Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan filling up C Drive


  • This topic is locked This topic is locked
25 replies to this topic

#1 puptitch

puptitch

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 20 June 2011 - 12:08 AM

Hi,

Firstly let me say I only recently came across this site and I think it's a fantastic idea and you guys are doing a great job!!

I have a virus that I think I have had for a little while but which I ignored for a fair amount of time.

I have little to no space left on my C drive (2 GB at the moment)and I have defragmented the drive, uninstalled all unwanted programmes and taken loads of my ddocs off the laptop.

Each time I ree up a few GB of space it becomes filled in a few hours or days and i've no idea how this is happening.

about a month ago I found a load of .txt files named Z.txt, ZZ.txt, ZZZ.txt and so on an deleted them free up about 5 GB and find files with names like {67DABFBF-D0AB-41FA-9C46-CC0F21721616} when I do virus scans but the scanners skip past them.

Occasionally i get a blue screen and my laptop crashes but it happens too quickly to see what it says.

Also, I appear unable to turn on Windows Defender i don't know if this is related.

again this is a fantastic site... thanks a bunch you guys/gals if i could i'd buy ya a huge box of choccies :P



.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18943
Run by Arthu Dyer at 23:12:17 on 2011-06-19
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\CNAB4RPK.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\vVX1000.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Arthu Dyer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uStart Page = hxxp://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3597EB3B-C2C4-4CA5-882B-CB6F4FC3DBE1} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate1cad5df84f9ff00;Google Update Service (gupdate1cad5df84f9ff00)
R? gupdatem;Google Update Service (gupdatem)
R? MpKsl03e27013;MpKsl03e27013
R? MpKsl063c037e;MpKsl063c037e
R? MpKsl07b23d89;MpKsl07b23d89
R? MpKsl091327a3;MpKsl091327a3
R? MpKsl09507059;MpKsl09507059
R? MpKsl099ada60;MpKsl099ada60
R? MpKsl0c728011;MpKsl0c728011
R? MpKsl0cb2c2a3;MpKsl0cb2c2a3
R? MpKsl107804b4;MpKsl107804b4
R? MpKsl14abc5f8;MpKsl14abc5f8
R? MpKsl17cf13b0;MpKsl17cf13b0
R? MpKsl18a9e2df;MpKsl18a9e2df
R? MpKsl1bdc8397;MpKsl1bdc8397
R? MpKsl1d79ab22;MpKsl1d79ab22
R? MpKsl1ed16b1f;MpKsl1ed16b1f
R? MpKsl21ae8ea3;MpKsl21ae8ea3
R? MpKsl24d82522;MpKsl24d82522
R? MpKsl24ddcd6e;MpKsl24ddcd6e
R? MpKsl2824c39d;MpKsl2824c39d
R? MpKsl29b43ef8;MpKsl29b43ef8
R? MpKsl2a1101b0;MpKsl2a1101b0
R? MpKsl2beb1fe3;MpKsl2beb1fe3
R? MpKsl2c4f11fe;MpKsl2c4f11fe
R? MpKsl2db446e0;MpKsl2db446e0
R? MpKsl2ec83d55;MpKsl2ec83d55
R? MpKsl2f40dd33;MpKsl2f40dd33
R? MpKsl305b4f6d;MpKsl305b4f6d
R? MpKsl31e17efa;MpKsl31e17efa
R? MpKsl3508c635;MpKsl3508c635
R? MpKsl3884238e;MpKsl3884238e
R? MpKsl38cceace;MpKsl38cceace
R? MpKsl39353bbe;MpKsl39353bbe
R? MpKsl3cb23c11;MpKsl3cb23c11
R? MpKsl3cde6aff;MpKsl3cde6aff
R? MpKsl41387736;MpKsl41387736
R? MpKsl41a583de;MpKsl41a583de
R? MpKsl428da48f;MpKsl428da48f
R? MpKsl44a1ff73;MpKsl44a1ff73
R? MpKsl44abafdc;MpKsl44abafdc
R? MpKsl46b232a1;MpKsl46b232a1
R? MpKsl46bbcc83;MpKsl46bbcc83
R? MpKsl4996375b;MpKsl4996375b
R? MpKsl4adeb986;MpKsl4adeb986
R? MpKsl4b70d7d3;MpKsl4b70d7d3
R? MpKsl4dfa7bc2;MpKsl4dfa7bc2
R? MpKsl50d36d89;MpKsl50d36d89
R? MpKsl515294d6;MpKsl515294d6
R? MpKsl5217d7f4;MpKsl5217d7f4
R? MpKsl56522701;MpKsl56522701
R? MpKsl574f0eec;MpKsl574f0eec
R? MpKsl57efa75a;MpKsl57efa75a
R? MpKsl59307636;MpKsl59307636
R? MpKsl5abd1cc2;MpKsl5abd1cc2
R? MpKsl5adf381e;MpKsl5adf381e
R? MpKsl6171b442;MpKsl6171b442
R? MpKsl664d3a25;MpKsl664d3a25
R? MpKsl666c7a55;MpKsl666c7a55
R? MpKsl6adca09c;MpKsl6adca09c
R? MpKsl6c158716;MpKsl6c158716
R? MpKsl7193d566;MpKsl7193d566
R? MpKsl741f5ba4;MpKsl741f5ba4
R? MpKsl768a39af;MpKsl768a39af
R? MpKsl77a40977;MpKsl77a40977
R? MpKsl79545f7c;MpKsl79545f7c
R? MpKsl7bb2675d;MpKsl7bb2675d
R? MpKsl7d1384e9;MpKsl7d1384e9
R? MpKsl807d0b5a;MpKsl807d0b5a
R? MpKsl827feebf;MpKsl827feebf
R? MpKsl8415ff5e;MpKsl8415ff5e
R? MpKsl87fcf776;MpKsl87fcf776
R? MpKsl895ea41c;MpKsl895ea41c
R? MpKsl93144258;MpKsl93144258
R? MpKsl9402c405;MpKsl9402c405
R? MpKsl94dfedeb;MpKsl94dfedeb
R? MpKsl95cc16fc;MpKsl95cc16fc
R? MpKsl95d7a9e9;MpKsl95d7a9e9
R? MpKsl976ddc95;MpKsl976ddc95
R? MpKsl98b47f5d;MpKsl98b47f5d
R? MpKsl9b666f2a;MpKsl9b666f2a
R? MpKsla04ae90f;MpKsla04ae90f
R? MpKsla28e481f;MpKsla28e481f
R? MpKsla4470473;MpKsla4470473
R? MpKsla5488081;MpKsla5488081
R? MpKsla8c8eaff;MpKsla8c8eaff
R? MpKsla994e2ea;MpKsla994e2ea
R? MpKsla9dc48c9;MpKsla9dc48c9
R? MpKslab624f98;MpKslab624f98
R? MpKslacf71ee4;MpKslacf71ee4
R? MpKslae41b0bb;MpKslae41b0bb
R? MpKslb0572c78;MpKslb0572c78
R? MpKslb442ac86;MpKslb442ac86
R? MpKslb75f41b2;MpKslb75f41b2
R? MpKslb9ce8614;MpKslb9ce8614
R? MpKslb9f94f18;MpKslb9f94f18
R? MpKslbb3eb4ad;MpKslbb3eb4ad
R? MpKslbdd8c472;MpKslbdd8c472
R? MpKslc157ad7d;MpKslc157ad7d
R? MpKslc3334383;MpKslc3334383
R? MpKslc3ae3ac1;MpKslc3ae3ac1
R? MpKslc4694066;MpKslc4694066
R? MpKslc732e207;MpKslc732e207
R? MpKslcd86f80c;MpKslcd86f80c
R? MpKslce9f7f52;MpKslce9f7f52
R? MpKsld454d676;MpKsld454d676
R? MpKsld6d3a1a9;MpKsld6d3a1a9
R? MpKsld748a313;MpKsld748a313
R? MpKsld7d8c42c;MpKsld7d8c42c
R? MpKsldee6b099;MpKsldee6b099
R? MpKsle03acc55;MpKsle03acc55
R? MpKsle4d9f192;MpKsle4d9f192
R? MpKsle69f0590;MpKsle69f0590
R? MpKsled2e400f;MpKsled2e400f
R? MpKsled479e2a;MpKsled479e2a
R? MpKsledd21bdf;MpKsledd21bdf
R? MpKslf3e8f996;MpKslf3e8f996
R? MpKslf511033d;MpKslf511033d
R? MpKslf58b521c;MpKslf58b521c
R? MpKslf6fd4b72;MpKslf6fd4b72
R? MpKslf731ec94;MpKslf731ec94
R? MpKslfd810a48;MpKslfd810a48
R? MpKslfe2aa58c;MpKslfe2aa58c
R? SASENUM;SASENUM
R? wlcrasvc;Windows Live Mesh remote connections service
R? WMZuneComm;Zune Windows Mobile Connectivity Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FontCache;Windows Font Cache Service
S? IDSvix86;Symantec Intrusion Prevention Driver
S? IKFileSec;File Security Driver
S? IKSysFlt;System Filter Driver
S? IKSysSec;System Security Driver
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? mchInjDrv;madCodeHook DLL injection driver
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl06528697;MpKsl06528697
S? MpKsl91ed609c;MpKsl91ed609c
S? MpKslaa12ed40;MpKslaa12ed40
S? MpKsle4ad32a7;MpKsle4ad32a7
S? MpNWMon;Microsoft Malware Protection Network Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher
S? PCCUJobMgr;Common Client Job Manager Service
S? RapportBuka;RapportBuka
S? RapportCerberus_26762;RapportCerberus_26762
S? RapportEI;RapportEI
S? RapportKELL;RapportKELL
S? RapportMgmtService;Rapport Management Service
S? RapportPG;RapportPG
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? Symantec Core LC;Symantec Core LC
S? SYMNDISV;SYMNDISV
.
=============== Created Last 30 ================
.
2011-06-19 22:02:59 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2bde0210-2ad8-4f23-84c6-173f28ed1693}\MpKsle4ad32a7.sys
2011-06-19 21:57:17 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2bde0210-2ad8-4f23-84c6-173f28ed1693}\mpengine.dll
2011-06-19 21:12:42 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8515415b-c1cf-4418-bb89-8d744aa6b5fb}\MpKslaa12ed40.sys
2011-06-19 21:00:56 -------- dc----w- c:\users\arthu dyer\appdata\local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
2011-06-19 07:47:24 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8515415b-c1cf-4418-bb89-8d744aa6b5fb}\MpKsl91ed609c.sys
2011-06-18 21:57:03 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8515415b-c1cf-4418-bb89-8d744aa6b5fb}\MpKsl06528697.sys
2011-06-18 19:59:43 -------- dc----w- c:\users\arthu dyer\appdata\local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
2011-06-18 16:30:51 6962000 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8515415b-c1cf-4418-bb89-8d744aa6b5fb}\mpengine.dll
2011-06-17 00:52:22 -------- dc----w- c:\users\arthu dyer\appdata\local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
2011-06-16 08:46:57 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:46:56 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:46:55 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 08:46:45 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:46:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-16 08:46:27 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 08:46:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:46:05 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:46:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:45:55 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:45:44 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-15 21:28:23 -------- dc----w- c:\users\arthu dyer\appdata\local\{59835181-4CE7-45E7-B039-3166EE934393}
2011-06-14 20:37:35 -------- dc----w- c:\users\arthu dyer\appdata\local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
2011-06-14 08:37:07 -------- dc----w- c:\users\arthu dyer\appdata\local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
2011-06-13 19:52:04 -------- dc----w- c:\users\arthu dyer\appdata\local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
2011-06-12 21:52:27 -------- dc----w- c:\users\arthu dyer\appdata\local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
2011-06-11 18:18:10 -------- dc----w- c:\users\arthu dyer\appdata\local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
2011-06-10 22:53:59 -------- dc----w- c:\users\arthu dyer\appdata\local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
2011-06-09 20:04:31 -------- dc----w- c:\users\arthu dyer\appdata\local\{6CB05047-FB4D-47BB-A14A-E96100443178}
2011-06-08 15:26:06 -------- dc----w- c:\users\arthu dyer\appdata\local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
2011-06-07 23:13:28 -------- dc----w- c:\users\arthu dyer\appdata\local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
2011-06-07 21:19:11 -------- dc----w- c:\users\arthu dyer\appdata\local\Tific
2011-06-07 21:19:10 -------- dc----w- c:\users\arthu dyer\appdata\roaming\Tific
2011-06-06 21:50:03 -------- dc----w- c:\users\arthu dyer\appdata\local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
2011-06-06 07:14:04 -------- d-----w- c:\windows\Standalone System Sweeper
2011-06-05 22:08:32 -------- dc----w- c:\users\arthu dyer\appdata\local\VirtualStore
2011-05-27 14:58:54 -------- d-----w- c:\program files\Plasm
2011-05-21 08:22:44 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2734eb4e-dcd8-45e9-a14e-ea3e24eff3f8}\gapaengine.dll
.
==================== Find3M ====================
.
2011-06-19 21:14:51 2560 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys
2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH: 23:33:00.20 ===============

Attached Files

  • Attached File  DDS.txt   18.92KB   0 downloads
  • Attached File  GMER.log   417.19KB   2 downloads


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 28 June 2011 - 06:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 29 June 2011 - 02:17 AM

Hi m0le,

thanks for your response! i'm am here and waiting your orders!!!

puptitch

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 29 June 2011 - 05:29 PM

Can you start by running these two programs to check for rootkits

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 June 2011 - 03:00 PM

Hi please find attached the results,

the TDSS found nothing and i don't understand the other one :P!!


