Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus and slow connection


  • This topic is locked This topic is locked
14 replies to this topic

#1 wtl63

wtl63

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 16 October 2011 - 02:17 PM

Hi, I keep getting redirected to different sites like get-answers-fast.com, etc. and also my internet connection speed has significantly slowed. Can someone help?? Thanks!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 16 October 2011 - 04:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 wtl63

wtl63
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 17 October 2011 - 05:03 PM

Here's the DDS log. When I tried to scan for GMER log, it gave me the blue screen of death during the scanning. The second attempt, I got a message that program stopped working and had to close. So I hope I can give you DDS log for now?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
Run by Wayne Liao at 16:56:02 on 2011-10-17
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1023.124 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\sttray.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\vVX3000.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\PPStream\PPSAP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WerCon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: {03ae2507-7ba1-4d8b-9a2a-a20519152b8a} - c:\users\wayne liao\appdata\local\InternetUser.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\wayne liao\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [1019985858] c:\users\waynel~1\appdata\local\temp\\jucheck.exe
uRun: [JavaBackupOnline] rundll32.exe "c:\programdata\JavaBackupOnline.dll",DllRegisterServer
uRun: [YahooPartnerToolbar Update] rundll32 "c:\users\wayne liao\appdata\local\apple\appleupdate\Appleupdt32.dll",DllRegisterServer
uRun: [RALINK Update] rundll32 "c:\users\wayne liao\appdata\local\adobe\adobeupdate\Adobeupdt32.dll",DllRegisterServer
uRun: [Malwarebytes' Update] rundll32 "c:\users\wayne liao\appdata\local\google\googleupdate\Googleupdt32.dll",DllRegisterServer
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\users\waynel~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mutike~1.lnk - c:\program files\multikeyboard driver\KbdDrv.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gn-wp0~1.lnk - c:\program files\gigabyte\gigabyte wp01gs wireless pci adapter\installer\win2k\RaUI.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5EC49AB4-0734-4C58-8DA3-FBF456959FA6} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{96A412D4-D846-47CD-8C32-A54D5EB7E63E} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wayne liao\appdata\roaming\mozilla\firefox\profiles\hft2pfnn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\wayne liao\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\wayne liao\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\wayne liao\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\wayne liao\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: XUL Cache: {a02b37c4-ad1f-49e6-aa34-4ec84d3756e8} - %profile%\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}
FF - Ext: XULRunner: {E8ECAA81-3A09-4A92-91E2-51A49F48E96D} - c:\users\wayne liao\appdata\local\{E8ECAA81-3A09-4A92-91E2-51A49F48E96D}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-15 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-15 243152]
.
=============== Created Last 30 ================
.
2011-10-15 21:26:09 308736 ----a-w- c:\users\wayne liao\appdata\local\InternetUser.dll
2011-10-15 02:41:52 307200 ----a-w- c:\users\wayne liao\appdata\local\SystemPTR.dll
2011-10-15 02:38:22 140288 ----a-w- c:\programdata\JavaBackupOnline.dll
2011-10-12 08:01:04 -------- d-----w- C:\db5bf6be05c6cced06c7e4e1
2011-10-05 18:56:09 -------- d-----w- c:\program files\Application Updater
2011-10-05 18:56:08 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-10-05 18:56:08 -------- d-----w- c:\program files\common files\Spigot
2011-10-05 18:52:52 -------- d-----w- c:\programdata\YouTube Downloader
.
==================== Find3M ====================
.
.
============= FINISH: 17:00:00.88 ===============

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 17 October 2011 - 05:18 PM

Hello wtl63,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

2.
Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

http://www.benedelman.org/spyware/ask-toolbars/
http://vil.nai.com/vil/content/v_185490.htm


I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.

3.
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case FrostWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

4.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


5.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 wtl63

wtl63
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 17 October 2011 - 05:50 PM

Hi, i managed to get the GMER log now. i haven't done the above steps yet. should i still go ahead and do so?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-17 17:48:06
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3320620AS rev.3.AAE
Running: gmer.exe; Driver: C:\Users\WAYNEL~1\AppData\Local\Temp\uwlyquob.sys


