2236 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/23 22:56:13.0258 2236 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/23 22:56:13.0336 2236 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/06/23 22:56:13.0414 2236 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/23 22:56:13.0507 2236 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/23 22:56:13.0585 2236 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/23 22:56:13.0710 2236 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/23 22:56:13.0741 2236 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/23 22:56:13.0835 2236 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/23 22:56:13.0928 2236 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/23 22:56:13.0991 2236 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/23 22:56:14.0053 2236 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/23 22:56:14.0162 2236 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/06/23 22:56:14.0240 2236 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/23 22:56:14.0318 2236 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/23 22:56:14.0365 2236 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/23 22:56:14.0443 2236 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/23 22:56:14.0521 2236 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/23 22:56:14.0552 2236 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/23 22:56:14.0630 2236 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/23 22:56:14.0662 2236 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/23 22:56:14.0724 2236 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/23 22:56:14.0786 2236 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/23 22:56:14.0818 2236 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/23 22:56:14.0880 2236 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/23 22:56:14.0989 2236 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/23 22:56:15.0052 2236 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/23 22:56:15.0098 2236 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/23 22:56:15.0176 2236 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/23 22:56:15.0254 2236 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/23 22:56:15.0301 2236 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/23 22:56:15.0332 2236 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/23 22:56:15.0426 2236 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/23 22:56:15.0488 2236 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/23 22:56:15.0660 2236 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/23 22:56:15.0738 2236 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/23 22:56:15.0878 2236 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/23 22:56:15.0956 2236 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/23 22:56:16.0081 2236 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/23 22:56:16.0190 2236 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/23 22:56:16.0237 2236 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/23 22:56:16.0331 2236 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/06/23 22:56:16.0346 2236 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/23 22:56:16.0346 2236 ================================================================================
2011/06/23 22:56:16.0346 2236 Scan finished
2011/06/23 22:56:16.0346 2236 ================================================================================
2011/06/23 22:56:16.0378 5908 Detected object count: 1
2011/06/23 22:56:16.0378 5908 Actual detected object count: 1
2011/06/23 22:56:49.0106 5908 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/23 22:56:49.0122 5908 \Device\Harddisk0\DR0 - ok
2011/06/23 22:56:49.0122 5908 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/23 22:56:59.0293 4496 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:53 PM

Posted 23 June 2011 - 10:15 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Folder::
c:\program files\WhiteSmoke