2011/06/29 23:39:27.0212 8228 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 23:39:29.0219 8228 ================================================================================
2011/06/29 23:39:29.0219 8228 SystemInfo:
2011/06/29 23:39:29.0219 8228
2011/06/29 23:39:29.0219 8228 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/29 23:39:29.0219 8228 Product type: Workstation
2011/06/29 23:39:29.0220 8228 ComputerName: ARTHURDYER-PC
2011/06/29 23:39:29.0227 8228 UserName: Arthu Dyer
2011/06/29 23:39:29.0227 8228 Windows directory: C:\Windows
2011/06/29 23:39:29.0227 8228 System windows directory: C:\Windows
2011/06/29 23:39:29.0227 8228 Processor architecture: Intel x86
2011/06/29 23:39:29.0227 8228 Number of processors: 2
2011/06/29 23:39:29.0227 8228 Page size: 0x1000
2011/06/29 23:39:29.0227 8228 Boot type: Normal boot
2011/06/29 23:39:29.0227 8228 ================================================================================
2011/06/29 23:39:59.0135 8228 Initialize success
2011/06/29 23:40:04.0449 8440 ================================================================================
2011/06/29 23:40:04.0449 8440 Scan started
2011/06/29 23:40:04.0449 8440 Mode: Manual;
2011/06/29 23:40:04.0450 8440 ================================================================================
2011/06/29 23:40:10.0144 8440 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/29 23:40:11.0009 8440 ADIHdAudAddService (18214c7b97ae093a6631a2fba4129f68) C:\Windows\system32\drivers\ADIHdAud.sys
2011/06/29 23:40:11.0692 8440 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/29 23:40:12.0299 8440 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/29 23:40:13.0270 8440 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/29 23:40:13.0982 8440 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/29 23:40:14.0498 8440 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/06/29 23:40:16.0636 8440 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/29 23:40:17.0164 8440 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/29 23:40:17.0732 8440 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/29 23:40:18.0385 8440 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/29 23:40:18.0821 8440 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/29 23:40:19.0647 8440 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/29 23:40:20.0094 8440 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/29 23:40:20.0278 8440 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/29 23:40:20.0562 8440 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/29 23:40:20.0909 8440 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/29 23:40:21.0284 8440 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/29 23:40:21.0625 8440 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/29 23:40:21.0900 8440 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2011/06/29 23:40:22.0363 8440 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/29 23:40:22.0824 8440 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/29 23:40:23.0212 8440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/29 23:40:23.0572 8440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/29 23:40:24.0016 8440 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/29 23:40:24.0360 8440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/29 23:40:24.0698 8440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/29 23:40:25.0273 8440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/29 23:40:25.0850 8440 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/29 23:40:26.0521 8440 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/29 23:40:27.0303 8440 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/29 23:40:27.0989 8440 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/29 23:40:28.0742 8440 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/29 23:40:29.0720 8440 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/29 23:40:30.0102 8440 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/29 23:40:30.0459 8440 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/29 23:40:30.0982 8440 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/29 23:40:31.0362 8440 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/29 23:40:31.0902 8440 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/29 23:40:36.0331 8440 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/29 23:40:37.0599 8440 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/29 23:40:39.0236 8440 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/29 23:40:41.0725 8440 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/29 23:40:43.0116 8440 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/29 23:40:44.0149 8440 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/29 23:40:47.0209 8440 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/29 23:40:50.0118 8440 EraserUtilRebootDrv (0ead5db7508e126a2495d6ff64626c92) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/29 23:40:52.0723 8440 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/29 23:40:55.0092 8440 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/29 23:40:57.0345 8440 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/29 23:40:59.0174 8440 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/29 23:41:01.0283 8440 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/29 23:41:03.0852 8440 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/29 23:41:05.0483 8440 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/29 23:41:07.0419 8440 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/29 23:41:09.0031 8440 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/29 23:41:11.0317 8440 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/29 23:41:13.0737 8440 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/29 23:41:15.0982 8440 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/29 23:41:19.0846 8440 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/29 23:41:22.0612 8440 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/29 23:41:25.0236 8440 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/29 23:41:27.0260 8440 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/29 23:41:28.0197 8440 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/29 23:41:29.0141 8440 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/29 23:41:30.0838 8440 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/29 23:41:31.0942 8440 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/29 23:41:33.0621 8440 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/29 23:41:37.0202 8440 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/29 23:41:38.0962 8440 IDSvix86 (b719025ba318425bbd1b05c999c98778) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys
2011/06/29 23:41:41.0806 8440 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/29 23:41:42.0526 8440 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/29 23:41:43.0514 8440 IKFileSec (bf1d66c139a4e9be079d47fcfa993578) C:\Windows\system32\drivers\ikfilesec.sys
2011/06/29 23:41:44.0367 8440 IKSysFlt (a90856d3fc565a0d0165574e51a6d088) C:\Windows\system32\drivers\iksysflt.sys
2011/06/29 23:41:45.0284 8440 IKSysSec (6ebded50d6e19879bc3a86c36d3a0f9d) C:\Windows\system32\drivers\iksyssec.sys
2011/06/29 23:41:46.0479 8440 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/29 23:41:48.0103 8440 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/29 23:41:50.0220 8440 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/29 23:41:56.0340 8440 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/29 23:41:59.0235 8440 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/29 23:42:01.0434 8440 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/29 23:42:03.0638 8440 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/29 23:42:05.0729 8440 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/29 23:42:07.0986 8440 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/29 23:42:10.0600 8440 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/29 23:42:12.0533 8440 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/29 23:42:15.0287 8440 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/06/29 23:42:16.0352 8440 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
2011/06/29 23:42:16.0794 8440 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
2011/06/29 23:42:17.0391 8440 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/29 23:42:18.0562 8440 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/29 23:42:19.0082 8440 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/29 23:42:19.0450 8440 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/29 23:42:19.0800 8440 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/29 23:42:20.0595 8440 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/29 23:42:20.0772 8440 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/29 23:42:21.0281 8440 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/29 23:42:21.0618 8440 mchInjDrv (9971aa2d16cb558358d6f6f3b5055cba) C:\Windows\system32\Drivers\mchInjDrv.sys
2011/06/29 23:42:22.0380 8440 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/29 23:42:22.0696 8440 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/29 23:42:22.0845 8440 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/29 23:42:23.0237 8440 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/29 23:42:23.0678 8440 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/06/29 23:42:23.0930 8440 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/29 23:42:24.0164 8440 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/29 23:42:24.0246 8440 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/29 23:42:32.0921 8440 MpKslb60c9c4e (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKslb60c9c4e.sys
2011/06/29 23:42:35.0319 8440 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/29 23:42:35.0420 8440 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/29 23:42:35.0724 8440 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/29 23:42:36.0058 8440 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/29 23:42:36.0437 8440 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/29 23:42:37.0640 8440 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/29 23:42:38.0490 8440 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/29 23:42:38.0923 8440 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/29 23:42:39.0339 8440 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/29 23:42:39.0597 8440 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/29 23:42:39.0774 8440 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/29 23:42:40.0079 8440 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/29 23:42:40.0417 8440 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/29 23:42:40.0585 8440 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/29 23:42:40.0934 8440 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/29 23:42:41.0480 8440 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/29 23:42:41.0777 8440 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/29 23:42:42.0046 8440 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/06/29 23:42:42.0292 8440 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/29 23:42:42.0651 8440 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/29 23:42:42.0988 8440 NAVENG (b6c1825fcccf6d981627c983e16dfc29) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071119.003\NAVENG.SYS
2011/06/29 23:42:43.0222 8440 NAVEX15 (8e54570b4dfd8e1f0b7a5266737bfee5) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071119.003\NAVEX15.SYS
2011/06/29 23:42:44.0027 8440 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/29 23:42:44.0420 8440 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/29 23:42:44.0594 8440 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/29 23:42:44.0854 8440 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/29 23:42:45.0089 8440 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/29 23:42:45.0421 8440 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/29 23:42:45.0795 8440 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/29 23:42:46.0273 8440 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/29 23:42:46.0471 8440 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/29 23:42:46.0744 8440 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/29 23:42:47.0052 8440 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/29 23:42:47.0414 8440 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/29 23:42:47.0775 8440 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/29 23:42:47.0943 8440 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/29 23:42:48.0246 8440 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/29 23:42:48.0432 8440 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/29 23:42:48.0665 8440 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/29 23:42:49.0098 8440 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/29 23:42:49.0526 8440 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/29 23:42:49.0692 8440 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/29 23:42:49.0964 8440 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/29 23:42:50.0314 8440 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/06/29 23:42:50.0716 8440 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/29 23:42:51.0112 8440 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/29 23:42:51.0392 8440 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/29 23:42:51.0779 8440 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/29 23:42:52.0429 8440 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/29 23:42:52.0608 8440 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/29 23:42:52.0941 8440 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/29 23:42:53.0137 8440 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/29 23:42:53.0506 8440 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/29 23:42:53.0919 8440 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/29 23:42:54.0206 8440 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
2011/06/29 23:42:55.0487 8440 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
2011/06/29 23:42:55.0689 8440 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/06/29 23:42:55.0944 8440 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\Windows\system32\Drivers\RapportKELL.sys
2011/06/29 23:42:56.0275 8440 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/06/29 23:42:56.0596 8440 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/29 23:42:56.0790 8440 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/29 23:42:57.0096 8440 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/29 23:42:57.0392 8440 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/29 23:42:57.0743 8440 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/29 23:42:58.0044 8440 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/29 23:42:58.0272 8440 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/29 23:42:58.0545 8440 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/29 23:42:58.0793 8440 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/29 23:42:59.0156 8440 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/29 23:42:59.0344 8440 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/29 23:42:59.0624 8440 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/29 23:42:59.0945 8440 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/29 23:43:00.0134 8440 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/06/29 23:43:00.0374 8440 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/29 23:43:01.0216 8440 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/06/29 23:43:01.0353 8440 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/06/29 23:43:01.0618 8440 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/29 23:43:01.0913 8440 sdbus (5bafd52831ea802f8d3940f5c92fdeec) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/29 23:43:02.0272 8440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/29 23:43:02.0718 8440 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/29 23:43:02.0979 8440 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/29 23:43:03.0217 8440 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/29 23:43:03.0734 8440 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/29 23:43:04.0036 8440 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/29 23:43:04.0310 8440 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/29 23:43:04.0449 8440 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/29 23:43:04.0772 8440 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/29 23:43:05.0073 8440 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/29 23:43:05.0462 8440 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/29 23:43:05.0706 8440 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/29 23:43:06.0723 8440 SNPSTD3 (1a8fd3a68d99c23baac159bb6b4dc17b) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/06/29 23:43:13.0656 8440 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/29 23:43:15.0131 8440 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/29 23:43:16.0146 8440 SRTSP (fa31991f172117b16c003f4925346618) C:\Windows\system32\Drivers\SRTSP.SYS
2011/06/29 23:43:17.0755 8440 SRTSPL (3fe51ebd01e5a5b31fbf0560c9915349) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/06/29 23:43:18.0100 8440 SRTSPX (d6c028bb553e7a8dfa082360ca09b4c0) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/06/29 23:43:18.0268 8440 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/29 23:43:18.0744 8440 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/29 23:43:19.0349 8440 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/29 23:43:19.0925 8440 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/29 23:43:20.0111 8440 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/29 23:43:20.0437 8440 SYMDNS (a16d76baa5d2cbe45c57fa582c1208e5) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/06/29 23:43:20.0603 8440 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/06/29 23:43:20.0941 8440 SYMFW (c64d200569a18ea6c676266dee3ac158) C:\Windows\System32\Drivers\SYMFW.SYS
2011/06/29 23:43:21.0081 8440 SYMIDS (7764d3d7a3c858f04ced3c1f16410d89) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/06/29 23:43:21.0329 8440 SYMNDISV (d193684004658fe4f3f143ca6dd9ef8b) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/06/29 23:43:21.0473 8440 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/06/29 23:43:21.0686 8440 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/06/29 23:43:21.0897 8440 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/29 23:43:22.0042 8440 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/29 23:43:22.0369 8440 SynTP (21ff75c9351f5c2ac78e106efdb07284) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/29 23:43:22.0834 8440 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/06/29 23:43:23.0179 8440 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/29 23:43:23.0370 8440 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/29 23:43:23.0629 8440 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/29 23:43:23.0770 8440 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/29 23:43:23.0939 8440 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/29 23:43:24.0173 8440 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/29 23:43:24.0408 8440 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/29 23:43:24.0755 8440 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/06/29 23:43:25.0224 8440 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/29 23:43:25.0501 8440 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/29 23:43:25.0772 8440 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/29 23:43:26.0064 8440 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/29 23:43:26.0223 8440 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/29 23:43:26.0643 8440 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/29 23:43:28.0191 8440 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/29 23:43:33.0971 8440 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/29 23:43:43.0533 8440 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/29 23:43:52.0886 8440 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/29 23:44:00.0699 8440 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/29 23:44:05.0917 8440 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/29 23:44:06.0850 8440 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/29 23:44:07.0726 8440 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/29 23:44:08.0339 8440 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/29 23:44:08.0883 8440 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/29 23:44:09.0564 8440 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/29 23:44:10.0199 8440 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/29 23:44:11.0005 8440 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/29 23:44:11.0707 8440 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/29 23:44:12.0304 8440 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/29 23:44:12.0993 8440 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/29 23:44:13.0843 8440 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/29 23:44:15.0035 8440 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/29 23:44:16.0302 8440 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/29 23:44:16.0895 8440 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/29 23:44:17.0779 8440 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/29 23:44:18.0491 8440 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/29 23:44:19.0168 8440 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/29 23:44:19.0543 8440 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/29 23:44:20.0294 8440 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
2011/06/29 23:44:20.0911 8440 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/29 23:44:21.0410 8440 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 23:44:21.0575 8440 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 23:44:21.0870 8440 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/29 23:44:22.0210 8440 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/29 23:44:22.0964 8440 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/29 23:44:23.0725 8440 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/29 23:44:24.0224 8440 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/29 23:44:24.0632 8440 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/29 23:44:25.0174 8440 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/29 23:44:25.0415 8440 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/29 23:44:25.0736 8440 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/29 23:44:25.0814 8440 Boot (0x1200) (7b4b374bab84256c4eb20c31af18b6c6) \Device\Harddisk0\DR0\Partition0
2011/06/29 23:44:25.0864 8440 Boot (0x1200) (88c87e24d296be9f69777f6833687694) \Device\Harddisk0\DR0\Partition1
2011/06/29 23:44:25.0883 8440 ================================================================================
2011/06/29 23:44:25.0883 8440 Scan finished
2011/06/29 23:44:25.0883 8440 ================================================================================
2011/06/29 23:44:25.0934 14088 Detected object count: 0
2011/06/29 23:44:25.0934 14088 Actual detected object count: 0