---- System - GMER 1.0.15 ----

INT 0x01 \??\C:\Users\WAYNEL~1\AppData\Local\Temp\mbr.sys 9AEDAC42

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8A806340, 0x33EBD7, 0xE8000020]
? C:\Users\WAYNEL~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!OpenFile 76C63569 5 Bytes JMP 0159895D C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!WriteFileEx 76C641D9 5 Bytes JMP 01598904 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!ReadFileEx 76C6460F 5 Bytes JMP 01598852 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!GetOverlappedResult 76C6F234 5 Bytes JMP 01598B85 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!SetFilePointerEx 76C7F296 5 Bytes JMP 01598A05 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!SetFilePointer 76C8CB49 5 Bytes JMP 015989AB C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!ReadFile 76CA0610 7 Bytes JMP 015987F9 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!GetFileSizeEx 76CA8D77 5 Bytes JMP 01598B3E C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!GetFileSize 76CA8DB6 5 Bytes JMP 01598AF7 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!WriteFile 76CACB06 7 Bytes JMP 015988AB C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!CloseHandle 76CACE05 5 Bytes JMP 01598AB6 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!CreateFileW 76CACE4E 5 Bytes JMP 01598793 C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Program Files\PPStream\PPSAP.exe[3252] kernel32.dll!CreateFileA 76CAD171 5 Bytes JMP 0159872D C:\Program Files\PPStream\Vodres.dll (PPS ?????/PPStream Inc.)
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!InternetReadFile 75B1654B 5 Bytes JMP 02A6D128
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!HttpQueryInfoA 75B1878D 5 Bytes JMP 02A6E700
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!InternetCloseHandle 75B19088 5 Bytes JMP 02A6D870
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!HttpAddRequestHeadersA 75B1CF4E 5 Bytes JMP 02A6BB50
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!HttpOpenRequestA 75B1D508 5 Bytes JMP 02A6ACC0
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!InternetConnectA 75B1DEAE 5 Bytes JMP 02A6A578
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!HttpSendRequestW 75B1FABE 5 Bytes JMP 02A6C9E0
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!InternetOpenA 75B2D690 5 Bytes JMP 02A69E30
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!HttpSendRequestA 75B2EE89 5 Bytes JMP 02A6C298
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!InternetReadFileExA 75B33259 5 Bytes JMP 02A6B408
.text C:\Windows\System32\rundll32.exe[3356] wininet.dll!InternetErrorDlg 75B9A783 5 Bytes JMP 02A6DFB8
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!InternetReadFile 75B1654B 5 Bytes JMP 028BD0F0
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!HttpQueryInfoA 75B1878D 5 Bytes JMP 028BE6C8
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!InternetCloseHandle 75B19088 5 Bytes JMP 028BD838
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!HttpAddRequestHeadersA 75B1CF4E 5 Bytes JMP 028BBB18
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!HttpOpenRequestA 75B1D508 5 Bytes JMP 028BAC88
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!InternetConnectA 75B1DEAE 5 Bytes JMP 028BA540
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!HttpSendRequestW 75B1FABE 5 Bytes JMP 028BC9A8
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!InternetOpenA 75B2D690 5 Bytes JMP 028B9DF8
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!HttpSendRequestA 75B2EE89 5 Bytes JMP 028BC260
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!InternetReadFileExA 75B33259 5 Bytes JMP 028BB3D0
.text C:\Windows\System32\rundll32.exe[3364] wininet.dll!InternetErrorDlg 75B9A783 5 Bytes JMP 028BDF80
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!InternetReadFile 75B1654B 5 Bytes JMP 02A3D0F0
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!HttpQueryInfoA 75B1878D 5 Bytes JMP 02A3E6C8
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!InternetCloseHandle 75B19088 5 Bytes JMP 02A3D838
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!HttpAddRequestHeadersA 75B1CF4E 5 Bytes JMP 02A3BB18
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!HttpOpenRequestA 75B1D508 5 Bytes JMP 02A3AC88
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!InternetConnectA 75B1DEAE 5 Bytes JMP 02A3A540
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!HttpSendRequestW 75B1FABE 5 Bytes JMP 02A3C9A8
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!InternetOpenA 75B2D690 5 Bytes JMP 02A39DF8
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!HttpSendRequestA 75B2EE89 5 Bytes JMP 02A3C260
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!InternetReadFileExA 75B33259 5 Bytes JMP 02A3B3D0
.text C:\Windows\System32\rundll32.exe[3388] wininet.dll!InternetErrorDlg 75B9A783 5 Bytes JMP 02A3DF80
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4324] USER32.dll!TrackPopupMenu 76ED1417 5 Bytes JMP 649F7D29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] ntdll.dll!LdrLoadDll 771E79B3 5 Bytes JMP 001513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] kernel32.dll!CreateProcessW 76C61C01 5 Bytes JMP 10022ADA C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] kernel32.dll!ResumeThread 76C7CFE1 5 Bytes JMP 10022CBD C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] WS2_32.dll!closesocket 76E8330C 5 Bytes JMP 10022717 C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] WS2_32.dll!WSASocketW 76E834EB 7 Bytes JMP 100225FE C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] WS2_32.dll!connect 76E840D9 5 Bytes JMP 1002263C C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] WS2_32.dll!WSAConnect 76E8D7B0 5 Bytes JMP 100226A4 C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] WS2_32.dll!getpeername 76E9A863 5 Bytes JMP 10022733 C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] USER32.dll!GetMessageW 76ECF83F 5 Bytes JMP 1002290A C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] USER32.dll!PeekMessageW 76ECFD9F 5 Bytes JMP 100229B4 C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] USER32.dll!TrackPopupMenu 76ED1417 5 Bytes JMP 10022A61 C:\ProgramData\JavaBackupOnline.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] USER32.dll!TrackPopupMenuEx 76EE0F4D 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5460] USER32.dll!TrackPopupMenuEx 76EE0F4D 5 Bytes JMP 10022A9F C:\ProgramData\JavaBackupOnline.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Files - GMER 1.0.15 ----

