Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting, among other things


  • Please log in to reply
18 replies to this topic

#1 bakayurei

bakayurei

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 07 July 2011 - 09:42 PM

hi, i've looked around the site for a while these last few days but found nothing that quite matches my problem. here are my computer's symptoms:

-blue screen whenever it feels like it
-sometimes, clicking a link on google will take me somewhere i didn't ask for
-sometimes a new tab will open by itself in firefox and start loading a site, then abandon that and start loading another, and then it'll another, and so on
-everytime i try to go to the windows update site or do it from windows updater, nothing happens- i.e. firefox tells me it couldn't find the page, and updater stands around preparing to download all day- and my computer can never seem to tell that there's something wrong

snce tuesday i've had several viruses and i've managed to locate and kill most of them, but there's obviously still something wrong.. and i don't know what this is, but it looks like tdss's baby brother or something.. it's basically similar, from what i've read, except i can see this site, unless i try to come here from google, and google doesn't redirect all the time.. also none of my AVs can find anything (hijack this, avg, spybot s&d)


any and all help would be appreciated.. or at least just some sympathetic noises or something

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 07 July 2011 - 09:48 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 08 July 2011 - 02:49 PM

hi, thanks for your prompt response.. here is the information you asked for:

security check checkup.txt

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
Spybot - Search & Destroy
Java™ 6 Update 22
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Empowering Technology eSettings Service capuserv.exe
Windows Defender MSASCui.exe
``````````End of Log````````````


================================================================================================


minitoolbox results:

MiniToolBox by Farbar
Ran by Amar (administrator) on 08-07-2011 at 16:05:45
Windows Vista ™ Home Premium (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: saleem00:80

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_1 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_2 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=wireless_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Amar-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-18-DE-E1-20-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ecb7:c05f:136e:1553%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 July 2011 15:42:37
Lease Expires . . . . . . . . . . : 09 July 2011 15:49:34
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 151001310
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-16-D4-B2-27-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1015:3014:3f57:fefd%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5D1523E7-81FF-47A9-8327-9B2C52BF87BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%17(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1:53

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Pinging google.com [209.85.147.147] with 32 bytes of data:Reply from 209.85.147.147: bytes=32 time=36ms TTL=51Reply from 209.85.147.147: bytes=32 time=36ms TTL=51Ping statistics for 209.85.147.147: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 36ms, Average = 36msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1:53

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=178ms TTL=43Reply from 209.191.122.70: bytes=32 time=173ms TTL=43Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 173ms, Maximum = 178ms, Average = 175msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
9 ...00 18 de e1 20 37 ...... Intel® PRO/Wireless 3945ABG Network Connection
8 ...00 16 d4 b2 27 48 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
17 ...00 00 00 00 00 00 00 e0 isatap.{5D1523E7-81FF-47A9-8327-9B2C52BF87BD}
16 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
11 286 fe80::/64 On-link
17 286 fe80::5efe:192.168.1.2/128
On-link
11 286 fe80::1015:3014:3f57:fefd/128
On-link
9 281 fe80::ecb7:c05f:136e:1553/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2011 03:40:01 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception code 0xc0000005, fault offset 0x00189f1b,
process id 0x444, application start time 0xsvchost.exe0.

Error: (07/08/2011 04:10:05 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.3828, time stamp 0x4c25a474, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x00042e7b,
process id 0xd30, application start time 0xplugin-container.exe0.

Error: (07/07/2011 10:50:25 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc000071b, fault offset 0x0008ac88,
process id 0x414, application start time 0xsvchost.exe0.

Error: (07/07/2011 10:20:19 PM) (Source: Automatic LiveUpdate Scheduler) (User: SYSTEM)SYSTEM
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (07/07/2011 09:04:42 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp 0x4907deda, faulting module MSONSEXT.DLL, version 11.0.5510.0, time stamp 0x3f0e5c3f, exception code 0xc0000005, fault offset 0x000534d5,
process id 0x344, application start time 0xExplorer.EXE0.

Error: (07/07/2011 07:32:19 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc000071b, fault offset 0x0008ac88,
process id 0x450, application start time 0xsvchost.exe0.

Error: (07/07/2011 06:47:54 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp 0x4907deda, faulting module acusutiyayiyohu.dll, version 1.1.0.3, time stamp 0x4831089d, exception code 0xc0000005, fault offset 0x0001324f,
process id 0xe1c, application start time 0xExplorer.EXE0.

Error: (07/06/2011 11:10:16 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp 0x4907deda, faulting module acusutiyayiyohu.dll, version 1.1.0.3, time stamp 0x4831089d, exception code 0xc0000005, fault offset 0x0001324f,
process id 0x890, application start time 0xExplorer.EXE0.