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 24 June 2011 - 11:25 PM

Report2 from Combofix

ComboFix 11-06-22.02 - Windows 06/25/2011 0:03.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.673 [GMT -4:00]
Running from: c:\users\Windows\Desktop\ComboFix.exe
Command switches used :: c:\users\Windows\Desktop\CFScript.txt
AV: Rogers Online Protection Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Rogers Online Protection Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Rogers Online Protection Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WhiteSmoke
c:\program files\WhiteSmoke\buy.ico
c:\program files\WhiteSmoke\ComVistaElevator.dll
c:\program files\WhiteSmoke\FloatButtonWhiteApps.txt
c:\program files\WhiteSmoke\FuncServer_WDC_x64.exe
c:\program files\WhiteSmoke\HookDllOE.dll
c:\program files\WhiteSmoke\HookDllOE64.dll
c:\program files\WhiteSmoke\html\english\common\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\common\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\common\js\common.js
c:\program files\WhiteSmoke\html\english\common\js\pngfix.js
c:\program files\WhiteSmoke\html\english\common\js\prototype.js
c:\program files\WhiteSmoke\html\english\common\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\dictClientDic\dictionary.html
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\ajax-loader.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_left.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_right.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_left.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_right.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\down_arrow.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg_old.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\left_input.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\leftSide.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\leftSide2.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\loading_dictionary.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\right_input.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\rightSide.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\search_strip_bg3.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\down_arrow.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_over.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_roll.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_roll.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\spacer.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\index.html
c:\program files\WhiteSmoke\html\english\dictClientDic\js\common.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\Contextmenu.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\dictInterface.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.combobox.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\prototype.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\transInterface.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\dictClientDic\style\combobox.css
c:\program files\WhiteSmoke\html\english\dictClientDic\style\Contextmenu.css
c:\program files\WhiteSmoke\html\english\dictClientDic\style\dictionary.css
c:\program files\WhiteSmoke\html\english\dictClientDic\translator.html
c:\program files\WhiteSmoke\html\english\floatingButton\blue-Q-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue-X-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue.gif
c:\program files\WhiteSmoke\html\english\floatingButton\index.html
c:\program files\WhiteSmoke\html\english\floatingButton\red&blue.gif
c:\program files\WhiteSmoke\html\english\floatingButton\Thumbs.db
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Background\howto_bg.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\spacer.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Thumbs.db
c:\program files\WhiteSmoke\html\english\floatingButton_howto\index.html
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\index.js
c:\program files\WhiteSmoke\html\english\floatingButton_howto\style\style.css
c:\program files\WhiteSmoke\html\english\gui\img\Background\ajax-loader.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\base_fade_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_top_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_grey_strip.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.p_goldng
c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_strip_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\cascade.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\collapse.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_bl2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_br2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_dot.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_menu_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_sub_menu_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu_dis.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tl2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tr2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\Copy of notice_right_top_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\down_arrow.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_left.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_right.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_left.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_right.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_sidefade.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\feather.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\green.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\input_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\inputline_fade_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftBottom3.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide3.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_11.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_old.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_checked.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_unchecked.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\red.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\resize_gripper.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightBottom.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide2_11.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_blue.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_purple.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_red.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_left_corner.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_right_corner.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\ticket.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\top_grey_strip.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft__.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft_from_home.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsRight.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topRightBorder.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\wslogo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottom_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_strip_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full3.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\green.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\red.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\smallclosebutton.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.jpg