File C:\Users\Wayne Liao\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZUB3QGG\ddc[1].htm 11198 bytes
File C:\Users\Wayne Liao\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAACJT1C\01[1].htm 7606 bytes
File C:\Users\Wayne Liao\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAACJT1C\iframe3[1].htm 1339 bytes
File C:\Users\Wayne Liao\AppData\Roaming\Microsoft\Windows\Cookies\wayne_liao@dc.tremormedia[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 17 October 2011 - 09:47 PM

Hello,


Please continue with the steps above.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 wtl63

wtl63
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 17 October 2011 - 11:45 PM

Here's TDSS log followed by combofix log. It's been half hour since scans and no redirecting issues so far and speed seems normal.

22:30:09.0224 7156 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
22:30:09.0893 7156 ============================================================
22:30:09.0893 7156 Current date / time: 2011/10/17 22:30:09.0893
22:30:09.0893 7156 SystemInfo:
22:30:09.0893 7156
22:30:09.0894 7156 OS Version: 6.0.6001 ServicePack: 1.0
22:30:09.0894 7156 Product type: Workstation
22:30:09.0894 7156 ComputerName: WAYNELIAO-PC
22:30:09.0894 7156 UserName: Wayne Liao
22:30:09.0894 7156 Windows directory: C:\Windows
22:30:09.0894 7156 System windows directory: C:\Windows
22:30:09.0894 7156 Processor architecture: Intel x86
22:30:09.0894 7156 Number of processors: 2
22:30:09.0894 7156 Page size: 0x1000
22:30:09.0894 7156 Boot type: Normal boot
22:30:09.0894 7156 ============================================================
22:30:12.0645 7156 Initialize success
22:30:28.0153 8116 ============================================================
22:30:28.0153 8116 Scan started
22:30:28.0153 8116 Mode: Manual;
22:30:28.0153 8116 ============================================================
22:30:32.0219 8116 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
22:30:32.0226 8116 ACPI - ok
22:30:32.0350 8116 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:30:32.0369 8116 adp94xx - ok
22:30:32.0436 8116 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:30:32.0461 8116 adpahci - ok
22:30:32.0503 8116 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:30:32.0564 8116 adpu160m - ok
22:30:32.0609 8116 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:30:32.0613 8116 adpu320 - ok
22:30:32.0672 8116 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
22:30:32.0837 8116 AegisP - ok
22:30:32.0985 8116 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
22:30:33.0000 8116 AFD - ok
22:30:33.0098 8116 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:30:33.0130 8116 agp440 - ok
22:30:33.0196 8116 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:30:33.0199 8116 aic78xx - ok
22:30:33.0265 8116 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:30:33.0267 8116 aliide - ok
22:30:33.0312 8116 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:30:33.0315 8116 amdagp - ok
22:30:33.0365 8116 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:30:33.0367 8116 amdide - ok
22:30:33.0448 8116 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:30:33.0590 8116 AmdK7 - ok
22:30:33.0674 8116 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:30:33.0816 8116 AmdK8 - ok
22:30:34.0015 8116 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:30:34.0018 8116 arc - ok
22:30:34.0080 8116 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:30:34.0082 8116 arcsas - ok
22:30:34.0190 8116 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:34.0273 8116 AsyncMac - ok
22:30:34.0335 8116 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
22:30:34.0336 8116 atapi - ok
22:30:34.0553 8116 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
22:30:34.0557 8116 AvgLdx86 - ok
22:30:34.0613 8116 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
22:30:34.0656 8116 AvgMfx86 - ok
22:30:34.0718 8116 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
22:30:34.0749 8116 AvgTdiX - ok
22:30:34.0833 8116 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:30:34.0884 8116 Beep - ok
22:30:34.0928 8116 blbdrive - ok
22:30:35.0042 8116 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
22:30:35.0212 8116 bowser - ok
22:30:35.0354 8116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:30:35.0398 8116 BrFiltLo - ok
22:30:35.0443 8116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:30:35.0445 8116 BrFiltUp - ok
22:30:35.0499 8116 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:30:35.0541 8116 Brserid - ok
22:30:35.0593 8116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:30:35.0634 8116 BrSerWdm - ok
22:30:35.0687 8116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:30:35.0743 8116 BrUsbMdm - ok
22:30:35.0789 8116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:30:35.0818 8116 BrUsbSer - ok
22:30:35.0902 8116 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:30:35.0924 8116 BTHMODEM - ok
22:30:36.0016 8116 catchme - ok
22:30:36.0112 8116 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:30:36.0137 8116 cdfs - ok
22:30:36.0235 8116 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:30:36.0311 8116 cdrom - ok
22:30:36.0393 8116 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:30:36.0434 8116 circlass - ok
22:30:36.0506 8116 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
22:30:36.0511 8116 CLFS - ok
22:30:36.0626 8116 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:30:36.0628 8116 cmdide - ok
22:30:36.0690 8116 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:30:36.0691 8116 Compbatt - ok
22:30:36.0736 8116 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:30:36.0739 8116 crcdisk - ok
22:30:36.0780 8116 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:30:36.0801 8116 Crusoe - ok
22:30:36.0895 8116 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
22:30:37.0049 8116 CSC - ok
22:30:37.0165 8116 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
22:30:37.0213 8116 DfsC - ok
22:30:37.0278 8116 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:30:37.0315 8116 disk - ok
22:30:37.0393 8116 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:30:37.0521 8116 drmkaud - ok
22:30:37.0593 8116 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:30:37.0750 8116 DXGKrnl - ok
22:30:37.0822 8116 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:30:37.0860 8116 E1G60 - ok
22:30:37.0938 8116 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:30:37.0981 8116 Ecache - ok