Error: (07/06/2011 10:55:16 PM) (Source: Automatic LiveUpdate Scheduler) (User: SYSTEM)SYSTEM
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (07/06/2011 10:54:39 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp 0x4907deda, faulting module acusutiyayiyohu.dll, version 1.1.0.3, time stamp 0x4831089d, exception code 0xc0000005, fault offset 0x0001324f,
process id 0x1734, application start time 0xExplorer.EXE0.


System errors:
=============
Error: (07/08/2011 03:59:08 PM) (Source: DCOM) (User: )
Description: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error: (07/08/2011 03:50:21 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/08/2011 03:50:03 PM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator

Error: (07/08/2011 03:42:56 PM) (Source: Service Control Manager) (User: )
Description: 30000AMService

Error: (07/08/2011 03:41:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 15:40:03 on 08/07/2011 was unexpected.

Error: (07/08/2011 03:36:17 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DEE12037. The following error occurred:
%%258. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Error: (07/08/2011 01:51:41 PM) (Source: Service Control Manager) (User: )
Description: 30000Symantec Core LC

Error: (07/08/2011 01:51:08 PM) (Source: Service Control Manager) (User: )
Description: 30000Dnscache

Error: (07/08/2011 01:50:51 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0018DEE12037 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/08/2011 01:49:08 PM) (Source: Service Control Manager) (User: )
Description: 30000PlugPlay


Microsoft Office Sessions:
=========================
Error: (07/08/2011 03:40:01 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6000.163864549adc4Flash9d.ocx9.0.47.0466daac0c000000500189f1b44401cc3d0eccb40005

Error: (07/08/2011 04:10:05 AM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.38284c25a474ntdll.dll6.0.6000.163864549bdc9c000000500042e7bd3001cc3d0fb1080149

Error: (07/07/2011 10:50:25 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6000.163864549adc4ntdll.dll6.0.6000.163864549bdc9c000071b0008ac8841401cc3ceceaca728a

Error: (07/07/2011 10:20:19 PM) (Source: Automatic LiveUpdate Scheduler)(User: SYSTEM)SYSTEM
Description: errorInitialization of the COM subsystem failed. Error code: 0x8007041D

Error: (07/07/2011 09:04:42 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.167714907dedaMSONSEXT.DLL11.0.5510.03f0e5c3fc0000005000534d534401cc3ce07d6d52a9

Error: (07/07/2011 07:32:19 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6000.163864549adc4ntdll.dll6.0.6000.163864549bdc9c000071b0008ac8845001cc3cd1824fb45e

Error: (07/07/2011 06:47:54 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.167714907dedaacusutiyayiyohu.dll1.1.0.34831089dc00000050001324fe1c01cc3ccd8202caaf

Error: (07/06/2011 11:10:16 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.167714907dedaacusutiyayiyohu.dll1.1.0.34831089dc00000050001324f89001cc3c292cb74c98

Error: (07/06/2011 10:55:16 PM) (Source: Automatic LiveUpdate Scheduler)(User: SYSTEM)SYSTEM
Description: errorInitialization of the COM subsystem failed. Error code: 0x8007041D

Error: (07/06/2011 10:54:39 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6000.167714907dedaacusutiyayiyohu.dll1.1.0.34831089dc00000050001324f173401cc3c2723faea01


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 83%
Total physical RAM: 1013.5 MB
Available physical RAM: 163.47 MB
Total Pagefile: 2272.11 MB
Available Pagefile: 383.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1981.49 MB

======================= Partitions: =======================================

1 Drive c: (ACER) (Fixed) (Total:70.77 GB) (Free:12.33 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:70.47 GB) (Free:20.32 GB) NTFS

================= Users: ==================================================

User accounts for \\AMAR-PC

-------------------------------------------------------------------------------
Administrator Amar Guest
The command completed successfully.

================= End of Users ============================================


================================================================================================


malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7049

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16764

08/07/2011 18:45:17
mbam-log-2011-07-08 (18-45-17).txt

Scan type: Quick scan
Objects scanned: 186281
Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 172

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pezfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autogent (Trojan.Agent.U) -> Value: autogent -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Amar\AppData\Roaming\microsoft\Windows\start menu\Programs\Win HDD (Rogue.WinHDD) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\bndrtrsltpjblqs.dll (Rogue.HDDDoctor) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\9D50.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\A647.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\err.log383747826 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\setup1728057856.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tmp99FD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\0.7415283040738557.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\2DBF.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\2E0F.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\3564.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\43EF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\4EA4.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\4F65.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\5DB9.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\6C08.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\6C56.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\6F28.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\7390.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\76E5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\79CD.exe (PUP.MailPassView) -> Not selected for removal.