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover_old.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_old.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\bottom_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px_11.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\green.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\leftCaptionCorner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\leftCaptionCorner2.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_1.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo3.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logologo2_11.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\red.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner2.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner3.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner3_11.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\grammarexpclosebutton.gif
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_up.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\closedy2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\content-review4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\dot.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\down-content.gif
c:\program files\WhiteSmoke\html\english\gui\img\review-section\down.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade1.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade3.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade5.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\li-content.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\opencq8.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\report.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score1.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score3.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score5.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shadow.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shadow2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow.gif
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow_good.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_analyze.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_complete.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_connection.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_expired.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.swf
c:\program files\WhiteSmoke\html\english\gui\img\screens\myWelcome.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_bottom.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_gold.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_old.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up_11.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_over.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_over.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_up.png
c:\program files\WhiteSmoke\html\english\gui\img\spacer.gif
c:\program files\WhiteSmoke\html\english\gui\index.html
c:\program files\WhiteSmoke\html\english\gui\js\appInterface.js
c:\program files\WhiteSmoke\html\english\gui\js\builder.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\common.js
c:\program files\WhiteSmoke\html\english\gui\js\Contextmenu.js
c:\program files\WhiteSmoke\html\english\gui\js\controls.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\dictionaryContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\dragdrop.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\effects.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\enrichmentContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\enrichmentsContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\final.js
c:\program files\WhiteSmoke\html\english\gui\js\gmonitor.js
c:\program files\WhiteSmoke\html\english\gui\js\grammarCache.class.js
c:\program files\WhiteSmoke\html\english\gui\js\grammarContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\gui\js\iframeTest.js
c:\program files\WhiteSmoke\html\english\gui\js\jqModal.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.2.6.pack.NotUSED.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.min.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery.ba-throttle-debounce.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery.jeegoocontext.min.js
c:\program files\WhiteSmoke\html\english\gui\js\monitor.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\builder.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\controls.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\dragdrop.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\effects.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\prototype.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\slider.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\sound.js
c:\program files\WhiteSmoke\html\english\gui\js\prototype.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\scriptaculous.js
c:\program files\WhiteSmoke\html\english\gui\js\slider.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\sound.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\spellingContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\summary.js
c:\program files\WhiteSmoke\html\english\gui\js\supersleight.js
c:\program files\WhiteSmoke\html\english\gui\js\switchcontent.js
c:\program files\WhiteSmoke\html\english\gui\js\tooltip.js
c:\program files\WhiteSmoke\html\english\gui\js\unittest.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_content_manager.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_functions.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_links.js
c:\program files\WhiteSmoke\html\english\gui\js\x.gif
c:\program files\WhiteSmoke\html\english\gui\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenus.js
c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenusContext.js
c:\program files\WhiteSmoke\html\english\gui\style\combobox.css
c:\program files\WhiteSmoke\html\english\gui\style\Contextmenu.css
c:\program files\WhiteSmoke\html\english\gui\style\dictionary.css
c:\program files\WhiteSmoke\html\english\gui\style\enrichment.css
c:\program files\WhiteSmoke\html\english\gui\style\enrichments.css
c:\program files\WhiteSmoke\html\english\gui\style\grammar.css
c:\program files\WhiteSmoke\html\english\gui\style\iframeTest.css
c:\program files\WhiteSmoke\html\english\gui\style\indexnew.css
c:\program files\WhiteSmoke\html\english\gui\style\jeegoo.css
c:\program files\WhiteSmoke\html\english\gui\style\jqModal.css
c:\program files\WhiteSmoke\html\english\gui\style\screens.css
c:\program files\WhiteSmoke\html\english\gui\style\spelling.css
c:\program files\WhiteSmoke\html\english\registration\img\banner.gif
c:\program files\WhiteSmoke\html\english\registration\img\banner.png
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up_over.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_click.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_over.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_up.gif
c:\program files\WhiteSmoke\html\english\registration\img\down.gif