22:30:38.0081 8116 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:30:38.0117 8116 elxstor - ok
22:30:38.0206 8116 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:30:38.0237 8116 exfat - ok
22:30:38.0288 8116 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:30:38.0326 8116 fastfat - ok
22:30:38.0392 8116 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:30:38.0411 8116 fdc - ok
22:30:38.0469 8116 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:30:38.0473 8116 FileInfo - ok
22:30:38.0532 8116 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:30:38.0557 8116 Filetrace - ok
22:30:38.0609 8116 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:30:38.0643 8116 flpydisk - ok
22:30:38.0709 8116 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:30:38.0713 8116 FltMgr - ok
22:30:38.0744 8116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:30:38.0786 8116 Fs_Rec - ok
22:30:38.0839 8116 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
22:30:38.0851 8116 fvevol - ok
22:30:38.0902 8116 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:30:38.0945 8116 gagp30kx - ok
22:30:39.0009 8116 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:30:39.0041 8116 GEARAspiWDM - ok
22:30:39.0488 8116 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:30:39.0638 8116 HdAudAddService - ok
22:30:40.0010 8116 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:30:40.0060 8116 HDAudBus - ok
22:30:40.0139 8116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:30:40.0169 8116 HidBth - ok
22:30:40.0213 8116 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:30:40.0244 8116 HidIr - ok
22:30:40.0316 8116 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:30:40.0393 8116 HidUsb - ok
22:30:40.0447 8116 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:30:40.0449 8116 HpCISSs - ok
22:30:40.0543 8116 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
22:30:40.0934 8116 HTTP - ok
22:30:41.0037 8116 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:30:41.0041 8116 i2omp - ok
22:30:41.0297 8116 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:30:41.0369 8116 i8042prt - ok
22:30:41.0424 8116 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:30:41.0430 8116 iaStorV - ok
22:30:41.0706 8116 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:30:41.0718 8116 iirsp - ok
22:30:41.0922 8116 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:30:41.0945 8116 intelide - ok
22:30:42.0224 8116 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:30:42.0332 8116 intelppm - ok
22:30:42.0728 8116 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:30:42.0821 8116 IpFilterDriver - ok
22:30:43.0149 8116 IpInIp - ok
22:30:43.0432 8116 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:30:43.0504 8116 IPMIDRV - ok
22:30:43.0935 8116 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:30:44.0036 8116 IPNAT - ok
22:30:44.0124 8116 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:30:44.0126 8116 IRENUM - ok
22:30:44.0177 8116 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:30:44.0180 8116 isapnp - ok
22:30:44.0254 8116 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:30:44.0279 8116 iScsiPrt - ok
22:30:44.0327 8116 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:30:44.0329 8116 iteatapi - ok
22:30:44.0375 8116 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:30:44.0395 8116 iteraid - ok
22:30:44.0457 8116 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:30:44.0512 8116 kbdclass - ok
22:30:44.0727 8116 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:30:44.0801 8116 kbdhid - ok
22:30:44.0924 8116 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:30:44.0980 8116 KSecDD - ok
22:30:45.0102 8116 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
22:30:45.0120 8116 Lbd - ok
22:30:45.0217 8116 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:30:45.0244 8116 lltdio - ok
22:30:45.0331 8116 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:30:45.0334 8116 LSI_FC - ok
22:30:45.0401 8116 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:30:45.0404 8116 LSI_SAS - ok
22:30:45.0460 8116 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:30:45.0463 8116 LSI_SCSI - ok
22:30:45.0525 8116 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:30:45.0566 8116 luafv - ok
22:30:45.0659 8116 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
22:30:45.0791 8116 LVUSBSta - ok
22:30:45.0899 8116 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:30:45.0901 8116 megasas - ok
22:30:46.0002 8116 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:30:46.0051 8116 Modem - ok
22:30:46.0121 8116 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:30:46.0163 8116 monitor - ok
22:30:46.0215 8116 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:30:46.0246 8116 mouclass - ok
22:30:46.0284 8116 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:30:46.0324 8116 mouhid - ok
22:30:46.0394 8116 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:30:46.0397 8116 MountMgr - ok
22:30:46.0446 8116 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:30:46.0449 8116 mpio - ok
22:30:46.0516 8116 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:30:46.0541 8116 mpsdrv - ok
22:30:46.0597 8116 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:30:46.0599 8116 Mraid35x - ok
22:30:46.0637 8116 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:30:46.0677 8116 MRxDAV - ok
22:30:46.0752 8116 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:30:46.0790 8116 mrxsmb - ok
22:30:46.0864 8116 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:30:46.0883 8116 mrxsmb10 - ok
22:30:46.0921 8116 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:30:46.0943 8116 mrxsmb20 - ok
22:30:47.0000 8116 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:30:47.0004 8116 msahci - ok
22:30:47.0076 8116 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:30:47.0079 8116 msdsm - ok
22:30:47.0139 8116 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:30:47.0172 8116 Msfs - ok
22:30:47.0233 8116 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:30:47.0237 8116 msisadrv - ok
22:30:47.0313 8116 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:30:47.0328 8116 MSKSSRV - ok
22:30:47.0396 8116 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:30:47.0407 8116 MSPCLOCK - ok
22:30:47.0452 8116 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:30:47.0454 8116 MSPQM - ok
22:30:47.0522 8116 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:30:47.0527 8116 MsRPC - ok