c:\Users\Amar\AppData\Local\Temp\tempbckup\7C5D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\80AF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\81B8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\838F.exe (PUP.MailPassView) -> Not selected for removal.
c:\Users\Amar\AppData\Local\Temp\tempbckup\87C0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\8C3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\905D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\9AFC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\9EF9.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\A387.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\A7F0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\AFE9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\B51B.exe (PUP.PSW.Passview) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\B9AD.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\BBDD.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\BBF0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\BF2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\C49E.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\C4B3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\C808.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\C95D.exe (PUP.MailPassView) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\CD71.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\DA1C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\E211.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\E991.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\F2ED.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\F4DD.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\F9E0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\gpuplace.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\incosnet.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\jynaeo.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\maccsnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\motuyk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\nemosacxwr.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\O1o931i9.exe (Trojan.Alureon.Gen) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\orasnemwxc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\rocasenwxm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\smnwroacex.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\spool.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\sxcowrnmea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\sxowecmran.exe (Virus.Virut) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp08ce14b7.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp0e507693.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp0e594743.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp118afa54.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp1a4f8076.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp1b04d646.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp1d99b7f9.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp20013a95.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp2144ffa1.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp2474907d.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp28f0702e.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp2e9834d6.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp302f1c42.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp30d84824.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp32f283e2.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp33414cbd.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp33cfd184.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp3855db64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp3a2f673c.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp3f301fd4.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp3f6bf802.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp40065681.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp45eeb18a.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp47548654.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp4aab256a.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp5383f7bf.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp5f2dcb82.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp6020042f.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp63b01533.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp665d1387.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp692785c1.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp69cb6725.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp7231e9f5.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp79ef37d8.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp83f4f116.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp86128614.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp8723a90c.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp8dcfe6f0.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp8ebbe4ff.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp90204f99.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp9021f8b8.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp9179effb.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp924d6a64.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp937faa38.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp95d653ad.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp961bdfd6.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp9d617865.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpa05e87b7.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpa1c8a30e.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpa670bd2a.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpa7aed5a7.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpab5d2128.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpac7e6d7a.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb0ad12ea.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb0cc0ceb.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb24ead9a.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb6af28bb.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb75ca88f.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb761db6c.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpb7f917cb.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpbe06d8b0.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpc0652a3a.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpc954ee00.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpcca3db8f.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpccbdc286.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpceb935a9.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpd717b240.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpd7d6fd14.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpdf01b437.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpdf0de387.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpe2ba0344.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpe75e1940.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpe91fd903.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpea295cec.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpea6a7ab8.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpec8be633.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpee4993ae.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpef37a3f7.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpef9bef63.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpf606a274.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpfe45b231.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpfee1a061.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\~TM24DD.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\~TM273F.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp12a29591\wincp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp3a816599\rt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp46c555a2\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmp87559394\cmd.exe (Spyware.Wemon) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\Temp\tempbckup\tmpa3ec2c31\microsoft.net.2.1.65.81.exe (Spyware.Wemon) -> Quarantined and deleted successfully.
c:\Windows\Temp\set235A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpv201268687893.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpv411267094727.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpv751268439345.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpv871267782030.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Windows\Temp\_ex-08.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\pw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\application data\pw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\temporary internet files\Content.IE5\3DM0IXMN\avxwgoisbmcsyr[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\temporary internet files\Content.IE5\NK2R1KZ1\utrsid70[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Roaming\microsoft\Windows\start menu\Programs\Win HDD\Win HDD.lnk (Rogue.WinHDD) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Roaming\microsoft\Windows\start menu\Programs\Win HDD\uninstall win hdd.lnk (Rogue.WinHDD) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Roaming\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpv091267815694.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpv161266066426.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\application data\av.exe (Rogue.Win7Antispyware2010) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\application data\windows server\rcsgxi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amar\templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Fonts\ODnNhnLx.com (Malware.Generic) -> Quarantined and deleted successfully.
c:\Users\Amar\local settings\application data\opRSK (Malware.Trace) -> Quarantined and deleted successfully.