ASWMBR



aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-30 07:58:37
-----------------------------
07:58:37.307 OS Version: Windows 6.0.6002 Service Pack 2
07:58:37.308 Number of processors: 2 586 0xE0C
07:58:37.313 ComputerName: ARTHURDYER-PC UserName: Arthu Dyer
07:58:43.921 Initialize success
07:59:05.959 AVAST engine defs: 11062900
07:59:24.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:59:24.972 Disk 0 Vendor: TOSHIBA_MK1237GSX DL130M Size: 114473MB BusType: 3
07:59:27.028 Disk 0 MBR read successfully
07:59:27.034 Disk 0 MBR scan
07:59:27.040 Disk 0 unknown MBR code
07:59:29.051 Disk 0 scanning sectors +234438656
07:59:29.095 Disk 0 scanning C:\Windows\system32\drivers
08:00:29.289 Service scanning
08:00:55.734 Disk 0 trace - called modules:
08:00:56.746 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
08:00:56.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x91feb7e8]
08:00:56.770 3 CLASSPNP.SYS[92f158b3] -> nt!IofCallDriver -> [0x917288d8]
08:00:57.018 5 acpi.sys[8f48a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x91724840]
08:01:42.329 AVAST engine scan C:\Windows
12:24:31.132 AVAST engine scan C:\Users\Arthu Dyer
13:51:14.935 AVAST engine scan C:\ProgramData
14:24:22.177 Scan finished successfully
20:56:27.354 Disk 0 MBR has been saved successfully to "C:\Users\Arthu Dyer\Desktop\MBR.dat"
20:56:28.866 The log file has been saved successfully to "C:\Users\Arthu Dyer\Desktop\aswMBR.txt"

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 30 June 2011 - 03:14 PM

The aswMBR log doesn't recognise the MBR so we need to run another scanner

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 June 2011 - 03:56 PM

here you are..

hope this helps

thanks again for all your helpMBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: TOSHIBA
System Product Name: Equium L40
Logical Drives Mask: 0x00000034

Kernel Drivers (total 172):
0x8EA3A000 \SystemRoot\system32\ntkrnlpa.exe
0x8EA07000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x8F403000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8F474000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8F482000 \SystemRoot\system32\drivers\acpi.sys
0x8F4C8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8F4D1000 \SystemRoot\system32\drivers\msisadrv.sys
0x8F4D9000 \SystemRoot\system32\drivers\pci.sys
0x8F500000 \SystemRoot\System32\drivers\partmgr.sys
0x8F50F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8F512000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8F51C000 \SystemRoot\system32\drivers\volmgr.sys
0x8F52B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8F575000 \SystemRoot\system32\drivers\intelide.sys
0x8F57C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8F58A000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8F5B7000 \SystemRoot\System32\drivers\mountmgr.sys
0x8F5C7000 \SystemRoot\system32\drivers\atapi.sys
0x8F5CF000 \SystemRoot\system32\drivers\ataport.SYS
0x807B4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8F5ED000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E6000 \SystemRoot\system32\drivers\ikfilesec.sys
0x8F606000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8F677000 \SystemRoot\system32\drivers\ndis.sys
0x8F782000 \SystemRoot\system32\drivers\msrpc.sys
0x8F7AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x92E08000 \SystemRoot\System32\drivers\tcpip.sys
0x92EF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x93002000 \SystemRoot\System32\Drivers\Ntfs.sys
0x93112000 \SystemRoot\system32\drivers\volsnap.sys
0x9314B000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x93196000 \SystemRoot\System32\Drivers\spldr.sys
0x9319E000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x931AA000 \SystemRoot\System32\Drivers\mup.sys
0x931B9000 \SystemRoot\System32\drivers\ecache.sys
0x931E0000 \SystemRoot\system32\drivers\disk.sys
0x92F10000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x931F1000 \SystemRoot\system32\drivers\crcdisk.sys
0x92F51000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92F5C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x92F65000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x92F6D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96E07000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x974C2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x97562000 \SystemRoot\System32\drivers\watchdog.sys
0x9756E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x97803000 \SystemRoot\system32\DRIVERS\athr.sys
0x978EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x978F5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x97933000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x97942000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x97953000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x97966000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x97971000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9799D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9799F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x979AA000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x979AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x979C6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x979C9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x979CD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x92F7C000 \SystemRoot\system32\DRIVERS\storport.sys
0x92FBD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92FC8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92FDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x97A02000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x97A25000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x97A34000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x97A48000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x97A5D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x97A6D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x97A6F000 \SystemRoot\system32\DRIVERS\ks.sys
0x97A99000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x97AA3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97AB0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x97AE5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97AF6000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x97B49000 \SystemRoot\system32\drivers\portcls.sys
0x97B76000 \SystemRoot\system32\drivers\drmk.sys
0x97E0C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x97F28000 \SystemRoot\system32\drivers\modem.sys
0x97F35000 \SystemRoot\system32\drivers\iksysflt.sys
0x97F4A000 \SystemRoot\system32\drivers\KCOM.SYS
0x97F58000 \SystemRoot\system32\drivers\iksyssec.sys
0x97F6F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x97F96000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x97FDF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9840E000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071119.003\NAVEX15.SYS
0x9880A000 \SystemRoot\system32\DRIVERS\VX1000.sys
0x989E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x984E0000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071119.003\NAVENG.SYS
0x984F3000 \SystemRoot\system32\drivers\usbaudio.sys
0x989F5000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x98800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x98505000 \SystemRoot\System32\Drivers\Null.SYS
0x9850C000 \SystemRoot\System32\Drivers\Beep.SYS
0x98513000 \SystemRoot\System32\drivers\vga.sys
0x9851F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x98540000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x98548000 \SystemRoot\system32\drivers\rdpencdd.sys
0x98550000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9855B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x98569000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x98572000 \SystemRoot\system32\DRIVERS\tdx.sys
0x98588000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x985B6000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x985DB000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x985E1000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x985E3000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x97B9B000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x985EE000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x97BBD000 \SystemRoot\system32\DRIVERS\smb.sys
0x98A03000 \SystemRoot\system32\drivers\afd.sys
0x98A4B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98A7D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x98A93000 \SystemRoot\system32\DRIVERS\netbios.sys
0x98AA1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98AB4000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x98B1D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x98B3E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x98B45000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x98B81000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x98BA7000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
0x98BB6000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
0x9A20A000 \??\C:\Windows\system32\drivers\RapportBuka.sys
0x9A26A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9A274000 \??\C:\Windows\system32\Drivers\mchInjDrv.sys
0x9A275000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys
0x9A2A4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9A307000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9A326000 \SystemRoot\System32\Drivers\dfsc.sys
0x9A33D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9A34A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9A355000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81AD0000 \SystemRoot\System32\win32k.sys
0x9A35D000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A367000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81CF0000 \SystemRoot\System32\TSDDD.dll
0x81D10000 \SystemRoot\System32\cdd.dll
0x9A376000 \SystemRoot\system32\drivers\luafv.sys
0x9A391000 \SystemRoot\system32\drivers\WudfPf.sys
0x81D20000 \SystemRoot\System32\ATMFD.DLL
0x8820D000 \SystemRoot\system32\drivers\spsys.sys
0x882BD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x882CD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x882F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x88301000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x88314000 \SystemRoot\system32\drivers\HTTP.sys
0x88381000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8839E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x883B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x883CC000

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 30 June 2011 - 07:12 PM

The log got cut off. Please post it again :)
Posted Image
m0le is a proud member of UNITE

#9 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 01 July 2011 - 03:08 AM

oops!!! sorry

here you are


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: TOSHIBA
System Product Name: Equium L40
Logical Drives Mask: 0x00000034

Kernel Drivers (total 173):
0x8EA0B000 \SystemRoot\system32\ntkrnlpa.exe
0x8EDC5000 \SystemRoot\system32\hal.dll
0x8060C000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80683000 \SystemRoot\system32\PSHED.dll
0x80694000 \SystemRoot\system32\BOOTVID.dll
0x8069C000 \SystemRoot\system32\CLFS.SYS
0x806DD000 \SystemRoot\system32\CI.dll
0x8F406000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8F477000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8F485000 \SystemRoot\system32\drivers\acpi.sys
0x8F4CB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8F4D4000 \SystemRoot\system32\drivers\msisadrv.sys
0x8F4DC000 \SystemRoot\system32\drivers\pci.sys
0x8F503000 \SystemRoot\System32\drivers\partmgr.sys
0x8F512000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8F515000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8F51F000 \SystemRoot\system32\drivers\volmgr.sys
0x8F52E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8F578000 \SystemRoot\system32\drivers\intelide.sys
0x8F57F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8F58D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8F5BA000 \SystemRoot\System32\drivers\mountmgr.sys
0x8F5CA000 \SystemRoot\system32\drivers\atapi.sys
0x8F5D2000 \SystemRoot\system32\drivers\ataport.SYS
0x807BD000 \SystemRoot\system32\drivers\fltmgr.sys
0x8F5F0000 \SystemRoot\system32\drivers\fileinfo.sys
0x807EF000 \SystemRoot\system32\drivers\ikfilesec.sys
0x8F609000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8F67A000 \SystemRoot\system32\drivers\ndis.sys
0x8F785000 \SystemRoot\system32\drivers\msrpc.sys
0x8F7B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x92E03000 \SystemRoot\System32\drivers\tcpip.sys
0x92EF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x93005000 \SystemRoot\System32\Drivers\Ntfs.sys
0x93115000 \SystemRoot\system32\drivers\volsnap.sys
0x9314E000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x93199000 \SystemRoot\System32\Drivers\spldr.sys
0x931A1000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x931AD000 \SystemRoot\System32\Drivers\mup.sys
0x931BC000 \SystemRoot\System32\drivers\ecache.sys
0x931E3000 \SystemRoot\system32\drivers\disk.sys
0x92F0B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x931F4000 \SystemRoot\system32\drivers\crcdisk.sys
0x92F4C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92F57000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x92F60000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x92F68000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x97C0C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x982C7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x98367000 \SystemRoot\System32\drivers\watchdog.sys
0x98373000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x98406000 \SystemRoot\system32\DRIVERS\athr.sys
0x984ED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x984F8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x98536000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x98545000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x98556000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x98569000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x98574000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x985A0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x985A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x985AD000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x985B1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x985C9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x985CC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x985D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x92F77000 \SystemRoot\system32\DRIVERS\storport.sys
0x97C00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92FB8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92FCF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92FDA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F7EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x98803000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x98817000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9882C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9883C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9883E000 \SystemRoot\system32\DRIVERS\ks.sys
0x98868000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x98872000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9887F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x988B4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x988C5000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x98918000 \SystemRoot\system32\drivers\portcls.sys
0x98945000 \SystemRoot\system32\drivers\drmk.sys
0x98A00000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x98B1C000 \SystemRoot\system32\drivers\modem.sys
0x98B29000 \SystemRoot\system32\drivers\iksysflt.sys
0x98B3E000 \SystemRoot\system32\drivers\KCOM.SYS
0x98B4C000 \SystemRoot\system32\drivers\iksyssec.sys
0x98B63000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x98B8A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x99401000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071119.003\NAVEX15.SYS
0x994D3000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071119.003\NAVENG.SYS
0x994E6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9C804000 \SystemRoot\system32\DRIVERS\VX1000.sys
0x9C9E2000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9C9EF000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x994FD000 \SystemRoot\system32\drivers\usbaudio.sys
0x9950F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9C9F9000 \SystemRoot\System32\Drivers\Null.SYS
0x99518000 \SystemRoot\System32\Drivers\Beep.SYS
0x9951F000 \SystemRoot\System32\drivers\vga.sys
0x9952B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9954C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x99554000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9955C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x99567000 \SystemRoot\System32\Drivers\Npfs.SYS
0x99575000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9957E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x99594000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x995C2000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x995E7000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x9C800000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x995ED000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x98BD3000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x98BF5000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x9896A000 \SystemRoot\system32\DRIVERS\smb.sys
0x9897E000 \SystemRoot\system32\drivers\afd.sys
0x989C6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9A00C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9A022000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9A030000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9A043000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9A0AC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x9A0CD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9A0D4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9A110000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x9A136000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
0x9A145000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
0x9A152000 \??\C:\Windows\system32\drivers\RapportBuka.sys
0x9A1B2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9A1BC000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKslce71e541.sys
0x9A1C2000 \??\C:\Windows\system32\Drivers\mchInjDrv.sys
0x9A1C3000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys
0x9BC0E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9BC71000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9BC90000 \SystemRoot\System32\Drivers\dfsc.sys
0x9BCA7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9BCB4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9BCBF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x86040000 \SystemRoot\System32\win32k.sys
0x9BCC7000 \SystemRoot\System32\drivers\Dxapi.sys
0x9BCD1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x86260000 \SystemRoot\System32\TSDDD.dll
0x86280000 \SystemRoot\System32\cdd.dll
0x9BCE0000 \SystemRoot\system32\drivers\luafv.sys
0x9BCFB000 \SystemRoot\system32\drivers\WudfPf.sys
0x86290000 \SystemRoot\System32\ATMFD.DLL
0x9BD1D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BD2D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9BD57000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BD61000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8BC00000 \SystemRoot\system32\drivers\spsys.sys
0x8BCB0000 \SystemRoot\system32\drivers\HTTP.sys
0x8BD1D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8BD3A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BD53000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BD68000 \SystemRoot\system32\drivers\mrxdav.sys
0x8BD89000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8BDA8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8BDE1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BD74000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BD9C000 \SystemRoot\System32\DRIVERS\srv.sys
0xBC807000 \SystemRoot\system32\drivers\peauth.sys
0xBC959000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBC963000 \SystemRoot\System32\drivers\tcpipreg.sys
0xBC975000 \??\C:\Windows\system32\drivers\mbam.sys
0xBC979000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xBC985000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xBC99B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xBC9A5000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl8789ea5f.sys
0x77210000 \Windows\System32\ntdll.dll