c:\program files\WhiteSmoke\html\english\registration\img\down.png
c:\program files\WhiteSmoke\html\english\registration\img\f2.gif
c:\program files\WhiteSmoke\html\english\registration\index.html
c:\program files\WhiteSmoke\html\english\registration\js\regInterface.js
c:\program files\WhiteSmoke\html\english\registration\style\registration.css
c:\program files\WhiteSmoke\html\english\settings\css\index.css
c:\program files\WhiteSmoke\html\english\settings\img\Background\logo.png
c:\program files\WhiteSmoke\html\english\settings\img\Background\main_bg.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_down.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_over.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_up.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_down.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_over.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_up.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_on.png
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\settings\index.html
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\settings\js\settingsInterface.js
c:\program files\WhiteSmoke\html\english\templates\dtree.css
c:\program files\WhiteSmoke\html\english\templates\dtree.js
c:\program files\WhiteSmoke\html\english\templates\General\Apologies\ApologyInnappropriateBehavior.html
c:\program files\WhiteSmoke\html\english\templates\General\Apologies\ApologyUnjustBehavior.html
c:\program files\WhiteSmoke\html\english\templates\General\Community Work\ResignationFromVoluntaryPosition.html
c:\program files\WhiteSmoke\html\english\templates\General\Condolences\LetterOfCondolence.html
c:\program files\WhiteSmoke\html\english\templates\General\Cover Letters\CoverLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Cover Letters\GrantCoverSheet.html
c:\program files\WhiteSmoke\html\english\templates\General\Family\FamilyNewsUpdate.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\AgreementToCompromiseDebt.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\BankError.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\DebtValidation.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\InvestigationOfBillingInquiry.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditGeneral.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditIrrevocable.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditRevolving.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfDispute.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\RemovalOfInadequateInformation.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\ReplyToApplicationForCredit.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\RequestForIncreaseOfCreditLimit.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\ReturningUnsignedCheck.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\UnauthorizedCreditInquiry.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\AChristmasWish.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ArrivalOfChristmas.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\BlessingsAtChristmas.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetings.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsMessage.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsToASpouse.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsToWorkers.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasWishes.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\HappyChristmasGreeting.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\InTheStillOfTheNightChristmasGreeting.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\JoyousOccasion.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\LovePeaceAndJoy.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\MerryChristmasAndHappyNewYear.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\MerryChristmasToFamily.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\CongratulationsOnYourGraduation.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\CongratulationsToTheGraduate.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\YouHaveGraduated.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\EmployeePerformanceReviewAndPlanningSessions.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\EmploymentApplications.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\HealthRelatedIssues.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\NewEmployeeOrientation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\TerminationOfEmployment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\TuitionReimbursementPolicy.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\EmploymentReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\JobReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\LetterOfReference.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\ReferenceLetterByAcquaintance.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\RequestForEmployeeReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\VerificationOfEmploymentLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Letter Requesting Pay Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Refusal of Resquest For Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Leave of Absence.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Letter of Reference.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Meeting Regarding Pay Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Paid or Unpaid Leave.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request For Salary Increase.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request to Schedule an Interview.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Acknowledgment of Job Application.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Confirmation of Job Dismissal.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Final Warning Before Dismissal.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Job Rejection Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Job Rejection Letter2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Rejection of Job Offer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Employment Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Introduction of New Employee.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Letter for Assistant Professor.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\LetterForTenureTrackAssociateProfessor.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Offer of Employment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Request for Employment Test.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Accept or Decline Job Offer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Acceptance Letter 2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Acceptance Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Offer Acceptance.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters\Thank You Letter After Interview.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters\Thank You to Applicant for Testing.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Acceptance of Employee's Resignation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Employee Termination Notice.