================================================================================================


i'll run gmer now.. o yea, and here's some symptoms i forgot to mention earlier, there's 'blank windows' opening then closing at startup, and there's a week's worth of tasks in my task scheduler set to run every hour, which put themselves back when they're deleted and which i think are there to put the malware back if i've managed to get rid of it

#4 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 08 July 2011 - 02:56 PM

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-08 20:37:33
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: x8eflkzt.exe; Driver: C:\Users\Amar\AppData\Local\Temp\kgldrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x828F1CDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x828F1ECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x828F1982]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x828F20D6]

---- Kernel code sections - GMER 1.0.15 ----

PAGE CI.dll!CiInitialize + 3340 807EDBAA 1 Byte [C4]
PAGE CI.dll!CiInitialize + 3340 807EDBAA 3 Bytes [C4, 00, 00]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 770BFD74 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[780] ntdll.dll!NtWriteVirtualMemory 770C06F4 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[780] ntdll.dll!KiUserExceptionDispatcher 770C0E88 5 Bytes JMP 0028000A
.text C:\Windows\Explorer.EXE[1140] ntdll.dll!NtProtectVirtualMemory 770BFD74 5 Bytes JMP 00B7000A
.text C:\Windows\Explorer.EXE[1140] ntdll.dll!NtWriteVirtualMemory 770C06F4 5 Bytes JMP 00CD000A
.text C:\Windows\Explorer.EXE[1140] ntdll.dll!KiUserExceptionDispatcher 770C0E88 5 Bytes JMP 00B6000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D2FD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CFBBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CEA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CECBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CE8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CFD168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CE7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CE7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CE6A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D7C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D080FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CE90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CF223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CF2267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CF771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CF753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D28585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 08 July 2011 - 03:00 PM

It looks like you're still seriously infected.
Your computer is also lacking some security like service packs, but.....one thing at a time.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 08 July 2011 - 04:02 PM

i'll try that but i'm not sure this is tdss, it does some of the same things i've seen it described as doing but it's also different (e.g. i can see this site, which i don't think i'm supposed to).. but i'll see if it helps and i'll let you know whether it managed to do the trick or not

haha it was tdss after all, and this managed to find it.. thanks a lot, and i should have done that from the beginning.. i'll reboot normally now and see if anything's changed.. fingers crossed, and if so you'll definetely be rewarded for what you've done for me

Edited by bakayurei, 08 July 2011 - 04:08 PM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 08 July 2011 - 04:11 PM

Please, always follow my instructions carefully.

I need to see TDSSKiller log and....we're not done.
You have all kind of stuff there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 08 July 2011 - 04:30 PM

yea of course, you and the people on this site obviously know more about this stuff than i do .. okay here's the tdsskiller log:

2011/07/08 22:20:44.0432 4700 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/08 22:20:46.0029 4700 ================================================================================
2011/07/08 22:20:46.0029 4700 SystemInfo:
2011/07/08 22:20:46.0029 4700
2011/07/08 22:20:46.0029 4700 OS Version: 6.0.6000 ServicePack: 0.0
2011/07/08 22:20:46.0029 4700 Product type: Workstation
2011/07/08 22:20:46.0029 4700 ComputerName: AMAR-PC
2011/07/08 22:20:46.0033 4700 UserName: Amar
2011/07/08 22:20:46.0033 4700 Windows directory: C:\Windows
2011/07/08 22:20:46.0033 4700 System windows directory: C:\Windows
2011/07/08 22:20:46.0033 4700 Processor architecture: Intel x86
2011/07/08 22:20:46.0033 4700 Number of processors: 2
2011/07/08 22:20:46.0033 4700 Page size: 0x1000
2011/07/08 22:20:46.0033 4700 Boot type: Normal boot
2011/07/08 22:20:46.0033 4700 ================================================================================
2011/07/08 22:20:55.0628 4700 Initialize success
2011/07/08 22:21:03.0142 4728 ================================================================================
2011/07/08 22:21:03.0142 4728 Scan started
2011/07/08 22:21:03.0142 4728 Mode: Manual;
2011/07/08 22:21:03.0142 4728 ================================================================================
2011/07/08 22:21:07.0038 4728 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/07/08 22:21:07.0718 4728 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/08 22:21:08.0753 4728 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/08 22:21:09.0956 4728 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/08 22:21:10.0866 4728 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/08 22:21:11.0841 4728 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/07/08 22:21:12.0726 4728 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/08 22:21:13.0619 4728 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/08 22:21:14.0530 4728 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/08 22:21:15.0384 4728 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/08 22:21:15.0934 4728 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/08 22:21:16.0565 4728 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/08 22:21:17.0153 4728 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/08 22:21:18.0069 4728 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/08 22:21:18.0658 4728 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/08 22:21:19.0281 4728 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/08 22:21:19.0728 4728 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/07/08 22:21:20.0865 4728 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/07/08 22:21:21.0437 4728 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/07/08 22:21:22.0566 4728 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/08 22:21:23.0194 4728 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/08 22:21:23.0784 4728 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/08 22:21:24.0546 4728 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/08 22:21:24.0994 4728 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/08 22:21:25.0584 4728 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/08 22:21:26.0176 4728 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/08 22:21:26.0670 4728 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/08 22:21:27.0264 4728 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/08 22:21:27.0770 4728 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/08 22:21:28.0368 4728 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/08 22:21:28.0906 4728 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/07/08 22:21:29.0973 4728 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/08 22:21:30.0632 4728 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/08 22:21:31.0385 4728 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/08 22:21:32.0357 4728 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/08 22:21:33.0064 4728 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/08 22:21:33.0616 4728 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/08 22:21:34.0368 