22:30:47.0556 8116 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:30:47.0560 8116 mssmbios - ok
22:30:47.0593 8116 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:30:47.0631 8116 MSTEE - ok
22:30:47.0701 8116 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:30:47.0704 8116 Mup - ok
22:30:47.0779 8116 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:30:47.0882 8116 NativeWifiP - ok
22:30:47.0960 8116 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
22:30:47.0970 8116 NDIS - ok
22:30:48.0082 8116 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:30:48.0084 8116 NdisTapi - ok
22:30:48.0138 8116 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:30:48.0140 8116 Ndisuio - ok
22:30:48.0200 8116 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:30:48.0234 8116 NdisWan - ok
22:30:48.0563 8116 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:30:48.0589 8116 NDProxy - ok
22:30:48.0677 8116 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:30:48.0683 8116 NetBIOS - ok
22:30:48.0766 8116 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
22:30:48.0796 8116 netbt - ok
22:30:48.0881 8116 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:30:48.0884 8116 nfrd960 - ok
22:30:48.0922 8116 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:30:48.0929 8116 Npfs - ok
22:30:48.0990 8116 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:30:49.0019 8116 nsiproxy - ok
22:30:49.0131 8116 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:30:49.0190 8116 Ntfs - ok
22:30:49.0234 8116 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:30:49.0251 8116 ntrigdigi - ok
22:30:49.0300 8116 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:30:49.0303 8116 Null - ok
22:30:49.0578 8116 nvlddmkm (0c2fff51fcc657bf0011f27fc40e5ff3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:30:49.0809 8116 nvlddmkm - ok
22:30:49.0884 8116 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:30:49.0902 8116 nvraid - ok
22:30:50.0019 8116 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:30:50.0128 8116 nvstor - ok
22:30:50.0837 8116 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:30:50.0940 8116 nv_agp - ok
22:30:51.0466 8116 NwlnkFlt - ok
22:30:51.0861 8116 NwlnkFwd - ok
22:30:52.0531 8116 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:30:52.0661 8116 ohci1394 - ok
22:30:53.0346 8116 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
22:30:53.0421 8116 Parport - ok
22:30:54.0031 8116 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:30:54.0097 8116 partmgr - ok
22:30:54.0708 8116 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
22:30:55.0018 8116 Parvdm - ok
22:30:55.0462 8116 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:30:55.0466 8116 pci - ok
22:30:55.0506 8116 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
22:30:55.0519 8116 pciide - ok
22:30:55.0573 8116 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:30:55.0578 8116 pcmcia - ok
22:30:55.0630 8116 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:30:55.0723 8116 PEAUTH - ok
22:30:56.0212 8116 PID_0920 (a937c4e37c0c1003ce5fca1e5e103fdc) C:\Windows\system32\DRIVERS\LV532AV.SYS
22:30:56.0271 8116 PID_0920 - ok
22:30:56.0409 8116 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:30:56.0447 8116 PptpMiniport - ok
22:30:56.0515 8116 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:30:56.0536 8116 Processor - ok
22:30:56.0602 8116 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:30:56.0684 8116 PSched - ok
22:30:56.0749 8116 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:30:56.0765 8116 ql2300 - ok
22:30:56.0826 8116 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:30:56.0829 8116 ql40xx - ok
22:30:56.0900 8116 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:30:56.0903 8116 QWAVEdrv - ok
22:30:56.0990 8116 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:30:56.0993 8116 RasAcd - ok
22:30:57.0087 8116 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:30:57.0125 8116 Rasl2tp - ok
22:30:57.0194 8116 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:30:57.0240 8116 RasPppoe - ok
22:30:57.0277 8116 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:30:57.0303 8116 RasSstp - ok
22:30:57.0337 8116 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:30:57.0372 8116 rdbss - ok
22:30:57.0431 8116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:30:57.0491 8116 RDPCDD - ok
22:30:57.0711 8116 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
22:30:57.0799 8116 rdpdr - ok
22:30:58.0156 8116 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:30:58.0216 8116 RDPENCDD - ok
22:30:58.0501 8116 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:30:58.0559 8116 RDPWD - ok
22:30:59.0038 8116 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:30:59.0530 8116 rspndr - ok
22:31:00.0075 8116 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
22:31:00.0342 8116 RT61 - ok
22:31:00.0739 8116 rt61x86 (dd0bacc94b640abd17901557814e0bff) C:\Windows\system32\DRIVERS\netr61.sys
22:31:01.0053 8116 rt61x86 - ok
22:31:01.0542 8116 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:31:01.0676 8116 RTL8169 - ok
22:31:02.0000 8116 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:31:02.0025 8116 sbp2port - ok
22:31:02.0175 8116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:31:02.0209 8116 secdrv - ok
22:31:02.0747 8116 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
22:31:03.0065 8116 Serenum - ok
22:31:03.0596 8116 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
22:31:03.0680 8116 Serial - ok
22:31:04.0027 8116 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:31:04.0113 8116 sermouse - ok
22:31:04.0461 8116 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:31:04.0529 8116 sffdisk - ok
22:31:04.0826 8116 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:04.0865 8116 sffp_mmc - ok
22:31:04.0921 8116 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:31:04.0937 8116 sffp_sd - ok
22:31:04.0986 8116 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:31:04.0989 8116 sfloppy - ok
22:31:05.0052 8116 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:31:05.0055 8116 sisagp - ok
22:31:05.0107 8116 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:31:05.0110 8116 SiSRaid2 - ok
22:31:05.0153 8116 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:31:05.0156 8116 SiSRaid4 - ok
22:31:05.0250 8116 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:31:05.0286 8116 Smb - ok