Processes (total 87):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
496 C:\Windows\System32\csrss.exe
540 C:\Windows\System32\csrss.exe
548 C:\Windows\System32\wininit.exe
588 C:\Windows\System32\winlogon.exe
628 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
936 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1076 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1316 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\audiodg.exe
1492 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\SLsvc.exe
1576 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1820 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1920 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
2008 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
356 C:\Windows\System32\spoolsv.exe
464 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\agrsmsvc.exe
1560 C:\Program Files\Bonjour\mDNSResponder.exe
1296 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
1612 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2080 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
2220 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
2332 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
2388 C:\Windows\System32\svchost.exe
2452 C:\Program Files\Spyware Doctor\pctsAuxs.exe
2488 C:\Program Files\Spyware Doctor\pctsSvc.exe
2604 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2672 C:\Windows\System32\svchost.exe
2800 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
3088 C:\Windows\System32\TODDSrv.exe
3224 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3248 C:\Windows\System32\svchost.exe
3296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3372 C:\Windows\System32\SearchIndexer.exe
3396 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3952 C:\Windows\System32\CNAB4RPK.EXE
4060 C:\Windows\System32\taskeng.exe
3108 C:\Windows\System32\svchost.exe
2448 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4048 C:\Program Files\Windows Media Player\wmpnetwk.exe
2316 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2780 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
160 C:\Windows\System32\taskeng.exe
4116 C:\Windows\System32\dwm.exe
4144 C:\Windows\explorer.exe
4452 C:\Program Files\ATK Hotkey\HControl.exe
4680 C:\Program Files\ATK Hotkey\ATKOSD.exe
4728 C:\Windows\System32\wuauclt.exe
4944 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5040 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
5148 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
5324 C:\Windows\System32\hkcmd.exe
5336 C:\Windows\System32\igfxpers.exe
5424 C:\Windows\vVX1000.exe
5452 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
5464 C:\Program Files\Zune\ZuneLauncher.exe
5472 C:\Program Files\Microsoft Security Client\msseces.exe
5484 C:\Program Files\Spyware Doctor\pctsTray.exe
5496 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
5508 C:\Program Files\Windows Sidebar\sidebar.exe
5520 C:\Windows\ehome\ehtray.exe
5712 C:\Windows\System32\igfxsrvc.exe
5808 C:\Windows\System32\wbem\unsecapp.exe
5860 C:\Windows\System32\wbem\WmiPrvSE.exe
5916 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4916 C:\Program Files\Windows Sidebar\sidebar.exe
4512 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
5816 C:\Windows\ehome\ehmsas.exe
5184 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
6048 C:\Windows\System32\taskeng.exe
3564 C:\Program Files\Google\Chrome\Application\chrome.exe
6052 C:\Program Files\Google\Chrome\Application\chrome.exe
4308 C:\Program Files\Google\Chrome\Application\chrome.exe
4052 C:\Windows\System32\SearchProtocolHost.exe
3404 C:\Windows\System32\SearchFilterHost.exe
3104 C:\Users\Arthu Dyer\Desktop\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000e`57100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1237GSX, Rev: DL130M

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 01 July 2011 - 04:44 PM

Okay, that's fine. Let's see what we've got then.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 02 July 2011 - 12:52 AM