4728 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/07/08 22:21:34.0855 4728 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/08 22:21:35.0346 4728 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/08 22:21:35.0933 4728 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/08 22:21:36.0595 4728 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/08 22:21:37.0575 4728 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/08 22:21:38.0344 4728 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/07/08 22:21:38.0801 4728 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/08 22:21:39.0603 4728 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/08 22:21:40.0396 4728 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/07/08 22:21:41.0115 4728 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/07/08 22:21:41.0629 4728 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/07/08 22:21:42.0020 4728 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/07/08 22:21:42.0682 4728 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/08 22:21:43.0293 4728 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/07/08 22:21:43.0930 4728 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/07/08 22:21:44.0628 4728 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/08 22:21:45.0183 4728 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/07/08 22:21:45.0862 4728 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/08 22:21:46.0288 4728 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/08 22:21:46.0976 4728 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/07/08 22:21:47.0819 4728 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/08 22:21:48.0645 4728 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/08 22:21:49.0213 4728 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/08 22:21:50.0036 4728 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/08 22:21:50.0805 4728 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/08 22:21:51.0420 4728 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/08 22:21:52.0211 4728 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/08 22:21:53.0115 4728 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/08 22:21:54.0707 4728 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/07/08 22:21:55.0310 4728 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/08 22:21:55.0883 4728 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/08 22:21:56.0747 4728 ialm (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/08 22:21:57.0717 4728 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/08 22:21:58.0580 4728 IDSvix86 (b719025ba318425bbd1b05c999c98778) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys
2011/07/08 22:21:59.0409 4728 igfx (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/08 22:21:59.0976 4728 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/08 22:22:00.0432 4728 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/07/08 22:22:01.0668 4728 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/08 22:22:03.0292 4728 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2011/07/08 22:22:04.0037 4728 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/08 22:22:04.0556 4728 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/08 22:22:05.0619 4728 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/08 22:22:06.0277 4728 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/08 22:22:06.0823 4728 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/07/08 22:22:07.0406 4728 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/08 22:22:08.0083 4728 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/08 22:22:08.0600 4728 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/08 22:22:09.0193 4728 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/08 22:22:09.0961 4728 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/08 22:22:10.0480 4728 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/07/08 22:22:11.0072 4728 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/08 22:22:12.0030 4728 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/08 22:22:12.0510 4728 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/08 22:22:13.0244 4728 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/08 22:22:13.0939 4728 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/08 22:22:14.0550 4728 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/07/08 22:22:15.0591 4728 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/08 22:22:17.0137 4728 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/08 22:22:18.0302 4728 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/07/08 22:22:19.0212 4728 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/08 22:22:20.0218 4728 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/08 22:22:20.0915 4728 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/08 22:22:21.0607 4728 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/07/08 22:22:22.0219 4728 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/08 22:22:23.0144 4728 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/08 22:22:24.0423 4728 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/08 22:22:25.0284 4728 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/07/08 22:22:26.0023 4728 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/08 22:22:26.0746 4728 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/08 22:22:27.0253 4728 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/08 22:22:27.0823 4728 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/08 22:22:28.0527 4728 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/08 22:22:29.0194 4728 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/07/08 22:22:29.0691 4728 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/07/08 22:22:30.0209 4728 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/08 22:22:30.0919 4728 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/08 22:22:31.0943 4728 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/07/08 22:22:33.0039 4728 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/07/08 22:22:33.0658 4728 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/08 22:22:34.0135 4728 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/07/08 22:22:34.0485 4728 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/07/08 22:22:35.0294 4728 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/08 22:22:35.0856 4728 NAVENG (b6c1825fcccf6d981627c983e16dfc29) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071214.002\NAVENG.SYS
2011/07/08 22:22:36.0593 4728 NAVEX15 (8e54570b4dfd8e1f0b7a5266737bfee5) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071214.002\NAVEX15.SYS
2011/07/08 22:22:37.0429 4728 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/07/08 22:22:38.0404 4728 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/08 22:22:39.0305 4728 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/08 22:22:40.0001 4728 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/08 22:22:40.0504 4728 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/07/08 22:22:41.0077 4728 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/08 22:22:41.0825 4728 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/08 22:22:43.0043 4728 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/08 22:22:44.0350 4728 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/08 22:22:44.0860 4728 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/07/08 22:22:45.0515 4728 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/08 22:22:46.0371 4728 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/07/08 22:22:47.0553 4728 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/08 22:22:48.0266 4728 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/08 22:22:48.0726 4728 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/07/08 22:22:49.0270 4728 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/08 22:22:49.0866 4728 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/08 22:22:50.0480 4728 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/08 22:22:52.0138 4728 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/08 22:22:52.0773 4728 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/08 22:22:53.0812 4728 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/07/08 22:22:54.0274 4728 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/08 22:22:54.0950 4728 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/07/08 22:22:55.0568 4728 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/07/08 22:22:56.0386 4728 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/08 22:22:57.0091 4728 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\Windows\system32\drivers\PCTCore.sys