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Job Resignation Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Personnel Office\Notice of Decision to Reprimand.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Cover Letter Auditor Development Program.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Application Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Search Cover Letter - Disabled Citizens.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Search Cover Letter - Software Employment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Law Internship Cover Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Resume Cover Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Resume Cover Letter2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Letters of Recommendation\Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Accounting Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Administrative Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Banking Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Customer Service Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Database and Application Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\End User Trainer and Instructional Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Engineering Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Freelance Marcom Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\General CV Format.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Graphic Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Healthcare Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Internship Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Java Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Management Resume 2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Management Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Administrator Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Director Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Manager Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Essay Residency Experience.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Resume - Physician.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Resume Partnership in General Practice.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\PowerPoint Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Product Delivery Engineer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Sales Representative Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Software QA Engineer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Technical Publication Manager Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Technical Writer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Web Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Web Maintainer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Advertising Commitment Form.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Art Advertising Flyer.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Request for Advertising Rate.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Subscriber Letter News Service.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Legal\Assignment of Literary Property.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Comments to Author Regarding Book.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Introduction of Novel.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Letter of Interest to Magazine.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Magazine Review.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Promotional Letter Antique Shop.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Resumes\Actor Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Career Change.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Letter to a Friend Regarding Change of Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Sale of Automobile or Other Motor Vehicle.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Upset Regarding Loss of Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Admissions Essay for Entrance to Theater Institute.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Essay - Describe Events.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Graduate School Literary Essay.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Careers\Career Letter for Accounting Position.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Careers\Career Letter in Journalism.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Compliment Student on Graduation.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Congratulations to High School Graduate.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Personal Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Request for Financial Assistance from Parents.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Resume for After-School Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Automotive Service Industry.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Forestry.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Wildlife.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Appreciation of Scholarship.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Request for Reference.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Request for University Application Material.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Letter Thanking Coworker for Support.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Message of Thanks.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Thank You Staff for Emotional Support.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Letter of Congratulations.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Welcome New Tenants.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Wishes for Speedy Recovery.html
c:\program files\WhiteSmoke\html\english\templates\images\jspDrag.gif
c:\program files\WhiteSmoke\html\english\templates\images\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\templates\img\apply_over.png
c:\program files\WhiteSmoke\html\english\templates\img\apply_press.png
c:\program files\WhiteSmoke\html\english\templates\img\apply_up.png
c:\program files\WhiteSmoke\html\english\templates\img\atart_arrow.jpg
c:\program files\WhiteSmoke\html\english\templates\img\base.gif
c:\program files\WhiteSmoke\html\english\templates\img\borders.png
c:\program files\WhiteSmoke\html\english\templates\img\borders_good.png
c:\program files\WhiteSmoke\html\english\templates\img\borders2.png
c:\program files\WhiteSmoke\html\english\templates\img\borders3.png
c:\program files\WhiteSmoke\html\english\templates\img\bullet.gif
c:\program files\WhiteSmoke\html\english\templates\img\cd.gif
c:\program files\WhiteSmoke\html\english\templates\img\close.png
c:\program files\WhiteSmoke\html\english\templates\img\close2.png
c:\program files\WhiteSmoke\html\english\templates\img\dirClose.png
c:\program files\WhiteSmoke\html\english\templates\img\dirOpen.png
c:\program files\WhiteSmoke\html\english\templates\img\empty - Copy.gif
c:\program files\WhiteSmoke\html\english\templates\img\empty.gif
c:\program files\WhiteSmoke\html\english\templates\img\empty2.gif
c:\program files\WhiteSmoke\html\english\templates\img\folder.gif
c:\program files\WhiteSmoke\html\english\templates\img\folderopen.gif