here you are... thanks



ComboFix 11-07-01.01 - Arthu Dyer 01/07/2011 23:39:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1015.243 [GMT 1:00]
Running from: c:\users\Arthu Dyer\Desktop\comfix.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\temp\PRE45
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\security\Database\tmp.edb
c:\windows\system32\no
c:\windows\system32\no\toscdspd.cpl.mui
c:\windows\system32\SV
c:\windows\system32\SV\toscdspd.cpl.mui
c:\windows\system32\sX3i02
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 23:46 . 2011-07-01 23:46 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-07-01 22:18 . 2011-07-01 22:25 -------- d-----w- C:\32788R22FWJFW
2011-07-01 17:36 . 2011-07-01 17:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
2011-07-01 09:21 . 2011-07-01 09:21 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl871839b9.sys
2011-07-01 06:23 . 2011-07-01 06:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl8789ea5f.sys
2011-07-01 06:16 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\mpengine.dll
2011-06-30 20:08 . 2011-06-30 20:08 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
2011-06-29 22:03 . 2011-06-29 22:03 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
2011-06-29 10:02 . 2011-06-29 10:02 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
2011-06-29 06:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 22:01 . 2011-06-28 22:02 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
2011-06-27 18:44 . 2011-06-27 18:44 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
2011-06-27 06:44 . 2011-06-27 06:44 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}
2011-06-26 18:43 . 2011-06-26 18:43 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
2011-06-25 21:14 . 2011-06-25 21:15 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
2011-06-24 22:19 . 2011-06-24 22:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
2011-06-24 10:18 . 2011-06-24 10:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
2011-06-23 22:18 . 2011-06-23 22:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
2011-06-22 22:12 . 2011-06-22 22:12 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
2011-06-21 22:34 . 2011-06-21 22:35 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
2011-06-20 16:31 . 2011-06-20 16:32 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
2011-06-19 21:00 . 2011-06-19 21:01 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
2011-06-18 19:59 . 2011-06-18 19:59 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
2011-06-17 00:52 . 2011-06-17 00:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
2011-06-16 08:46 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:46 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:46 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 08:46 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:46 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-16 08:46 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 08:46 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:46 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:46 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:45 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:45 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:28 . 2011-06-15 21:28 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
2011-06-14 20:37 . 2011-06-14 20:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
2011-06-14 08:37 . 2011-06-14 08:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
2011-06-13 19:52 . 2011-06-13 19:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
2011-06-12 21:52 . 2011-06-12 21:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
2011-06-11 18:18 . 2011-06-11 18:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
2011-06-10 22:53 . 2011-06-10 22:54 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
2011-06-09 20:04 . 2011-06-09 20:04 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
2011-06-08 15:26 . 2011-06-08 15:26 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
2011-06-07 23:13 . 2011-06-07 23:13 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
2011-06-07 21:19 . 2011-06-07 21:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\Tific
2011-06-07 21:19 . 2011-06-07 21:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Roaming\Tific
2011-06-06 21:50 . 2011-06-06 21:50 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
2011-06-06 07:14 . 2011-06-06 07:14 -------- d-----w- c:\windows\Standalone System Sweeper
2011-06-05 22:08 . 2011-06-14 20:45 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\VirtualStore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 09:23 . 2010-06-17 00:37 2560 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys
2011-06-07 15:55 . 2010-07-01 19:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 08:11 . 2008-11-12 23:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2008-11-12 23:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"VX1000"="c:\windows\vVX1000.exe" [2010-03-12 762736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Arthu Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Voice Recorder SyncServer.lnk - c:\windows\Installer\{A4DAC821-C790-45AC-841A-9D9E3FA7AFAC}\_EC789A19C6C439974EEDE9.exe [2011-3-31 4142]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^camtool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\camtool.lnk
backup=c:\windows\pss\camtool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 09:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-09-03 14:07 1576176 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-11-28 19:51 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl03e27013;MpKsl03e27013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl03e27013.sys [x]
R1 MpKsl063c037e;MpKsl063c037e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF198CD4-5BB3-407C-A6D5-A508D0BC6222}\MpKsl063c037e.sys [x]
R1 MpKsl06528697;MpKsl06528697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsl06528697.sys [x]
R1 MpKsl07b23d89;MpKsl07b23d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKsl07b23d89.sys [x]
R1 MpKsl091327a3;MpKsl091327a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKsl091327a3.sys [x]
R1 MpKsl09507059;MpKsl09507059;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA1523E-C8D3-4A2A-ACF4-6A02A75AA5B0}\MpKsl09507059.sys [x]
R1 MpKsl099ada60;MpKsl099ada60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl099ada60.sys [x]
R1 MpKsl0c728011;MpKsl0c728011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsl0c728011.sys [x]
R1 MpKsl0cb2c2a3;MpKsl0cb2c2a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKsl0cb2c2a3.sys [x]
R1 MpKsl0e7270b4;MpKsl0e7270b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C48689B-A4E9-4C0A-8C1D-F31DC3F2BC38}\MpKsl0e7270b4.sys [x]
R1 MpKsl107804b4;MpKsl107804b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A486441-FE1C-4F0C-8E98-1B087BE304D5}\MpKsl107804b4.sys [x]
R1 MpKsl14abc5f8;MpKsl14abc5f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKsl14abc5f8.sys [x]
R1 MpKsl17cf13b0;MpKsl17cf13b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl17cf13b0.sys [x]
R1 MpKsl18a9e2df;MpKsl18a9e2df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680715CA-4919-4354-B3DD-EA2CAD5885E4}\MpKsl18a9e2df.sys [x]
R1 MpKsl1bdc8397;MpKsl1bdc8397;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE7DEAF5-3D4E-4649-AEFC-A22A67FE0A33}\MpKsl1bdc8397.sys [x]
R1 MpKsl1d79ab22;MpKsl1d79ab22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02888C56-C25A-402A-95C2-A7DA2AC722CC}\MpKsl1d79ab22.sys [x]
R1 MpKsl1ed16b1f;MpKsl1ed16b1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl1ed16b1f.sys [x]
R1 MpKsl1fba4434;MpKsl1fba4434;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl1fba4434.sys [x]
R1 MpKsl21ae8ea3;MpKsl21ae8ea3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl21ae8ea3.sys [x]
R1 MpKsl24d82522;MpKsl24d82522;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl24d82522.sys [x]
R1 MpKsl24ddcd6e;MpKsl24ddcd6e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsl24ddcd6e.sys [x]
R1 MpKsl2824c39d;MpKsl2824c39d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl2824c39d.sys [x]
R1 MpKsl29b43ef8;MpKsl29b43ef8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A5D2B2B-9721-4CEB-B039-A631E24D5F3E}\MpKsl29b43ef8.sys [x]
R1 MpKsl2a1101b0;MpKsl2a1101b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8C7A2-44CE-4108-A348-FEBAF55CA752}\MpKsl2a1101b0.sys [x]
R1 MpKsl2beb1fe3;MpKsl2beb1fe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl2beb1fe3.sys [x]
R1 MpKsl2c4f11fe;MpKsl2c4f11fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF0AE88-2A13-40CC-A38B-4F37BB9CAF9B}\MpKsl2c4f11fe.sys [x]
R1 MpKsl2db446e0;MpKsl2db446e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKsl2db446e0.sys [x]
R1 MpKsl2ec83d55;MpKsl2ec83d55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0505502B-9025-4D4D-A6A1-4A66EC7FCF8C}\MpKsl2ec83d55.sys [x]
R1 MpKsl2f40dd33;MpKsl2f40dd33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl2f40dd33.sys [x]
R1 MpKsl305b4f6d;MpKsl305b4f6d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE7DEAF5-3D4E-4649-AEFC-A22A67FE0A33}\MpKsl305b4f6d.sys [x]
R1 MpKsl31e17efa;MpKsl31e17efa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl31e17efa.sys [x]
R1 MpKsl3508c635;MpKsl3508c635;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKsl3508c635.sys [x]
R1 MpKsl3884238e;MpKsl3884238e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02888C56-C25A-402A-95C2-A7DA2AC722CC}\MpKsl3884238e.sys [x]
R1 MpKsl38cceace;MpKsl38cceace;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl38cceace.sys [x]
R1 MpKsl39353bbe;MpKsl39353bbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKsl39353bbe.sys [x]
R1 MpKsl3c31ed7c;MpKsl3c31ed7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl3c31ed7c.sys [x]
R1 MpKsl3cb23c11;MpKsl3cb23c11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl3cb23c11.sys [x]
R1 MpKsl3cde6aff;MpKsl3cde6aff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94439C4F-A75A-4A6B-BCAA-B001399B729C}\MpKsl3cde6aff.sys [x]
R1 MpKsl41387736;MpKsl41387736;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl41387736.sys [x]
R1 MpKsl41a583de;MpKsl41a583de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44A378DB-169A-47B7-8D0C-EDF7B154A9D1}\MpKsl41a583de.sys [x]
R1 MpKsl428da48f;MpKsl428da48f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl428da48f.sys [x]
R1 MpKsl44a1ff73;MpKsl44a1ff73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl44a1ff73.sys [x]
R1 MpKsl44abafdc;MpKsl44abafdc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl44abafdc.sys [x]
R1 MpKsl457082d6;MpKsl457082d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKsl457082d6.sys [x]
R1 MpKsl46b232a1;MpKsl46b232a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl46b232a1.sys [x]
R1 MpKsl46bbcc83;MpKsl46bbcc83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsl46bbcc83.sys [x]
R1 MpKsl4996375b;MpKsl4996375b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874E0564-198B-4487-B8AF-0DF546285FEF}\MpKsl4996375b.sys [x]
R1 MpKsl4a41908b;MpKsl4a41908b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl4a41908b.sys [x]
R1 MpKsl4adeb986;MpKsl4adeb986;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl4adeb986.sys [x]
R1 MpKsl4b70d7d3;MpKsl4b70d7d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A3BDCA-550E-48E8-9532-57D9D5D598B0}\MpKsl4b70d7d3.sys [x]
R1 MpKsl4dfa7bc2;MpKsl4dfa7bc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF198CD4-5BB3-407C-A6D5-A508D0BC6222}\MpKsl4dfa7bc2.sys [x]
R1 MpKsl4e9185e3;MpKsl4e9185e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl4e9185e3.sys [x]
R1 MpKsl50d36d89;MpKsl50d36d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313C8ACC-6132-4D11-B07A-3F5AF37DF9CC}\MpKsl50d36d89.sys [x]
R1 MpKsl515294d6;MpKsl515294d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsl515294d6.sys [x]
R1 MpKsl5217d7f4;MpKsl5217d7f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C47188F7-2B14-45BD-A966-873A187F4DEC}\MpKsl5217d7f4.sys [x]
R1 MpKsl56522701;MpKsl56522701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FE0D7E-E9ED-4426-A18C-F5DE8F286152}\MpKsl56522701.sys [x]
R1 MpKsl574f0eec;MpKsl574f0eec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl574f0eec.sys [x]
R1 MpKsl57efa75a;MpKsl57efa75a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30773904-0D82-412E-A516-DE1FDC5A5FCF}\MpKsl57efa75a.sys [x]
R1 MpKsl59307636;MpKsl59307636;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8C7A2-44CE-4108-A348-FEBAF55CA752}\MpKsl59307636.sys [x]
R1 MpKsl5abd1cc2;MpKsl5abd1cc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKsl5abd1cc2.sys [x]
R1 MpKsl5adf381e;MpKsl5adf381e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A112B53-667E-41BB-A5E4-39EE1F5C33FC}\MpKsl5adf381e.sys [x]
R1 MpKsl5c7790b6;MpKsl5c7790b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl5c7790b6.sys [x]
R1 MpKsl6171b442;MpKsl6171b442;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0D739F4-5A49-4BE8-85F1-BA94663C63ED}\MpKsl6171b442.sys [x]
R1 MpKsl664d3a25;MpKsl664d3a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl664d3a25.sys [x]
R1 MpKsl666c7a55;MpKsl666c7a55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A63F0C7-AF38-48A5-8E2A-07E9C1825525}\MpKsl666c7a55.sys [x]
R1 MpKsl6adca09c;MpKsl6adca09c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKsl6adca09c.sys [x]
R1 MpKsl6c158716;MpKsl6c158716;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsl6c158716.sys [x]
R1 MpKsl6f73bbe6;MpKsl6f73bbe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl6f73bbe6.sys [x]
R1 MpKsl713acbcf;MpKsl713acbcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl713acbcf.sys [x]
R1 MpKsl7193d566;MpKsl7193d566;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B2A362A-AEB3-4C46-A0E6-AB13669E6324}\MpKsl7193d566.sys [x]
R1 MpKsl741f5ba4;MpKsl741f5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl741f5ba4.sys [x]
R1 MpKsl75dc9b60;MpKsl75dc9b60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl75dc9b60.sys [x]
R1 MpKsl768a39af;MpKsl768a39af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsl768a39af.sys [x]
R1 MpKsl77a40977;MpKsl77a40977;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680715CA-4919-4354-B3DD-EA2CAD5885E4}\MpKsl77a40977.sys [x]
R1 MpKsl79545f7c;MpKsl79545f7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl79545f7c.sys [x]
R1 MpKsl7bb2675d;MpKsl7bb2675d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E432821E-0D71-4655-834A-5B537EEE7AAD}\MpKsl7bb2675d.sys [x]
R1 MpKsl7d1384e9;MpKsl7d1384e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl7d1384e9.sys [x]
R1 MpKsl807d0b5a;MpKsl807d0b5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1E7BA13-B1DD-4B99-96BD-EA919C6059A2}\MpKsl807d0b5a.sys [x]
R1 MpKsl827feebf;MpKsl827feebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D1A83EA-CB21-42C3-B5B0-34315D3357A1}\MpKsl827feebf.sys [x]
R1 MpKsl8415ff5e;MpKsl8415ff5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A3BDCA-550E-48E8-9532-57D9D5D598B0}\MpKsl8415ff5e.sys [x]
R1 MpKsl87c5528e;MpKsl87c5528e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl87c5528e.sys [x]
R1 MpKsl87fcf776;MpKsl87fcf776;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl87fcf776.sys [x]
R1 MpKsl895ea41c;MpKsl895ea41c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52A6DC1-DB61-4C35-8BC0-164DFCB2EA08}\MpKsl895ea41c.sys [x]
R1 MpKsl8efafa5a;MpKsl8efafa5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD24B85-0FB5-4F24-8A9A-B1932A2412E6}\MpKsl8efafa5a.sys [x]
R1 MpKsl91ed609c;MpKsl91ed609c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsl91ed609c.sys [x]
R1 MpKsl93144258;MpKsl93144258;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKsl93144258.sys [x]
R1 MpKsl9402c405;MpKsl9402c405;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F885A21-0149-4F24-B5B8-8D71B0A2DB1E}\MpKsl9402c405.sys [x]
R1 MpKsl94dfedeb;MpKsl94dfedeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsl94dfedeb.sys [x]
R1 MpKsl95cc16fc;MpKsl95cc16fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874E0564-198B-4487-B8AF-0DF546285FEF}\MpKsl95cc16fc.sys [x]
R1 MpKsl95d7a9e9;MpKsl95d7a9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F4A931F-D163-4AB0-92A3-59C27819327B}\MpKsl95d7a9e9.sys [x]
R1 MpKsl976ddc95;MpKsl976ddc95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsl976ddc95.sys [x]
R1 MpKsl98b47f5d;MpKsl98b47f5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{457D5952-F170-4227-86C8-7DF0BCF346AB}\MpKsl98b47f5d.sys [x]
R1 MpKsl9b666f2a;MpKsl9b666f2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E4DDEC5-FB0C-43B1-B3EA-3F78F743B563}\MpKsl9b666f2a.sys [x]
R1 MpKsl9f0c187b;MpKsl9f0c187b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl9f0c187b.sys [x]
R1 MpKsl9f173418;MpKsl9f173418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl9f173418.sys [x]
R1 MpKsla04ae90f;MpKsla04ae90f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsla04ae90f.sys [x]
R1 MpKsla1662aee;MpKsla1662aee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{468AEF13-FC55-44C4-9A83-F97E6404B41B}\MpKsla1662aee.sys [x]
R1 MpKsla28e481f;MpKsla28e481f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsla28e481f.sys [x]
R1 MpKsla4470473;MpKsla4470473;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsla4470473.sys [x]
R1 MpKsla5488081;MpKsla5488081;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsla5488081.sys [x]
R1 MpKsla8c8eaff;MpKsla8c8eaff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsla8c8eaff.sys [x]
R1 MpKsla994e2ea;MpKsla994e2ea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F684C683-1B09-4DF1-B56E-FC33BFE043E3}\MpKsla994e2ea.sys [x]
R1 MpKsla9dc48c9;MpKsla9dc48c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsla9dc48c9.sys [x]
R1 MpKslaa12ed40;MpKslaa12ed40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKslaa12ed40.sys [x]
R1 MpKslab624f98;MpKslab624f98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKslab624f98.sys [x]
R1 MpKslacf71ee4;MpKslacf71ee4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKslacf71ee4.sys [x]
R1 MpKslae41b0bb;MpKslae41b0bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKslae41b0bb.sys [x]
R1 MpKslb0572c78;MpKslb0572c78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKslb0572c78.sys [x]
R1 MpKslb442ac86;MpKslb442ac86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F885A21-0149-4F24-B5B8-8D71B0A2DB1E}\MpKslb442ac86.sys [x]
R1 MpKslb75f41b2;MpKslb75f41b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A63F0C7-AF38-48A5-8E2A-07E9C1825525}\MpKslb75f41b2.sys [x]
R1 MpKslb9ce8614;MpKslb9ce8614;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKslb9ce8614.sys [x]
R1 MpKslb9f94f18;MpKslb9f94f18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKslb9f94f18.sys [x]
R1 MpKslbb3eb4ad;MpKslbb3eb4ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDDA15F-1EC8-4DA2-8B6D-4AD2A984BBD3}\MpKslbb3eb4ad.sys [x]
R1 MpKslbdd8c472;MpKslbdd8c472;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKslbdd8c472.sys [x]
R1 MpKslc157ad7d;MpKslc157ad7d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKslc157ad7d.sys [x]
R1 MpKslc3334383;MpKslc3334383;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKslc3334383.sys [x]
R1 MpKslc3ae3ac1;MpKslc3ae3ac1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8238EE2C-C5B3-40BD-9510-8E37777D8080}\MpKslc3ae3ac1.sys [x]
R1 MpKslc4694066;MpKslc4694066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKslc4694066.sys [x]
R1 MpKslc732e207;MpKslc732e207;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKslc732e207.sys [x]
R1 MpKslcd86f80c;MpKslcd86f80c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKslcd86f80c.sys [x]
R1 MpKslce71e541;MpKslce71e541;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKslce71e541.sys [x]
R1 MpKslce9f7f52;MpKslce9f7f52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{228FA935-2BA0-4487-9D56-E5E7CA1A8BF2}\MpKslce9f7f52.sys [x]
R1 MpKsld454d676;MpKsld454d676;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsld454d676.sys [x]
R1 MpKsld6d3a1a9;MpKsld6d3a1a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKsld6d3a1a9.sys [x]
R1 MpKsld748a313;MpKsld748a313;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA1523E-C8D3-4A2A-ACF4-6A02A75AA5B0}\MpKsld748a313.sys [x]
R1 MpKsld7d8c42c;MpKsld7d8c42c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313C8ACC-6132-4D11-B07A-3F5AF37DF9CC}\MpKsld7d8c42c.sys [x]
R1 MpKslda9372e8;MpKslda9372e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKslda9372e8.sys [x]
R1 MpKsldee6b099;MpKsldee6b099;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsldee6b099.sys [x]
R1 MpKsle03acc55;MpKsle03acc55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsle03acc55.sys [x]
R1 MpKsle453939f;MpKsle453939f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsle453939f.sys [x]
R1 MpKsle4ad32a7;MpKsle4ad32a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsle4ad32a7.sys [x]
R1 MpKsle4d9f192;MpKsle4d9f192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsle4d9f192.sys [x]
R1 MpKsle69f0590;MpKsle69f0590;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsle69f0590.sys [x]
R1 MpKsled2e400f;MpKsled2e400f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{213E658B-13B0-4372-8E38-D691A4BA9BAA}\MpKsled2e400f.sys [x]
R1 MpKsled479e2a;MpKsled479e2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07BF9D48-F145-41A2-A2EC-64CFC0AB3ACE}\MpKsled479e2a.sys [x]
R1 MpKsledd21bdf;MpKsledd21bdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKsledd21bdf.sys [x]
R1 MpKslf3e8f996;MpKslf3e8f996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E432821E-0D71-4655-834A-5B537EEE7AAD}\MpKslf3e8f996.sys [x]
R1 MpKslf511033d;MpKslf511033d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50185E05-C6ED-41E9-A946-23185FD7A16A}\MpKslf511033d.sys [x]
R1 MpKslf58b521c;MpKslf58b521c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKslf58b521c.sys [x]
R1 MpKslf6fd4b72;MpKslf6fd4b72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKslf6fd4b72.sys [x]
R1 MpKslf731ec94;MpKslf731ec94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKslf731ec94.sys [x]
R1 MpKslfd810a48;MpKslfd810a48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94439C4F-A75A-4A6B-BCAA-B001399B729C}\MpKslfd810a48.sys [x]
R1 MpKslfe2aa58c;MpKslfe2aa58c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD2F0A6B-356B-4CB2-A40B-C6D82821392C}\MpKslfe2aa58c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cad5df84f9ff00;Google Update Service (gupdate1cad5df84f9ff00);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys [2007-11-06 180272]
S1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\Drivers\mchInjDrv.sys [2011-07-01 2560]
S1 MpKsl871839b9;MpKsl871839b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl871839b9.sys [2011-07-01 28752]
S1 MpKsl8789ea5f;MpKsl8789ea5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl8789ea5f.sys [2011-07-01 28752]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-06 390528]
S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2010-12-15 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-15 112688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MPKSL871839B9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 23:18]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 23:18]
.
2011-06-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Arthu Dyer.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-07-02 c:\windows\Tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
AddRemove-Switch - c:\program files\NCH Swift Sound\Switch\uninst.exe
AddRemove-{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1 - c:\program files\WAV MP3 Converter 4\unins000.exe
AddRemove-Adobe Digital Editions - c:\users\arthu dyer\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-02 00:49
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-02 01:15:14
ComboFix-quarantined-files.txt 2011-07-02 00:14
.
Pre-Run: 2,241,884,160 bytes free
Post-Run: 1,955,872,768 bytes free
.
- - End Of File - - 2DCFE9543DCFAA2ABFC58EA5AEC668B4