2011/07/08 22:22:57.0876 4728 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/08 22:22:58.0892 4728 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/08 22:22:59.0371 4728 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/08 22:23:00.0042 4728 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/08 22:23:01.0090 4728 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/08 22:23:02.0129 4728 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/08 22:23:02.0742 4728 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/08 22:23:03.0228 4728 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/08 22:23:03.0714 4728 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/08 22:23:04.0240 4728 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/08 22:23:04.0879 4728 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/08 22:23:05.0427 4728 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/08 22:23:06.0135 4728 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/08 22:23:06.0724 4728 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/08 22:23:07.0168 4728 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/07/08 22:23:08.0152 4728 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/08 22:23:08.0896 4728 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/07/08 22:23:09.0768 4728 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys
2011/07/08 22:23:10.0382 4728 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys
2011/07/08 22:23:11.0045 4728 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys
2011/07/08 22:23:12.0096 4728 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/08 22:23:12.0853 4728 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/08 22:23:13.0360 4728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/08 22:23:13.0878 4728 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/08 22:23:14.0413 4728 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/08 22:23:15.0088 4728 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/07/08 22:23:15.0641 4728 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/08 22:23:16.0288 4728 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/08 22:23:16.0730 4728 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/08 22:23:17.0276 4728 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/08 22:23:17.0807 4728 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/08 22:23:18.0321 4728 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/08 22:23:18.0931 4728 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/08 22:23:19.0459 4728 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/07/08 22:23:19.0927 4728 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/07/08 22:23:20.0433 4728 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/07/08 22:23:21.0270 4728 SRTSP (fa31991f172117b16c003f4925346618) C:\Windows\system32\Drivers\SRTSP.SYS
2011/07/08 22:23:22.0055 4728 SRTSPL (3fe51ebd01e5a5b31fbf0560c9915349) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/07/08 22:23:22.0707 4728 SRTSPX (d6c028bb553e7a8dfa082360ca09b4c0) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/07/08 22:23:23.0372 4728 srv (63695467d2af343ee8d6766399aa1204) C:\Windows\system32\DRIVERS\srv.sys
2011/07/08 22:23:24.0015 4728 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/08 22:23:24.0620 4728 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/08 22:23:25.0231 4728 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/08 22:23:25.0754 4728 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/08 22:23:26.0277 4728 SYMDNS (55a216212c89de109bde71a5f440593c) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/07/08 22:23:27.0038 4728 SymEvent (2975b9b4b55fabe9d95883b7a58b83a3) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/07/08 22:23:27.0577 4728 SYMFW (3f72da2a613ae5da86c7002737fe56b3) C:\Windows\System32\Drivers\SYMFW.SYS
2011/07/08 22:23:28.0115 4728 SYMIDS (cf88c0fa1fb45fd49fa1f4adf6251ea6) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/07/08 22:23:28.0616 4728 SYMNDISV (105f0717ab5049a0a40d55c524b4c2e5) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/07/08 22:23:29.0134 4728 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/07/08 22:23:29.0688 4728 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/07/08 22:23:30.0390 4728 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/08 22:23:31.0054 4728 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/08 22:23:31.0599 4728 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/08 22:23:32.0360 4728 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
2011/07/08 22:23:33.0330 4728 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/08 22:23:33.0884 4728 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/08 22:23:37.0449 4728 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/07/08 22:23:38.0025 4728 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/08 22:23:38.0491 4728 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/08 22:23:39.0042 4728 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/08 22:23:39.0640 4728 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/08 22:23:40.0311 4728 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/08 22:23:40.0726 4728 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/08 22:23:41.0456 4728 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/08 22:23:42.0038 4728 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/08 22:23:43.0106 4728 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/08 22:23:43.0604 4728 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/08 22:23:44.0256 4728 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/08 22:23:44.0875 4728 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/08 22:23:45.0441 4728 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/08 22:23:46.0074 4728 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/08 22:23:46.0560 4728 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/08 22:23:47.0547 4728 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/08 22:23:48.0337 4728 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/08 22:23:49.0000 4728 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/08 22:23:49.0602 4728 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/08 22:23:49.0987 4728 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/08 22:23:50.0511 4728 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/08 22:23:51.0178 4728 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/08 22:23:51.0875 4728 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/07/08 22:23:52.0699 4728 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/08 22:23:53.0249 4728 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/08 22:23:54.0040 4728 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/08 22:23:54.0686 4728 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/07/08 22:23:55.0349 4728 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/07/08 22:23:56.0047 4728 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/07/08 22:23:56.0623 4728 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/08 22:23:57.0312 4728 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/08 22:23:58.0046 4728 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/08 22:23:58.0324 4728 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/08 22:23:58.0823 4728 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/08 22:23:59.0456 4728 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/08 22:24:00.0467 4728 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/08 22:24:01.0337 4728 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/08 22:24:01.0928 4728 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/08 22:24:02.0597 4728 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/08 22:24:03.0206 4728 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/07/08 22:24:03.0454 4728 Boot (0x1200) (fc0d880e271b672f9d53e665eb314577) \Device\Harddisk0\DR0\Partition0