22:31:05.0343 8116 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\Windows\system32\DRIVERS\snapman.sys
22:31:05.0371 8116 snapman - ok
22:31:05.0432 8116 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:31:05.0437 8116 spldr - ok
22:31:05.0610 8116 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
22:31:05.0652 8116 srv - ok
22:31:05.0722 8116 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
22:31:05.0757 8116 srv2 - ok
22:31:05.0822 8116 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:05.0850 8116 srvnet - ok
22:31:05.0976 8116 STHDA (e452b5652be21488ab4bb8b8b990fafa) C:\Windows\system32\drivers\stwrt.sys
22:31:06.0018 8116 STHDA - ok
22:31:06.0086 8116 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:31:06.0090 8116 swenum - ok
22:31:06.0170 8116 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:31:06.0174 8116 Symc8xx - ok
22:31:06.0227 8116 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:31:06.0229 8116 Sym_hi - ok
22:31:06.0280 8116 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:31:06.0282 8116 Sym_u3 - ok
22:31:06.0351 8116 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
22:31:06.0378 8116 Tcpip - ok
22:31:06.0418 8116 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:06.0425 8116 Tcpip6 - ok
22:31:06.0491 8116 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:31:06.0494 8116 tcpipreg - ok
22:31:06.0552 8116 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:31:06.0555 8116 TDPIPE - ok
22:31:06.0605 8116 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:31:06.0622 8116 TDTCP - ok
22:31:06.0692 8116 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:31:06.0696 8116 tdx - ok
22:31:06.0788 8116 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:31:06.0790 8116 TermDD - ok
22:31:06.0903 8116 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
22:31:06.0980 8116 tifsfilter - ok
22:31:07.0029 8116 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
22:31:07.0192 8116 timounter - ok
22:31:07.0325 8116 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:07.0340 8116 tssecsrv - ok
22:31:07.0444 8116 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:31:07.0472 8116 tunmp - ok
22:31:07.0555 8116 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:07.0571 8116 tunnel - ok
22:31:07.0627 8116 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:31:07.0630 8116 uagp35 - ok
22:31:07.0697 8116 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:31:07.0704 8116 udfs - ok
22:31:07.0757 8116 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:31:07.0760 8116 uliagpkx - ok
22:31:07.0818 8116 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:31:07.0823 8116 uliahci - ok
22:31:07.0869 8116 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:31:07.0873 8116 UlSata - ok
22:31:07.0940 8116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:31:07.0945 8116 ulsata2 - ok
22:31:07.0998 8116 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:31:08.0025 8116 umbus - ok
22:31:08.0128 8116 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:31:08.0243 8116 USBAAPL - ok
22:31:08.0312 8116 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
22:31:08.0349 8116 usbaudio - ok
22:31:08.0421 8116 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:08.0464 8116 usbccgp - ok
22:31:08.0527 8116 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:31:08.0554 8116 usbcir - ok
22:31:08.0607 8116 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
22:31:08.0629 8116 usbehci - ok
22:31:08.0674 8116 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:08.0698 8116 usbhub - ok
22:31:08.0745 8116 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:31:08.0749 8116 usbohci - ok
22:31:08.0801 8116 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:08.0819 8116 usbprint - ok
22:31:08.0886 8116 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:08.0908 8116 USBSTOR - ok
22:31:08.0977 8116 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:08.0980 8116 usbuhci - ok
22:31:09.0036 8116 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:09.0052 8116 vga - ok
22:31:09.0124 8116 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:31:09.0128 8116 VgaSave - ok
22:31:09.0170 8116 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:31:09.0173 8116 viaagp - ok
22:31:09.0266 8116 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:31:09.0309 8116 ViaC7 - ok
22:31:09.0359 8116 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:31:09.0361 8116 viaide - ok
22:31:09.0443 8116 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:31:09.0448 8116 volmgr - ok
22:31:09.0513 8116 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:31:09.0535 8116 volmgrx - ok
22:31:09.0715 8116 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:31:09.0720 8116 volsnap - ok
22:31:09.0765 8116 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:31:09.0769 8116 vsmraid - ok
22:31:09.0911 8116 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\Windows\system32\DRIVERS\VX3000.sys
22:31:09.0971 8116 VX3000 - ok
22:31:10.0080 8116 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:31:10.0109 8116 WacomPen - ok
22:31:10.0182 8116 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:10.0185 8116 Wanarp - ok
22:31:10.0219 8116 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:10.0220 8116 Wanarpv6 - ok
22:31:10.0287 8116 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:31:10.0302 8116 Wd - ok
22:31:10.0407 8116 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:31:10.0416 8116 Wdf01000 - ok
22:31:10.0622 8116 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:31:10.0653 8116 WmiAcpi - ok
22:31:10.0728 8116 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:31:10.0775 8116 WpdUsb - ok
22:31:11.0135 8116 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:11.0150 8116 ws2ifsl - ok
22:31:11.0535 8116 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:11.0599 8116 WUDFRd - ok
22:31:11.0656 8116 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:31:11.0685 8116 \Device\Harddisk0\DR0 - ok
22:31:11.0712 8116 Boot (0x1200) (a753a7559963aa7ba1cdfeeb395bcde8) \Device\Harddisk0\DR0\Partition0
22:31:11.0770 8116 \Device\Harddisk0\DR0\Partition0 - ok
22:31:11.0770 8116 ============================================================
22:31:11.0770 8116 Scan finished
22:31:11.0770 8116 ============================================================
22:31:11.0786 7788 Detected object count: 0
22:31:11.0786 7788 Actual detected object count: 0
22:32:58.0049 5304 Deinitialize success