c:\program files\WhiteSmoke\html\english\templates\img\globe.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\base.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\cd.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\empty.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\folder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\folderopen.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\globe.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\imgfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\join.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\joinbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\line.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\minusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\musicfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\nolines_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\nolines_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\page.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\plusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\question.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\trash.gif
c:\program files\WhiteSmoke\html\english\templates\img\imgfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\join.gif
c:\program files\WhiteSmoke\html\english\templates\img\joinbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\jspDrag.gif
c:\program files\WhiteSmoke\html\english\templates\img\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\templates\img\line.gif
c:\program files\WhiteSmoke\html\english\templates\img\minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\minusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\musicfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\myEmpty.png
c:\program files\WhiteSmoke\html\english\templates\img\neg_bullet.png
c:\program files\WhiteSmoke\html\english\templates\img\nolines_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\nolines_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\open.png
c:\program files\WhiteSmoke\html\english\templates\img\open2 - Copy.png
c:\program files\WhiteSmoke\html\english\templates\img\open2.png
c:\program files\WhiteSmoke\html\english\templates\img\p7t_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\p7t_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\page.gif
c:\program files\WhiteSmoke\html\english\templates\img\plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\plus_bullet.png
c:\program files\WhiteSmoke\html\english\templates\img\plusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\question.gif
c:\program files\WhiteSmoke\html\english\templates\img\top_close.png
c:\program files\WhiteSmoke\html\english\templates\img\top_open.png
c:\program files\WhiteSmoke\html\english\templates\img\trash.gif
c:\program files\WhiteSmoke\html\english\templates\index.html
c:\program files\WhiteSmoke\html\english\templates\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\templates\js\jquery.jscrollpane.min.js
c:\program files\WhiteSmoke\html\english\templates\js\jquery.mousewheel.js
c:\program files\WhiteSmoke\html\english\templates\js\switchcontent.js
c:\program files\WhiteSmoke\html\english\templates\js\templatesInterface.js
c:\program files\WhiteSmoke\html\english\templates\menu.htm
c:\program files\WhiteSmoke\html\english\templates\objects\ebook_js.js
c:\program files\WhiteSmoke\html\english\templates\objects\flashobject.js
c:\program files\WhiteSmoke\html\english\templates\objects\mcl.css
c:\program files\WhiteSmoke\html\english\templates\objects\navigation.js
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7t_minus.gif
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7t_plus.gif
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7tmbasic.css
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7tmscripts.js
c:\program files\WhiteSmoke\html\english\templates\objects\parseURL.js
c:\program files\WhiteSmoke\html\english\templates\objects\utils.js
c:\program files\WhiteSmoke\html\english\templates\objects\wm_cookies.js
c:\program files\WhiteSmoke\html\english\templates\start.html
c:\program files\WhiteSmoke\html\english\templates\style\jquery.jscrollpane.css
c:\program files\WhiteSmoke\html\english\templates\style\style.css
c:\program files\WhiteSmoke\html\english\templates\style\templates.css
c:\program files\WhiteSmoke\html\english\userGuide\css\jquery.jscrollpane.css
c:\program files\WhiteSmoke\html\english\userGuide\css\style - Copy.css
c:\program files\WhiteSmoke\html\english\userGuide\css\style.css
c:\program files\WhiteSmoke\html\english\userGuide\faq.html
c:\program files\WhiteSmoke\html\english\userGuide\images\arr.png
c:\program files\WhiteSmoke\html\english\userGuide\images\arr2.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\bg-good.png
c:\program files\WhiteSmoke\html\english\userGuide\images\bg - Copy.png
c:\program files\WhiteSmoke\html\english\userGuide\images\bg.png
c:\program files\WhiteSmoke\html\english\userGuide\images\boxBlackFix.png
c:\program files\WhiteSmoke\html\english\userGuide\images\buttons.png
c:\program files\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png
c:\program files\WhiteSmoke\html\english\userGuide\images\correctionssuggestions.png
c:\program files\WhiteSmoke\html\english\userGuide\images\dictionaryTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\faq.png
c:\program files\WhiteSmoke\html\english\userGuide\images\i.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\I.png
c:\program files\WhiteSmoke\html\english\userGuide\images\jspDrag.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\nav.jpg
c:\program files\WhiteSmoke\html\english\userGuide\images\otk.png
c:\program files\WhiteSmoke\html\english\userGuide\images\t.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\TheRight-clickMenu.png
c:\program files\WhiteSmoke\html\english\userGuide\images\TheTemplatesTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\translatorTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WriterTab.png
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.jscrollpane.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.mousewheel.js
c:\program files\WhiteSmoke\html\english\userGuide\js\userGuide.js
c:\program files\WhiteSmoke\html\english\userGuide\troubleshooting.html
c:\program files\WhiteSmoke\html\english\userGuide\userGuide.html
c:\program files\WhiteSmoke\Microsoft.VC80.CRT.manifest
c:\program files\WhiteSmoke\msvcp80.dll
c:\program files\WhiteSmoke\msvcr80.dll
c:\program files\WhiteSmoke\NotifierWhiteApps.txt
c:\program files\WhiteSmoke\osmax.ocx
c:\program files\WhiteSmoke\osmax64.ocx
c:\program files\WhiteSmoke\secman.dll
c:\program files\WhiteSmoke\secman64.dll
c:\program files\WhiteSmoke\settings.ini
c:\program files\WhiteSmoke\TCCons.dll
c:\program files\WhiteSmoke\TCCons_x64.dll
c:\program files\WhiteSmoke\Uninst.exe
c:\program files\WhiteSmoke\WCapture.dll
c:\program files\WhiteSmoke\WCapture_x64.dll
c:\program files\WhiteSmoke\WCaptureX.dll
c:\program files\WhiteSmoke\WCaptureX_x64.dll
c:\program files\WhiteSmoke\WCustom.dll
c:\program files\WhiteSmoke\WCustom_x64.dll
c:\program files\WhiteSmoke\WhiteSmokeRegistration.exe
c:\program files\WhiteSmoke\WHook.dll
c:\program files\WhiteSmoke\WHook_x64.dll