2011/07/08 22:24:03.0610 4728 Boot (0x1200) (a94aae6aa77c7565b363062887baadcf) \Device\Harddisk0\DR0\Partition1
2011/07/08 22:24:03.0618 4728 ================================================================================
2011/07/08 22:24:03.0618 4728 Scan finished
2011/07/08 22:24:03.0618 4728 ================================================================================
2011/07/08 22:24:03.0634 6000 Detected object count: 0
2011/07/08 22:24:03.0634 6000 Actual detected object count: 0


====================================================================================================================


and i think i can see the microsoft update website (i've never been to it, but it just tells me to go the updater in my start menu, if that's what it's supposed to look like) .. .. okay so what do i need to do now?

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 08 July 2011 - 04:39 PM

Leave update alone for now.
We need to make sure your computer is clean first.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

=========================================================

Re-run MiniToolbox...

Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
Click Go and post the result.

Re-run MiniToolbox again...

Checkmark following boxes:
  • Report IE Proxy Settings
Click Go and post the result.

==================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 08 July 2011 - 08:49 PM

done


rootkit unhooker report

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x89552000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7004160 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82400000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x82400000 PnpManager 3805184 bytes
0x82400000 RAW 3805184 bytes
0x82400000 WMIxWDM 3805184 bytes
0x8CE00000 Win32k 2097152 bytes
0x8CE00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8903F000 C:\Windows\system32\DRIVERS\NETw3v32.sys 1839104 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x8A63D000 C:\Windows\system32\drivers\RTKVHDA.sys 1650688 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x85CF8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x85AFC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8AA9B000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8071F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xB588F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8AC7B000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071214.002\NAVEX15.SYS 860160 bytes (Symantec Corporation, AV Engine)
0x8BC7F000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x8AD4D000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x88C23000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xAB0B2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x806A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x85807000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAE476000 C:\Windows\system32\drivers\HTTP.sys 417792 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8C704000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 417792 bytes (Symantec Corporation, SPBBC Driver)
0x8CB9D000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 405504 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x80466000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xB0072000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x85942000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8AA12000 C:\Windows\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0x8BC06000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80661000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x89DC0000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x89515000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8AB9F000 C:\Windows\system32\DRIVERS\VSTAZL3.SYS 245760 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8041A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8C6A7000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB0134000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x85871000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x858D5000 C:\Windows\system32\drivers\PCTCore.sys 225280 bytes (PC Tools, PC Tools KDS Core Driver)
0x85AC6000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x827A1000 ACPI_HAL 212992 bytes
0x827A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A4EC000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8BC4D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x80627000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C638000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071212.002\IDSvix86.sys 192512 bytes (Symantec Corporation, IDS Core Driver)
0x8A610000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C7C1000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver)
0x89401000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x858AA000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA946F000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8944F000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x89D2D000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8598C000 C:\Windows\system32\DRIVERS\pcmcia.sys 172032 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8ABDB000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x85A7B000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x859DB000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8C79C000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB00FE000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x89D86000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C6E2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8C76A000 C:\Windows\System32\Drivers\SYMFW.SYS 139264 bytes (Symantec Corporation, Firewall Filter Driver)
0x85A49000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8AC3D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB018B000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8591C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xB016D000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA8E01000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAB007000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0xAE5E7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8AC04000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8942C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x894AD000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8C621000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x89DA9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB04AA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8B80A000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8B61B000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xA9402000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B607000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x89002000 C:\Windows\system32\DRIVERS\ESM7SK.sys 77824 bytes (ENE Technology Inc., ENE PCI SmartMedia / XD Card Reader Driver)
0x8948F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8AC68000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071214.002\NAVENG.SYS 77824 bytes (Symantec Corporation, AV Engine)
0x89D73000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA9416000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C7ED000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88C04000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xB0122000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x89015000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x85A6A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xAFE21000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0x86650000 C:\Windows\system32\DRIVERS\EMS7SK.sys 65536 bytes (ENE Technology Inc., ENE PCI Memory Stick Card Reader Driver)