ComboFix 11-10-17.02 - Wayne Liao 10/17/2011 23:12:35.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1023.358 [GMT -5:00]
Running from: c:\users\Wayne Liao\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\JavaBackupOnline.dll
c:\users\Wayne Liao\AppData\Local\{E8ECAA81-3A09-4A92-91E2-51A49F48E96D}
c:\users\Wayne Liao\AppData\Local\{E8ECAA81-3A09-4A92-91E2-51A49F48E96D}\chrome.manifest
c:\users\Wayne Liao\AppData\Local\{E8ECAA81-3A09-4A92-91E2-51A49F48E96D}\chrome\content\_cfg.js
c:\users\Wayne Liao\AppData\Local\{E8ECAA81-3A09-4A92-91E2-51A49F48E96D}\chrome\content\overlay.xul
c:\users\Wayne Liao\AppData\Local\{E8ECAA81-3A09-4A92-91E2-51A49F48E96D}\install.rdf
c:\users\Wayne Liao\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll
c:\users\Wayne Liao\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll
c:\users\Wayne Liao\AppData\Local\Google\GoogleUpdate\Googleupdt32.dll
c:\users\Wayne Liao\AppData\Local\InternetUser.dll
c:\users\Wayne Liao\AppData\Local\SystemPTR.dll
c:\users\Wayne Liao\AppData\Roaming\Adobe\plugs
c:\users\Wayne Liao\AppData\Roaming\Adobe\plugs\mmc120
c:\users\Wayne Liao\AppData\Roaming\Adobe\plugs\mmc257965686.txt
c:\users\Wayne Liao\AppData\Roaming\Adobe\shed
c:\users\Wayne Liao\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}
c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}\chrome.manifest
c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}\chrome\xulcache.jar
c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}\defaults\preferences\xulcache.js
c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 04:21 . 2011-10-18 04:26 -------- d-----w- c:\users\Wayne Liao\AppData\Local\temp
2011-10-18 04:21 . 2011-10-18 04:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-18 04:21 . 2011-10-18 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 03:50 . 2011-10-18 03:50 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-10-12 08:01 . 2011-10-12 08:04 -------- d-----w- C:\db5bf6be05c6cced06c7e4e1
2011-10-05 18:56 . 2011-10-05 18:56 -------- d-----w- c:\program files\Application Updater
2011-10-05 18:56 . 2011-10-10 17:12 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-10-05 18:56 . 2011-10-05 18:56 -------- d-----w- c:\program files\Common Files\Spigot
2011-10-05 18:52 . 2011-10-05 18:52 -------- d-----w- c:\programdata\YouTube Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 06:50 . 2009-11-15 20:15 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-08-11 05:23 . 2010-10-13 20:54 0 ----a-w- c:\users\Wayne Liao\AppData\Local\Xnucaniqeribec.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-30 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"SigmatelSysTrayApp"="sttray.exe" [2007-06-22 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-26 8429568]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-30 2076512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-26 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-26 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-12 528832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"MRT"="c:\windows\system32\MRT.exe" [2011-10-12 48324552]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-28 894304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-12 669936]
.
c:\users\Wayne Liao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MutiKeyboard Driver.lnk - c:\program files\MultiKeyboard Driver\KbdDrv.exe [2008-1-25 350720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter\Installer\WIN2K\RaUI.exe [2008-1-25 720896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-12 1036104]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-10 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-08 243152]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 rt61x86;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2009-06-10 335872]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:41]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 06:16]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 06:16]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294028945-1975489361-449909758-1000Core.job
- c:\users\Wayne Liao\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 00:55]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294028945-1975489361-449909758-1000UA.job
- c:\users\Wayne Liao\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-JavaBackupOnline - c:\programdata\JavaBackupOnline.dll
HKCU-Run-YahooPartnerToolbar Update - c:\users\Wayne Liao\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll
HKCU-Run-RALINK Update - c:\users\Wayne Liao\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll
HKCU-Run-Malwarebytes' Update - c:\users\Wayne Liao\AppData\Local\Google\GoogleUpdate\Googleupdt32.dll
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\STacSV.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-10-17 23:33:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 04:33
ComboFix2.txt 2010-10-14 18:13
.
Pre-Run: 214,793,015,296 bytes free
Post-Run: 215,170,117,632 bytes free
.
- - End Of File - - 967D3C1AEA08AA4E1E4779596833676E