c:\program files\WhiteSmoke\Writer.ico
c:\program files\WhiteSmoke\WSDictHookDll.dll
c:\program files\WhiteSmoke\WSEngine.dll
c:\program files\WhiteSmoke\WSEnrichment.exe
c:\program files\WhiteSmoke\WSLogger.exe
c:\program files\WhiteSmoke\WSMouseHook.dll
c:\program files\WhiteSmoke\WSTray64.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 04:20 . 2011-06-25 04:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 04:31 . 2011-06-22 04:31 -------- d-----w- c:\programdata\InterVideo
2011-06-22 04:29 . 2001-12-10 22:42 20480 ----a-w- c:\windows\system32\IVIresize.dll
2011-06-22 04:29 . 2001-12-10 22:42 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2011-06-22 04:29 . 2001-12-10 22:42 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2011-06-22 04:29 . 2011-06-22 04:29 -------- d-----w- c:\program files\InterVideo
2011-06-22 04:29 . 2001-12-10 22:42 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2011-06-22 04:29 . 2001-12-10 22:42 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2011-06-22 04:29 . 2001-12-10 22:42 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2011-06-22 04:28 . 1999-09-20 09:38 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-22 04:27 . 2011-06-22 04:27 -------- d-----w- c:\users\Windows\AppData\Local\{A0F51E6F-B59C-4A69-9969-C3FB15C3C070}
2011-06-20 23:56 . 2011-06-20 23:57 -------- d-----w- c:\users\Windows\AppData\Local\{C039B4BB-AD80-40BA-AB30-56055E23B7E8}
2011-06-18 22:37 . 2011-06-18 22:37 -------- d-----w- c:\users\Windows\AppData\Local\{AEB7ADA5-A2F8-4A1D-A921-2B84F9B3C96F}
2011-06-15 03:40 . 2011-06-15 03:40 -------- d-----w- c:\program files\iPod
2011-06-15 03:40 . 2011-06-15 03:41 -------- d-----w- c:\program files\iTunes
2011-06-05 00:44 . 2009-11-02 20:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-06-05 00:44 . 2011-06-05 00:46 -------- d-----w- c:\program files\Rogers Backup Manager
2011-06-05 00:43 . 2009-10-23 18:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-06-05 00:43 . 2011-06-05 00:43 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-06-05 00:43 . 2011-06-05 00:43 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-06-05 00:43 . 2011-06-05 00:43 -------- d-----w- c:\programdata\Raxco
2011-06-05 00:43 . 2011-06-05 00:43 -------- d-----w- c:\program files\Raxco
2011-06-05 00:38 . 2011-06-05 00:46 -------- d-----w- c:\users\Windows\AppData\Roaming\Rogers Online Protection
2011-06-05 00:38 . 2011-06-05 00:38 -------- d-----w- c:\programdata\Radialpoint
2011-06-05 00:38 . 2011-06-05 00:42 -------- d-----w- c:\program files\Rogers Online Protection
2011-06-05 00:38 . 2011-06-05 00:42 -------- d-----w- c:\programdata\Rogers Online Protection
2011-06-05 00:04 . 2011-06-11 05:18 -------- d-----w- c:\program files\Rogers
2011-06-03 16:32 . 2011-06-03 16:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-03 16:31 . 2011-06-03 16:31 -------- d-----w- c:\program files\SweetIM
2011-06-03 16:31 . 2011-06-03 16:31 -------- d-----w- c:\programdata\SweetIM
2011-06-01 03:57 . 2011-06-01 03:57 -------- d-----w- c:\program files\Your Uninstaller! 7
2011-06-01 03:56 . 2011-06-01 03:56 6302920 ----a-w- c:\program files\yu2011setupcnet7.3.2011.2.exe
2011-05-31 23:41 . 2011-05-31 23:41 -------- d-----w- c:\windows\Sun
2011-05-29 01:10 . 2011-05-29 01:10 -------- d-----w- c:\users\Windows\AppData\Local\{F2E5B13F-CA9B-4303-A51C-C935AE6599C3}
2011-05-29 01:10 . 2011-05-29 01:10 -------- d-----w- c:\users\Windows\AppData\Local\{096DE62B-F8A1-4BD3-9B44-269D1FF8638C}
2011-05-27 20:53 . 2011-05-27 20:53 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-27 20:53 . 2011-05-27 20:53 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-27 20:53 . 2011-05-27 20:53 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2011-05-10 12:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 00:18 . 2011-04-18 00:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-27 08:46 . 2011-04-27 08:46 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2011-04-27 08:46 . 2011-04-27 08:46 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-04-27 08:46 . 2011-04-27 08:46 74752 ----a-w- c:\windows\system32\CLEyeDevices.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 19:33 . 2011-04-18 00:13 3464104 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-04-06 14:15 . 2011-04-18 00:13 952320 ----a-w- c:\windows\system32\RCoRes.dat
2011-03-31 20:49 . 2011-04-18 00:13 4105832 ----a-w- c:\windows\system32\RtkAPO.dll
2011-03-31 20:49 . 2011-04-18 00:13 2160744 ----a-w- c:\windows\system32\RtkPgExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 19:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 14:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-06-07 17:46 344064 ----a-w- c:\program files\Rogers Backup Manager\VaultClientMenu.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"cdloader"="c:\users\Windows\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 163872]
"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]
"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-09 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
"Rogers SHS"="c:\program files\rogers\selfhealing\shs.exe" [2010-01-21 2732032]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2011-01-04 4318520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]
.
c:\users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor 3.lnk - c:\program files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [2011-5-1 542064]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-6-22 131072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [x]
R3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-05-27 13224]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-09 697328]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [2009-10-16 53560]
S2 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2010-06-07 166944]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-01-19 139264]
S2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2009-11-09 169936]
S2 ServicepointService;ServicepointService;c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe [2011-01-04 689464]
S2 VaultClientSRV;Rogers Backup Manager Service;c:\program files\Rogers Backup Manager\VaultClientSRV.exe [2010-06-07 1053936]
S2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;c:\program files\Rogers Backup Manager\VaultClientUpgrade.exe [2010-06-07 120048]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2010-12-02 1141888]
S3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7.sys [2010-06-01 612352]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 3A2DFDFA
*NewlyCreated* - A350986B
*Deregistered* - 3a2dfdfa
*Deregistered* - a350986b
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\NeroLiveEpgUpdate-Windows-PC_Windows.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Windows\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Windows\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\8ck00ioq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.accept-encoding -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-25 00:22:51
ComboFix-quarantined-files.txt 2011-06-25 04:22
ComboFix2.txt 2011-06-23 06:33
.
Pre-Run: 81,986,408,448 bytes free
Post-Run: 81,751,302,144 bytes free
.
- - End Of File - - 5E13B0F69BA2A949FDCDFF1FAE711CFD