0x8590C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x866F0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x859CB000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x866B0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x8B7F1000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x85AA0000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x85AAF000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x85C90000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x89D57000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x80610000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xA7C10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x86BCC000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8B6CA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B6BC000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x859B6000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89026000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x89CFC000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x89C53000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x89D66000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88C16000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80404000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x89C02000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BDF5000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x894A2000 C:\Windows\system32\DRIVERS\ESD7SK.sys 45056 bytes (ENE Technology Inc., ENE PCI Secure Digital / MMC Card Reader Driver)
0x8947A000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x89444000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8BDD4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x894FF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BDDF000 C:\Windows\System32\Drivers\SYMNDISV.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
0x86A00000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8950A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x86AD7000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89034000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80606000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x89485000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8B8AA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x89D23000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B904000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8AC5E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8B8D2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.,

Macrovision SECURITY Driver)
0x8B922000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x80411000 C:\Windows\System32\Drivers\BlackBox.sys 36864 bytes (RKU Driver)
0x85A40000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x86A60000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8045D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x86A69000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x86A2A000 C:\Windows\System32\Drivers\SYMIDS.SYS 36864 bytes (Symantec Corporation, IDS Filter Driver)
0xA7C00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86A18000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86A21000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80658000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86A96000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x8593A000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80455000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86B48000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x804C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8061F000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x86B38000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86B40000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x85ABE000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88D27000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x88D35000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0x859C4000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x88D20000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88CDE000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x88CCC000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0x88DCC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8AA73000 C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)
0xBA820000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x80401000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x86AB0000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x86AB2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A53E000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0x86AC6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


=============================================================================


MiniToolBox by Farbar
Ran by Amar (administrator) on 08-07-2011 at 23:03:09
Windows Vista ™ Home Premium (X86)

***************************************************************************


================= Flush DNS: ==============================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ========================================

"Reset IE Proxy Settings": Proxy Settings were reset.



==============================================================================

MiniToolBox by Farbar
Ran by Amar (administrator) on 08-07-2011 at 23:06:24
Windows Vista ™ Home Premium (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================


===============================================================================

super antispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2011 at 01:51 AM

Application Version : 4.55.1000

Core Rules Database Version : 7389
Trace Rules Database Version: 5201

Scan type : Complete Scan
Total Scan Time : 02:34:14

Memory items scanned : 298
Memory threats detected : 0
Registry items scanned : 9848
Registry threats detected : 1
File items scanned : 157194
File threats detected : 5

System.BrokenFileAssociation
HKCR\.exe

Trojan.Agent/Gen-FakeDrop
C:\PROGRAM FILES\I-DOSER\UNINSTAL.EXE

Adware.MyWebSearch/FunWebProducts
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSIMG32.DLL
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\RICHED20.DLL

Trojan.Agent/Gen-MailPassView
C:\USERS\AMAR\APPDATA\LOCAL\TEMP\TEMPBCKUP\79CD.EXE

Trojan.Agent/Gen-NET
C:\USERS\AMAR\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\SYSTEM32\NET.NET

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 08 July 2011 - 09:44 PM

Well done :)

How is computer doing?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 09 July 2011 - 09:05 AM

it seems fine, i accidentally fell asleep with it switched on and it's still alive .. yea thanks a lot for all that mate.. .. o yea, and what do you recommend i use to protect my computer from further infections? .. o yea, and is this computer safe to use to pay for things, or should i err on the side of caution with that?

Edited by bakayurei, 09 July 2011 - 09:27 AM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 09 July 2011 - 11:34 AM

Good news :)

Couple more steps, just to make sure....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 bakayurei

bakayurei
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 10 July 2011 - 09:01 AM

left eset running overnight and this morning i found that my computer had restarted itself .. so i can't post a list of found threats as i don't think they're there any more.. but that's a good thing i suppose.. running it again now to be sure that it was the eset scanner that restarted my computer, but i restarted again earlier and the last few times i'd restarted there were all these 'blank screens' showing up then disappearing, which i think were to do with a trojan installer i noticed eset found before i went to bed, and they didn't pop up this time so i think it's got rid of everything

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:57 AM

Posted 10 July 2011 - 10:50 AM

running it again

Let me know when you're done....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users