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 02 July 2011 - 04:00 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
c:\users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
c:\users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
c:\users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
c:\users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
c:\users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
c:\users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}
c:\users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
c:\users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
c:\users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
c:\users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
c:\users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
c:\users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
c:\users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
c:\users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
c:\users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
c:\users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
c:\users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
c:\users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
c:\users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
c:\users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
c:\users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
c:\users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
c:\users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
c:\users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
c:\users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
c:\users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
c:\users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
c:\users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 02 July 2011 - 11:54 PM

here you are



ComboFix 11-07-02.02 - Arthu Dyer 02/07/2011 21:36:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1015.249 [GMT 1:00]
Running from: c:\users\Arthu Dyer\Desktop\comfix.exe.exe
Command switches used :: c:\users\Arthu Dyer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}"
"c:\users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}"
"c:\users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}"
"c:\users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}"
"c:\users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}"
"c:\users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}"
"c:\users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}"
"c:\users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}"
"c:\users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}"
"c:\users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}"
"c:\users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}"
"c:\users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}"
"c:\users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}"
"c:\users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}"
"c:\users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}"
"c:\users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}"
"c:\users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}"
"c:\users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}"
"c:\users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}"
"c:\users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}"
"c:\users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}"
"c:\users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}"
"c:\users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}"
"c:\users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}"
"c:\users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}"
"c:\users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}"
"c:\users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}"
"c:\users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}"
"c:\users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\comfix.exe
c:\comfix.exe\023.dat
c:\comfix.exe\023v.dat
c:\comfix.exe\023w7.dat
c:\comfix.exe\AppDataFile.cfx
c:\comfix.exe\AppDataFolder.cfx
c:\comfix.exe\appinit.bad
c:\comfix.exe\asp.str
c:\comfix.exe\Assoc.cmd
c:\comfix.exe\ATTRIB.cfxxe
c:\comfix.exe\Auto-RC.cmd
c:\comfix.exe\av.cmd
c:\comfix.exe\av.vbs
c:\comfix.exe\AWF.cmd
c:\comfix.exe\badclsid.c
c:\comfix.exe\Boot-Rk.cmd
c:\comfix.exe\Boot.bat
c:\comfix.exe\BootDrv.vbs
c:\comfix.exe\c.bat
c:\comfix.exe\c.mrk
c:\comfix.exe\Catch-sub.cmd
c:\comfix.exe\catchme.cfxxe
c:\comfix.exe\CCS.bat
c:\comfix.exe\CF-Script.cmd
c:\comfix.exe\CF11155.cfxxe
c:\comfix.exe\CHCP.bat
c:\comfix.exe\clsid.c
c:\comfix.exe\Combobatch.bat
c:\comfix.exe\ComboFix-Download.cfxxe
c:\comfix.exe\Create.cmd
c:\comfix.exe\Creg.dat
c:\comfix.exe\CregC.cmd
c:\comfix.exe\CregC.dat
c:\comfix.exe\CSCRIPT.cfxxe
c:\comfix.exe\CSet.cmd
c:\comfix.exe\dd.cfxxe
c:\comfix.exe\ddsDo.sed
c:\comfix.exe\DelClsid.bat
c:\comfix.exe\DelClsid64.bat
c:\comfix.exe\desktop.ini
c:\comfix.exe\DesktopFile.cfx
c:\comfix.exe\DisclaimED.dat
c:\comfix.exe\DPF.str
c:\comfix.exe\DrvRun.vbs
c:\comfix.exe\dumphive.cfxxe
c:\comfix.exe\embedded.sed
c:\comfix.exe\en-GB\ATTRIB.cfxxe.mui
c:\comfix.exe\en-GB\CF11155.cfxxe.mui
c:\comfix.exe\en-GB\CMD.cfxxe.mui
c:\comfix.exe\en-GB\CSCRIPT.cfxxe.mui
c:\comfix.exe\en-GB\PING.cfxxe.mui
c:\comfix.exe\en-GB\REGT.cfxxe.mui
c:\comfix.exe\en-GB\ROUTE.cfxxe.mui
c:\comfix.exe\en-US\ATTRIB.cfxxe.mui
c:\comfix.exe\en-US\CF11155.cfxxe.mui
c:\comfix.exe\en-US\cmd.cfxxe.mui
c:\comfix.exe\en-US\CSCRIPT.cfxxe.mui
c:\comfix.exe\en-US\PING.cfxxe.mui
c:\comfix.exe\en-US\REGT.cfxxe.mui
c:\comfix.exe\en-US\ROUTE.cfxxe.mui
c:\comfix.exe\ERDNT.e_e
c:\comfix.exe\ERDNTDOS.LOC
c:\comfix.exe\ERDNTWIN.LOC
c:\comfix.exe\ERUNT.cfxxe
c:\comfix.exe\erunt.dat
c:\comfix.exe\ERUNT.LOC
c:\comfix.exe\Exe.reg
c:\comfix.exe\extract.cfxxe
c:\comfix.exe\FavoriteFolder.cfx
c:\comfix.exe\FavoritesFile.cfx
c:\comfix.exe\FD-SV.cmd
c:\comfix.exe\ffdefstr.dll
c:\comfix.exe\FileKill.cfxxe
c:\comfix.exe\files.pif
c:\comfix.exe\Fin.dat
c:\comfix.exe\FIND3M.bat
c:\comfix.exe\FIXLSP.bat
c:\comfix.exe\FKMGen.cmd
c:\comfix.exe\ForeignWht
c:\comfix.exe\GetHive.cmd
c:\comfix.exe\grep.cfxxe
c:\comfix.exe\gsar.cfxxe
c:\comfix.exe\handle.cfxxe
c:\comfix.exe\HDPEInfo.cfxxe
c:\comfix.exe\hidec.cfxxe
c:\comfix.exe\history.bat
c:\comfix.exe\hwid.pif
c:\comfix.exe\iexplore.exe
c:\comfix.exe\image001.gif
c:\comfix.exe\Imefile.dat
c:\comfix.exe\Install-RC.cmd
c:\comfix.exe\katch.cmd
c:\comfix.exe\Kill-All.cmd
c:\comfix.exe\kmd.dat
c:\comfix.exe\Lang.bat
c:\comfix.exe\List-B.bat
c:\comfix.exe\List-C.bat
c:\comfix.exe\List-D.bat
c:\comfix.exe\List.bat
c:\comfix.exe\lnkread.vbs
c:\comfix.exe\LocalAppDataFile.cfx
c:\comfix.exe\LocalAppDataFolder.cfx
c:\comfix.exe\LocalService.dat
c:\comfix.exe\LocalServiceNetworkRestricted.dat
c:\comfix.exe\LocalSettingsFile.cfx
c:\comfix.exe\LocalSystemNetworkRestricted.dat
c:\comfix.exe\mbr.cfxxe
c:\comfix.exe\mbr.chk
c:\comfix.exe\md5sum.pif
c:\comfix.exe\Mirrors
c:\comfix.exe\MoveIt.bat
c:\comfix.exe\mtee.cfxxe
c:\comfix.exe\MtPt00
c:\comfix.exe\MUI
c:\comfix.exe\mynul.dat
c:\comfix.exe\N_\13220
c:\comfix.exe\N_\1372
c:\comfix.exe\N_\13860
c:\comfix.exe\N_\15495
c:\comfix.exe\N_\16206
c:\comfix.exe\N_\19347
c:\comfix.exe\N_\19865
c:\comfix.exe\N_\21592
c:\comfix.exe\N_\22772
c:\comfix.exe\N_\29362
c:\comfix.exe\N_\30712
c:\comfix.exe\N_\31311
c:\comfix.exe\N_\3522
c:\comfix.exe\N_\4373
c:\comfix.exe\N_\4877
c:\comfix.exe\N_\574
c:\comfix.exe\N_\8468
c:\comfix.exe\N_\8725
c:\comfix.exe\N_\8896
c:\comfix.exe\N_\pingtest
c:\comfix.exe\ncmd.com
c:\comfix.exe\ND_.bat
c:\comfix.exe\ND_64.bat
c:\comfix.exe\ndis_combofix.dat
c:\comfix.exe\netsvc.bad.dat
c:\comfix.exe\netsvc.dat
c:\comfix.exe\netsvc.vista.dat
c:\comfix.exe\netsvc.xp.dat
c:\comfix.exe\NetworkService.dat
c:\comfix.exe\NirCmd.cfxxe
c:\comfix.exe\NircmdB.exe
c:\comfix.exe\NirCmdC.cfxxe
c:\comfix.exe\NIRKMD.cfxxe
c:\comfix.exe\NlsLanguageDefault
c:\comfix.exe\NT-OS.cmd
c:\comfix.exe\NULL
c:\comfix.exe\OSid.vbs
c:\comfix.exe\pausep.cfxxe
c:\comfix.exe\PersonalFile.cfx
c:\comfix.exe\PersonalFolder.cfx
c:\comfix.exe\pev.cfxxe
c:\comfix.exe\pevb.cfxxe
c:\comfix.exe\PING.cfxxe
c:\comfix.exe\Policies.dat
c:\comfix.exe\powp.dat
c:\comfix.exe\Prep.inf
c:\comfix.exe\ProfilesFile.cfx
c:\comfix.exe\ProfilesFolder.cfx
c:\comfix.exe\ProgramsFile.cfx
c:\comfix.exe\ProgramsFolder.cfx
c:\comfix.exe\Purity.dat
c:\comfix.exe\PV.cfxxe
c:\comfix.exe\pv.com
c:\comfix.exe\rar_sfx.cmd
c:\comfix.exe\RCLink.dat
c:\comfix.exe\REGDACL.sed
c:\comfix.exe\RegDo.sed
c:\comfix.exe\region.dat
c:\comfix.exe\RegScan.cmd
c:\comfix.exe\RegScan64.cmd
c:\comfix.exe\Resident.txt
c:\comfix.exe\restore_pt.vbs
c:\comfix.exe\Rkey.cmd
c:\comfix.exe\rmbr.cfxxe
c:\comfix.exe\rogues.dat
c:\comfix.exe\ROUTE.cfxxe
c:\comfix.exe\run2.sed
c:\comfix.exe\Rust.str
c:\comfix.exe\s0rt.cfxxe
c:\comfix.exe\safeboot.dat
c:\comfix.exe\safeboot.def.dat
c:\comfix.exe\safeboot.def.vista.dat
c:\comfix.exe\Safeboot.def.w7.dat
c:\comfix.exe\sed.cfxxe
c:\comfix.exe\SetEnvmt.bat
c:\comfix.exe\setpath.cfxxe
c:\comfix.exe\setpath_N.cmd
c:\comfix.exe\SF.exe
c:\comfix.exe\sfx.cmd
c:\comfix.exe\SnapShot.cmd
c:\comfix.exe\SRestore.cmd
c:\comfix.exe\srizbi.md5
c:\comfix.exe\Start_dat
c:\comfix.exe\StartMenuFile.cfx
c:\comfix.exe\StartMenuFolder.cfx
c:\comfix.exe\StartUpFile.cfx
c:\comfix.exe\SuppScan.cmd
c:\comfix.exe\svc_wht.dat
c:\comfix.exe\SvcDrv.vbs
c:\comfix.exe\svchost.dat
c:\comfix.exe\svchost.vista.dat
c:\comfix.exe\svchost.vista.x64.dat
c:\comfix.exe\svchost.w7.dat
c:\comfix.exe\svchost.w7.x64.dat
c:\comfix.exe\swreg.cfxxe
c:\comfix.exe\swsc.cfxxe
c:\comfix.exe\swxcacls.cfxxe
c:\comfix.exe\system_ini.dat
c:\comfix.exe\tail.cfxxe
c:\comfix.exe\TemplatesFile.cfx
c:\comfix.exe\TemplatesFolder.cfx
c:\comfix.exe\toolbar.sed
c:\comfix.exe\Update-CF.cmd
c:\comfix.exe\VerCF.bat
c:\comfix.exe\version.txt
c:\comfix.exe\VikPev00
c:\comfix.exe\VInfo
c:\comfix.exe\VInfo2
c:\comfix.exe\VINFO3
c:\comfix.exe\Vipev.dat
c:\comfix.exe\Vista.krl
c:\comfix.exe\Vista.mac
c:\comfix.exe\vistaMcode.dat
c:\comfix.exe\vistareg.dat
c:\comfix.exe\vun.dat
c:\comfix.exe\VwinTemp.dacl
c:\comfix.exe\w_sock.dll
c:\comfix.exe\w2k_sock.dll
c:\comfix.exe\w2kreg.dat
c:\comfix.exe\w7Mcode.dat
c:\comfix.exe\w7reg.dat
c:\comfix.exe\Wmi_rem.vbs
c:\comfix.exe\xpmcode.dat
c:\comfix.exe\xpreg.dat
c:\comfix.exe\XPSBoot.reg
c:\comfix.exe\zDomain.dat
c:\comfix.exe\zhsvc.dat
c:\comfix.exe\zip.cfxxe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-02 22:31 . 2011-07-02 22:31 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-07-02 09:35 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFF14E03-7659-4990-9C74-5BE2492C19F1}\mpengine.dll
2011-07-01 17:36 . 2011-07-01 17:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{3F6AC618-0C96-4529-B5F2-1B23C4130291}
2011-06-30 20:08 . 2011-06-30 20:08 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{A48AE574-BED4-43B7-8CCF-41FF49390355}
2011-06-29 22:03 . 2011-06-29 22:03 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{9C722DB9-B638-48BF-A742-14F1D0AAF14A}
2011-06-29 10:02 . 2011-06-29 10:02 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59F2207E-7872-4D84-A8B4-87F3BAA98472}
2011-06-29 06:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 22:01 . 2011-06-28 22:02 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{C784C3EA-AED8-46E1-87B0-FCFA08494F37}
2011-06-27 18:44 . 2011-06-27 18:44 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8}
2011-06-27 06:44 . 2011-06-27 06:44 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{DD400900-C588-472C-A2D6-AE762076EF5E}
2011-06-26 18:43 . 2011-06-26 18:43 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8}
2011-06-25 21:14 . 2011-06-25 21:15 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{4A317B6C-15E5-4C03-8526-03BDE187DDBC}
2011-06-24 22:19 . 2011-06-24 22:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{2BFFA91E-A287-4CF0-8034-83AEEA2B1579}
2011-06-24 10:18 . 2011-06-24 10:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247}
2011-06-23 22:18 . 2011-06-23 22:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{CA5A511F-9D2D-4FDA-80EA-94360300AE50}
2011-06-22 22:12 . 2011-06-22 22:12 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED}
2011-06-21 22:34 . 2011-06-21 22:35 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{2A7A6530-A9C2-4022-8D90-A6362049099F}
2011-06-20 16:31 . 2011-06-20 16:32 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{095A699F-D510-40A1-B1A7-DE0A5892EF5D}
2011-06-19 21:00 . 2011-06-19 21:01 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399}
2011-06-18 19:59 . 2011-06-18 19:59 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{E2E051D0-B549-4830-B83C-C651053A0E5E}
2011-06-17 00:52 . 2011-06-17 00:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{233D9C26-525F-44C1-B0BA-45F0D6B8591A}
2011-06-16 08:46 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:46 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:46 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 08:46 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:46 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-16 08:46 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 08:46 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:46 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:46 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:45 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:45 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:28 . 2011-06-15 21:28 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59835181-4CE7-45E7-B039-3166EE934393}
2011-06-14 20:37 . 2011-06-14 20:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C}
2011-06-14 08:37 . 2011-06-14 08:37 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0}
2011-06-13 19:52 . 2011-06-13 19:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF}
2011-06-12 21:52 . 2011-06-12 21:52 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{F9381C5A-DD94-4F14-A64C-75E883F2E454}
2011-06-11 18:18 . 2011-06-11 18:18 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF}
2011-06-10 22:53 . 2011-06-10 22:54 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{BD0C291E-E399-496B-B482-3B7A9C386DB5}
2011-06-09 20:04 . 2011-06-09 20:04 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{6CB05047-FB4D-47BB-A14A-E96100443178}
2011-06-08 15:26 . 2011-06-08 15:26 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{5FFAA2C9-D699-42F9-8B63-CEFD337A978F}
2011-06-07 23:13 . 2011-06-07 23:13 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{8AF12DED-D6F1-4944-B410-FA278BC465BA}
2011-06-07 21:19 . 2011-06-07 21:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\Tific
2011-06-07 21:19 . 2011-06-07 21:19 -------- dc----w- c:\users\Arthu Dyer\AppData\Roaming\Tific
2011-06-06 21:50 . 2011-06-06 21:50 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\{A7742DEC-93A2-4610-AC21-8CEC2E88FC23}
2011-06-06 07:14 . 2011-06-06 07:14 -------- d-----w- c:\windows\Standalone System Sweeper
2011-06-05 22:08 . 2011-06-14 20:45 -------- dc----w- c:\users\Arthu Dyer\AppData\Local\VirtualStore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 09:23 . 2010-06-17 00:37 2560 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys
2011-06-07 15:55 . 2010-07-01 19:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 08:11 . 2008-11-12 23:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2008-11-12 23:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"VX1000"="c:\windows\vVX1000.exe" [2010-03-12 762736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Arthu Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Voice Recorder SyncServer.lnk - c:\windows\Installer\{A4DAC821-C790-45AC-841A-9D9E3FA7AFAC}\_EC789A19C6C439974EEDE9.exe [2011-3-31 4142]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^camtool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\camtool.lnk
backup=c:\windows\pss\camtool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 09:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 10:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-09-03 14:07 1576176 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-11-28 19:51 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl03e27013;MpKsl03e27013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl03e27013.sys [x]
R1 MpKsl063c037e;MpKsl063c037e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF198CD4-5BB3-407C-A6D5-A508D0BC6222}\MpKsl063c037e.sys [x]
R1 MpKsl06528697;MpKsl06528697;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsl06528697.sys [x]
R1 MpKsl07b23d89;MpKsl07b23d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKsl07b23d89.sys [x]
R1 MpKsl091327a3;MpKsl091327a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKsl091327a3.sys [x]
R1 MpKsl09507059;MpKsl09507059;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA1523E-C8D3-4A2A-ACF4-6A02A75AA5B0}\MpKsl09507059.sys [x]
R1 MpKsl099ada60;MpKsl099ada60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl099ada60.sys [x]
R1 MpKsl0c728011;MpKsl0c728011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsl0c728011.sys [x]
R1 MpKsl0cb2c2a3;MpKsl0cb2c2a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKsl0cb2c2a3.sys [x]
R1 MpKsl0e7270b4;MpKsl0e7270b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C48689B-A4E9-4C0A-8C1D-F31DC3F2BC38}\MpKsl0e7270b4.sys [x]
R1 MpKsl107804b4;MpKsl107804b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A486441-FE1C-4F0C-8E98-1B087BE304D5}\MpKsl107804b4.sys [x]
R1 MpKsl14abc5f8;MpKsl14abc5f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKsl14abc5f8.sys [x]