#11 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 24 June 2011 - 11:30 PM

and computer seems to be better now....

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:53 PM

Posted 24 June 2011 - 11:53 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.3

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 25 June 2011 - 04:09 PM

Hello, I really appreciate your help and time you are spending to clean my computer.

Log From MBAM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6949

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/25/2011 4:55:45 PM
mbam-log-2011-06-25 (16-55-45).txt

Scan type: Quick scan
Objects scanned: 175195
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Report from Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:17 PM, on 6/25/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\rogers\selfhealing\shs.exe
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Windows\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Monitor 3.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Windows\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Windows\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vjage.com/download/vjocx-en.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
O23 - Service: Rogers Backup Manager Service (VaultClientSRV) - Radialpoint SafeCare Inc. - C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
O23 - Service: Rogers Backup Manager Upgrade Service (VaultClientUpgrade) - Radialpoint SafeCare Inc. - C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe

--
End of file - 9165 bytes


computer is working alot better now

Edited by ZainulAbideen, 25 June 2011 - 04:14 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:53 PM

Posted 25 June 2011 - 06:03 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
      O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
      O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Device Monitor 3.lnk = ?
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ZainulAbideen

ZainulAbideen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa
  • Local time:06:53 PM

Posted 26 June 2011 - 11:44 PM

ESET ONLINE SCANNER LOG

C:\Program Files\yu2011setupcnet7.3.2011.2.exe Win32/Toolbar.Zugo application
C:\Users\Windows\for usb\All 3Planesoft 3D Screensavers\tower.exe probably a variant of Win32/PSW.LdPinch.YZBWFI trojan
C:\Windows\Downloaded Installations\{6674FEC9-7EB0-4BAF-9391-06E15D0EBB3C}\MyFantasyMaker.msi probably a variant of Win32/Agent.FBVCZFA trojan
D:\documents\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users