R1 MpKsl17cf13b0;MpKsl17cf13b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl17cf13b0.sys [x]
R1 MpKsl18a9e2df;MpKsl18a9e2df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680715CA-4919-4354-B3DD-EA2CAD5885E4}\MpKsl18a9e2df.sys [x]
R1 MpKsl1bdc8397;MpKsl1bdc8397;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE7DEAF5-3D4E-4649-AEFC-A22A67FE0A33}\MpKsl1bdc8397.sys [x]
R1 MpKsl1d79ab22;MpKsl1d79ab22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02888C56-C25A-402A-95C2-A7DA2AC722CC}\MpKsl1d79ab22.sys [x]
R1 MpKsl1ed16b1f;MpKsl1ed16b1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl1ed16b1f.sys [x]
R1 MpKsl1fba4434;MpKsl1fba4434;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl1fba4434.sys [x]
R1 MpKsl21ae8ea3;MpKsl21ae8ea3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl21ae8ea3.sys [x]
R1 MpKsl24d82522;MpKsl24d82522;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl24d82522.sys [x]
R1 MpKsl24ddcd6e;MpKsl24ddcd6e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsl24ddcd6e.sys [x]
R1 MpKsl2824c39d;MpKsl2824c39d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl2824c39d.sys [x]
R1 MpKsl29b43ef8;MpKsl29b43ef8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A5D2B2B-9721-4CEB-B039-A631E24D5F3E}\MpKsl29b43ef8.sys [x]
R1 MpKsl2a1101b0;MpKsl2a1101b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8C7A2-44CE-4108-A348-FEBAF55CA752}\MpKsl2a1101b0.sys [x]
R1 MpKsl2beb1fe3;MpKsl2beb1fe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl2beb1fe3.sys [x]
R1 MpKsl2c4f11fe;MpKsl2c4f11fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF0AE88-2A13-40CC-A38B-4F37BB9CAF9B}\MpKsl2c4f11fe.sys [x]
R1 MpKsl2db446e0;MpKsl2db446e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKsl2db446e0.sys [x]
R1 MpKsl2ec83d55;MpKsl2ec83d55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0505502B-9025-4D4D-A6A1-4A66EC7FCF8C}\MpKsl2ec83d55.sys [x]
R1 MpKsl2f40dd33;MpKsl2f40dd33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl2f40dd33.sys [x]
R1 MpKsl305b4f6d;MpKsl305b4f6d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE7DEAF5-3D4E-4649-AEFC-A22A67FE0A33}\MpKsl305b4f6d.sys [x]
R1 MpKsl31e17efa;MpKsl31e17efa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl31e17efa.sys [x]
R1 MpKsl3508c635;MpKsl3508c635;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKsl3508c635.sys [x]
R1 MpKsl3884238e;MpKsl3884238e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02888C56-C25A-402A-95C2-A7DA2AC722CC}\MpKsl3884238e.sys [x]
R1 MpKsl38cceace;MpKsl38cceace;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl38cceace.sys [x]
R1 MpKsl39353bbe;MpKsl39353bbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKsl39353bbe.sys [x]
R1 MpKsl3c31ed7c;MpKsl3c31ed7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl3c31ed7c.sys [x]
R1 MpKsl3cb23c11;MpKsl3cb23c11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsl3cb23c11.sys [x]
R1 MpKsl3cde6aff;MpKsl3cde6aff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94439C4F-A75A-4A6B-BCAA-B001399B729C}\MpKsl3cde6aff.sys [x]
R1 MpKsl41387736;MpKsl41387736;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl41387736.sys [x]
R1 MpKsl41a583de;MpKsl41a583de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44A378DB-169A-47B7-8D0C-EDF7B154A9D1}\MpKsl41a583de.sys [x]
R1 MpKsl428da48f;MpKsl428da48f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl428da48f.sys [x]
R1 MpKsl44a1ff73;MpKsl44a1ff73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl44a1ff73.sys [x]
R1 MpKsl44abafdc;MpKsl44abafdc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsl44abafdc.sys [x]
R1 MpKsl457082d6;MpKsl457082d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKsl457082d6.sys [x]
R1 MpKsl46b232a1;MpKsl46b232a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl46b232a1.sys [x]
R1 MpKsl46bbcc83;MpKsl46bbcc83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsl46bbcc83.sys [x]
R1 MpKsl4996375b;MpKsl4996375b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874E0564-198B-4487-B8AF-0DF546285FEF}\MpKsl4996375b.sys [x]
R1 MpKsl4a41908b;MpKsl4a41908b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl4a41908b.sys [x]
R1 MpKsl4adeb986;MpKsl4adeb986;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl4adeb986.sys [x]
R1 MpKsl4b70d7d3;MpKsl4b70d7d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A3BDCA-550E-48E8-9532-57D9D5D598B0}\MpKsl4b70d7d3.sys [x]
R1 MpKsl4dfa7bc2;MpKsl4dfa7bc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF198CD4-5BB3-407C-A6D5-A508D0BC6222}\MpKsl4dfa7bc2.sys [x]
R1 MpKsl4e9185e3;MpKsl4e9185e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl4e9185e3.sys [x]
R1 MpKsl50d36d89;MpKsl50d36d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313C8ACC-6132-4D11-B07A-3F5AF37DF9CC}\MpKsl50d36d89.sys [x]
R1 MpKsl515294d6;MpKsl515294d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsl515294d6.sys [x]
R1 MpKsl5217d7f4;MpKsl5217d7f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C47188F7-2B14-45BD-A966-873A187F4DEC}\MpKsl5217d7f4.sys [x]
R1 MpKsl56522701;MpKsl56522701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FE0D7E-E9ED-4426-A18C-F5DE8F286152}\MpKsl56522701.sys [x]
R1 MpKsl574f0eec;MpKsl574f0eec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl574f0eec.sys [x]
R1 MpKsl57efa75a;MpKsl57efa75a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30773904-0D82-412E-A516-DE1FDC5A5FCF}\MpKsl57efa75a.sys [x]
R1 MpKsl59307636;MpKsl59307636;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8B8C7A2-44CE-4108-A348-FEBAF55CA752}\MpKsl59307636.sys [x]
R1 MpKsl5abd1cc2;MpKsl5abd1cc2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKsl5abd1cc2.sys [x]
R1 MpKsl5adf381e;MpKsl5adf381e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A112B53-667E-41BB-A5E4-39EE1F5C33FC}\MpKsl5adf381e.sys [x]
R1 MpKsl5c7790b6;MpKsl5c7790b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl5c7790b6.sys [x]
R1 MpKsl6171b442;MpKsl6171b442;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0D739F4-5A49-4BE8-85F1-BA94663C63ED}\MpKsl6171b442.sys [x]
R1 MpKsl664d3a25;MpKsl664d3a25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKsl664d3a25.sys [x]
R1 MpKsl666c7a55;MpKsl666c7a55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A63F0C7-AF38-48A5-8E2A-07E9C1825525}\MpKsl666c7a55.sys [x]
R1 MpKsl6adca09c;MpKsl6adca09c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKsl6adca09c.sys [x]
R1 MpKsl6c158716;MpKsl6c158716;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsl6c158716.sys [x]
R1 MpKsl6f73bbe6;MpKsl6f73bbe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl6f73bbe6.sys [x]
R1 MpKsl713acbcf;MpKsl713acbcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl713acbcf.sys [x]
R1 MpKsl7193d566;MpKsl7193d566;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B2A362A-AEB3-4C46-A0E6-AB13669E6324}\MpKsl7193d566.sys [x]
R1 MpKsl741f5ba4;MpKsl741f5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C99D516-DA72-4167-86B4-6C76BDA76584}\MpKsl741f5ba4.sys [x]
R1 MpKsl75dc9b60;MpKsl75dc9b60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl75dc9b60.sys [x]
R1 MpKsl768a39af;MpKsl768a39af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsl768a39af.sys [x]
R1 MpKsl77a40977;MpKsl77a40977;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680715CA-4919-4354-B3DD-EA2CAD5885E4}\MpKsl77a40977.sys [x]
R1 MpKsl79545f7c;MpKsl79545f7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F83FC22-F523-493C-8972-E40789A6B547}\MpKsl79545f7c.sys [x]
R1 MpKsl7bb2675d;MpKsl7bb2675d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E432821E-0D71-4655-834A-5B537EEE7AAD}\MpKsl7bb2675d.sys [x]
R1 MpKsl7d1384e9;MpKsl7d1384e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16DA959-2552-4E8B-89C9-E2DCD5746D4C}\MpKsl7d1384e9.sys [x]
R1 MpKsl807d0b5a;MpKsl807d0b5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1E7BA13-B1DD-4B99-96BD-EA919C6059A2}\MpKsl807d0b5a.sys [x]
R1 MpKsl827feebf;MpKsl827feebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D1A83EA-CB21-42C3-B5B0-34315D3357A1}\MpKsl827feebf.sys [x]
R1 MpKsl8415ff5e;MpKsl8415ff5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A3BDCA-550E-48E8-9532-57D9D5D598B0}\MpKsl8415ff5e.sys [x]
R1 MpKsl87c5528e;MpKsl87c5528e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE6CB6C-7788-4221-89FE-8308850FE93A}\MpKsl87c5528e.sys [x]
R1 MpKsl87fcf776;MpKsl87fcf776;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsl87fcf776.sys [x]
R1 MpKsl895ea41c;MpKsl895ea41c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52A6DC1-DB61-4C35-8BC0-164DFCB2EA08}\MpKsl895ea41c.sys [x]
R1 MpKsl8efafa5a;MpKsl8efafa5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD24B85-0FB5-4F24-8A9A-B1932A2412E6}\MpKsl8efafa5a.sys [x]
R1 MpKsl91ed609c;MpKsl91ed609c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsl91ed609c.sys [x]
R1 MpKsl93144258;MpKsl93144258;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKsl93144258.sys [x]
R1 MpKsl9402c405;MpKsl9402c405;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F885A21-0149-4F24-B5B8-8D71B0A2DB1E}\MpKsl9402c405.sys [x]
R1 MpKsl94dfedeb;MpKsl94dfedeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsl94dfedeb.sys [x]
R1 MpKsl95cc16fc;MpKsl95cc16fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874E0564-198B-4487-B8AF-0DF546285FEF}\MpKsl95cc16fc.sys [x]
R1 MpKsl95d7a9e9;MpKsl95d7a9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F4A931F-D163-4AB0-92A3-59C27819327B}\MpKsl95d7a9e9.sys [x]
R1 MpKsl976ddc95;MpKsl976ddc95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsl976ddc95.sys [x]
R1 MpKsl98b47f5d;MpKsl98b47f5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{457D5952-F170-4227-86C8-7DF0BCF346AB}\MpKsl98b47f5d.sys [x]
R1 MpKsl9b666f2a;MpKsl9b666f2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E4DDEC5-FB0C-43B1-B3EA-3F78F743B563}\MpKsl9b666f2a.sys [x]
R1 MpKsl9f0c187b;MpKsl9f0c187b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl9f0c187b.sys [x]
R1 MpKsl9f173418;MpKsl9f173418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsl9f173418.sys [x]
R1 MpKsla04ae90f;MpKsla04ae90f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsla04ae90f.sys [x]
R1 MpKsla1662aee;MpKsla1662aee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{468AEF13-FC55-44C4-9A83-F97E6404B41B}\MpKsla1662aee.sys [x]
R1 MpKsla28e481f;MpKsla28e481f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsla28e481f.sys [x]
R1 MpKsla4470473;MpKsla4470473;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D66F0C0F-505B-4BE4-8FD4-4FB1416E7BE3}\MpKsla4470473.sys [x]
R1 MpKsla5488081;MpKsla5488081;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsla5488081.sys [x]
R1 MpKsla8c8eaff;MpKsla8c8eaff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKsla8c8eaff.sys [x]
R1 MpKsla994e2ea;MpKsla994e2ea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F684C683-1B09-4DF1-B56E-FC33BFE043E3}\MpKsla994e2ea.sys [x]
R1 MpKsla9dc48c9;MpKsla9dc48c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKsla9dc48c9.sys [x]
R1 MpKslaa12ed40;MpKslaa12ed40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKslaa12ed40.sys [x]
R1 MpKslab624f98;MpKslab624f98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C82EAD5-12A9-4F4C-A3D5-20E6EB41D481}\MpKslab624f98.sys [x]
R1 MpKslacf71ee4;MpKslacf71ee4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKslacf71ee4.sys [x]
R1 MpKslae41b0bb;MpKslae41b0bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKslae41b0bb.sys [x]
R1 MpKslb0572c78;MpKslb0572c78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKslb0572c78.sys [x]
R1 MpKslb442ac86;MpKslb442ac86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F885A21-0149-4F24-B5B8-8D71B0A2DB1E}\MpKslb442ac86.sys [x]
R1 MpKslb75f41b2;MpKslb75f41b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A63F0C7-AF38-48A5-8E2A-07E9C1825525}\MpKslb75f41b2.sys [x]
R1 MpKslb9ce8614;MpKslb9ce8614;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5BB4EBA-B84F-4093-AE8A-6C18FAC1842A}\MpKslb9ce8614.sys [x]
R1 MpKslb9f94f18;MpKslb9f94f18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814112B4-AD29-4FF1-8BC5-5ED53AABC81E}\MpKslb9f94f18.sys [x]
R1 MpKslbb3eb4ad;MpKslbb3eb4ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDDA15F-1EC8-4DA2-8B6D-4AD2A984BBD3}\MpKslbb3eb4ad.sys [x]
R1 MpKslbdd8c472;MpKslbdd8c472;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKslbdd8c472.sys [x]
R1 MpKslc157ad7d;MpKslc157ad7d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A393BF5-6895-4BB5-A728-31401285C161}\MpKslc157ad7d.sys [x]
R1 MpKslc3334383;MpKslc3334383;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ECDF39-7A91-4040-9858-52B7CD2B70B7}\MpKslc3334383.sys [x]
R1 MpKslc3ae3ac1;MpKslc3ae3ac1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8238EE2C-C5B3-40BD-9510-8E37777D8080}\MpKslc3ae3ac1.sys [x]
R1 MpKslc4694066;MpKslc4694066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKslc4694066.sys [x]
R1 MpKslc732e207;MpKslc732e207;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKslc732e207.sys [x]
R1 MpKslcd86f80c;MpKslcd86f80c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696AA8EF-7FD3-4D41-9A9D-DE40CE4E8BFB}\MpKslcd86f80c.sys [x]
R1 MpKslce71e541;MpKslce71e541;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5251A21D-2308-4C7E-8E2E-F781504679CA}\MpKslce71e541.sys [x]
R1 MpKslce9f7f52;MpKslce9f7f52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{228FA935-2BA0-4487-9D56-E5E7CA1A8BF2}\MpKslce9f7f52.sys [x]
R1 MpKsld454d676;MpKsld454d676;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKsld454d676.sys [x]
R1 MpKsld6d3a1a9;MpKsld6d3a1a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9A358F-850B-4653-963D-01E4311C5419}\MpKsld6d3a1a9.sys [x]
R1 MpKsld748a313;MpKsld748a313;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA1523E-C8D3-4A2A-ACF4-6A02A75AA5B0}\MpKsld748a313.sys [x]
R1 MpKsld7d8c42c;MpKsld7d8c42c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{313C8ACC-6132-4D11-B07A-3F5AF37DF9CC}\MpKsld7d8c42c.sys [x]
R1 MpKslda9372e8;MpKslda9372e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKslda9372e8.sys [x]
R1 MpKsldee6b099;MpKsldee6b099;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8515415B-C1CF-4418-BB89-8D744AA6B5FB}\MpKsldee6b099.sys [x]
R1 MpKsle03acc55;MpKsle03acc55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKsle03acc55.sys [x]
R1 MpKsle453939f;MpKsle453939f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsle453939f.sys [x]
R1 MpKsle4ad32a7;MpKsle4ad32a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE0210-2AD8-4F23-84C6-173F28ED1693}\MpKsle4ad32a7.sys [x]
R1 MpKsle4d9f192;MpKsle4d9f192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FCA43B-12B6-4CCC-9B8C-9E2C9C9AFA7B}\MpKsle4d9f192.sys [x]
R1 MpKsle69f0590;MpKsle69f0590;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A68B37F6-D9B7-47C1-8DEC-20B6E5E3A597}\MpKsle69f0590.sys [x]
R1 MpKsled2e400f;MpKsled2e400f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{213E658B-13B0-4372-8E38-D691A4BA9BAA}\MpKsled2e400f.sys [x]
R1 MpKsled479e2a;MpKsled479e2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07BF9D48-F145-41A2-A2EC-64CFC0AB3ACE}\MpKsled479e2a.sys [x]
R1 MpKsledd21bdf;MpKsledd21bdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3B4ADB-6287-484B-842F-AE6BD6945B8F}\MpKsledd21bdf.sys [x]
R1 MpKslf3e8f996;MpKslf3e8f996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E432821E-0D71-4655-834A-5B537EEE7AAD}\MpKslf3e8f996.sys [x]
R1 MpKslf511033d;MpKslf511033d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50185E05-C6ED-41E9-A946-23185FD7A16A}\MpKslf511033d.sys [x]
R1 MpKslf58b521c;MpKslf58b521c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{814A7503-E9D0-46CE-AFBA-CA5BA109E17A}\MpKslf58b521c.sys [x]
R1 MpKslf6fd4b72;MpKslf6fd4b72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E86960D1-44B0-4C4A-BB27-B5D1111795D6}\MpKslf6fd4b72.sys [x]
R1 MpKslf731ec94;MpKslf731ec94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2596891-9D31-4EA2-A290-944ABECE0883}\MpKslf731ec94.sys [x]
R1 MpKslfd810a48;MpKslfd810a48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94439C4F-A75A-4A6B-BCAA-B001399B729C}\MpKslfd810a48.sys [x]
R1 MpKslfe2aa58c;MpKslfe2aa58c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD2F0A6B-356B-4CB2-A40B-C6D82821392C}\MpKslfe2aa58c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cad5df84f9ff00;Google Update Service (gupdate1cad5df84f9ff00);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys [2007-11-06 180272]
S1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\Drivers\mchInjDrv.sys [2011-07-01 2560]
S1 MpKsl8789ea5f;MpKsl8789ea5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA2C442D-BAA7-403C-899B-9C1D3247BE55}\MpKsl8789ea5f.sys [x]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-06 390528]
S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2010-12-15 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-15 112688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 23:18]
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 23:18]
.
2011-06-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Arthu Dyer.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-07-02 c:\windows\Tasks\User_Feed_Synchronization-{4DE728DB-395E-4AC0-89C9-30018154D3CE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
2011-07-02 c:\windows\Tasks\User_Feed_Synchronization-{746C59EE-C03C-4203-B07B-062D8F08BFEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?FORM=M00UUK&Publ=BING&Crea=BAWL_SS1HP_1X1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-02 23:33
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-03 00:14:34
ComboFix-quarantined-files.txt 2011-07-02 23:14
ComboFix2.txt 2011-07-02 00:15
.
Pre-Run: 2,358,968,320 bytes free
Post-Run: 2,524,655,616 bytes free
.
- - End Of File - - ED26F151EF9662FFA0AC774BA498BCCF

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 AM

Posted 03 July 2011 - 05:55 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\users\Arthu Dyer\AppData\Local
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#15 puptitch

puptitch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 03 July 2011 - 02:37 PM

here you are

SystemLook 04.09.10 by jpshortstuff
Log created at 20:36 on 03/07/2011 by Arthu Dyer
Administrator - Elevation successful

========== dir ==========

c:\users\Arthu Dyer\AppData\Local - Parameters: "(none)"

---Files---
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini --a--c- 4608 bytes [00:23 08/06/2011] [17:25 20/06/2011]
GDIPFONTCACHEV1.DAT --a--c- 74352 bytes [20:39 05/06/2011] [20:39 05/06/2011]
IconCache.db --ah-c- 2072113 bytes [03:21 13/11/2008] [21:27 18/06/2011]

---Folders---
Adobe d----c- [11:48 23/08/2007]
Apple d----c- [23:04 03/09/2007]
Apple Computer d----c- [01:28 22/09/2007]
Application Data d--hs-- [11:45 23/08/2007]
Downloaded Installations d----c- [17:35 07/05/2009]
Google d----c- [13:29 23/08/2007]
History d--hs-- [11:45 23/08/2007]
Microsoft d----c- [11:45 23/08/2007]
Microsoft Games d----c- [12:19 23/08/2007]
Microsoft Help d----c- [12:00 23/08/2007]
Temp d----c- [11:45 23/08/2007]
Temporary Internet Files d--hs-- [11:45 23/08/2007]
Tific d----c- [21:19 07/06/2011]
Toshiba d----c- [11:48 23/08/2007]
VirtualStore d----c- [22:08 05/06/2011]
Windows Live d----c- [22:35 20/10/2010]
{095A699F-D510-40A1-B1A7-DE0A5892EF5D} d----c- [16:31 20/06/2011]
{11FDC8ED-160F-42DB-B6FC-AB82CB2CF247} d----c- [10:18 24/06/2011]
{233D9C26-525F-44C1-B0BA-45F0D6B8591A} d----c- [00:52 17/06/2011]
{2A7A6530-A9C2-4022-8D90-A6362049099F} d----c- [22:34 21/06/2011]
{2BFFA91E-A287-4CF0-8034-83AEEA2B1579} d----c- [22:19 24/06/2011]
{3F6AC618-0C96-4529-B5F2-1B23C4130291} d----c- [17:36 01/07/2011]
{4A317B6C-15E5-4C03-8526-03BDE187DDBC} d----c- [21:14 25/06/2011]
{59835181-4CE7-45E7-B039-3166EE934393} d----c- [21:28 15/06/2011]
{59AE14D7-5AAE-4F6A-9354-0AE322D7C14C} d----c- [20:37 14/06/2011]
{59F2207E-7872-4D84-A8B4-87F3BAA98472} d----c- [10:02 29/06/2011]
{5AB7EAD0-3AA3-47D6-A154-DF77B3D391BF} d----c- [19:52 13/06/2011]
{5F8243F3-53CB-4F61-997E-B9F6F4B0BCED} d----c- [22:12 22/06/2011]
{5FFAA2C9-D699-42F9-8B63-CEFD337A978F} d----c- [15:26 08/06/2011]
{6CB05047-FB4D-47BB-A14A-E96100443178} d----c- [20:04 09/06/2011]
{8AF12DED-D6F1-4944-B410-FA278BC465BA} d----c- [23:13 07/06/2011]
{8E438AE0-AF6C-4CD8-80A7-7EDA9EEA0399} d----c- [21:00 19/06/2011]
{93552F2F-DBD7-4AA9-9EF6-6ECE612855A0} d----c- [08:37 14/06/2011]
{9C722DB9-B638-48BF-A742-14F1D0AAF14A} d----c- [22:03 29/06/2011]
{A48AE574-BED4-43B7-8CCF-41FF49390355} d----c- [20:08 30/06/2011]
{A7742DEC-93A2-4610-AC21-8CEC2E88FC23} d----c- [21:50 06/06/2011]
{B87C1030-39EC-4C28-B4F8-A4F4EDE95DB8} d----c- [18:43 26/06/2011]
{BD0C291E-E399-496B-B482-3B7A9C386DB5} d----c- [22:53 10/06/2011]
{C026B33D-F4FA-4C67-9D3C-B2841F14A2D8} d----c- [18:44 27/06/2011]
{C784C3EA-AED8-46E1-87B0-FCFA08494F37} d----c- [22:01 28/06/2011]
{CA5A511F-9D2D-4FDA-80EA-94360300AE50} d----c- [22:18 23/06/2011]
{CEE705EF-4F4E-4997-9C9C-530BEEDA4AEF} d----c- [18:18 11/06/2011]
{DD400900-C588-472C-A2D6-AE762076EF5E} d----c- [06:44 27/06/2011]
{E2E051D0-B549-4830-B83C-C651053A0E5E} d----c- [19:59 18/06/2011]
{F9381C5A-DD94-4F14-A64C-75E883F2E454} d----c- [21:52 12/06/2011]

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users