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 18 October 2011 - 12:55 PM

Hello,

Looks like the main problem is gone just some leftovers to deal with.

1.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


2.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\users\Wayne Liao\AppData\Local\Xnucaniqeribec.bin

Folder::c:\program files\Common Files\Spigot

DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6092

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

4.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
Combofix.txt
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 wtl63

wtl63
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 18 October 2011 - 09:18 PM

ComboFix 11-10-18.04 - Wayne Liao 10/18/2011 18:48:37.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1023.533 [GMT -5:00]
Running from: c:\users\Wayne Liao\Downloads\ComboFix.exe
Command switches used :: c:\users\Wayne Liao\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Wayne Liao\AppData\Local\Xnucaniqeribec.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wayne Liao\AppData\Local\Xnucaniqeribec.bin
c:\users\Wayne Liao\Taskmgr.exe
c:\users\Wayne Liao\wevtapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 23:55 . 2011-10-18 23:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-18 23:55 . 2011-10-18 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 04:21 . 2011-10-18 23:55 -------- d-----w- c:\users\Wayne Liao\AppData\Local\temp
2011-10-12 08:01 . 2011-10-12 08:04 -------- d-----w- C:\db5bf6be05c6cced06c7e4e1
2011-10-05 18:56 . 2011-10-05 18:56 -------- d-----w- c:\program files\Application Updater
2011-10-05 18:56 . 2011-10-10 17:12 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-10-05 18:56 . 2011-10-05 18:56 -------- d-----w- c:\program files\Common Files\Spigot
2011-10-05 18:52 . 2011-10-05 18:52 -------- d-----w- c:\programdata\YouTube Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 06:50 . 2009-11-15 20:15 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-30 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"SigmatelSysTrayApp"="sttray.exe" [2007-06-22 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-26 8429568]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-30 2076512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-26 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-26 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-12 528832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"MRT"="c:\windows\system32\MRT.exe" [2011-10-12 48324552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-12 669936]
.
c:\users\Wayne Liao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MutiKeyboard Driver.lnk - c:\program files\MultiKeyboard Driver\KbdDrv.exe [2008-1-25 350720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter\Installer\WIN2K\RaUI.exe [2008-1-25 720896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-12 1036104]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-10 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-08 243152]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S3 rt61x86;Gigabyte RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2009-06-10 335872]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:41]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 06:16]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 06:16]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294028945-1975489361-449909758-1000Core.job
- c:\users\Wayne Liao\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 00:55]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294028945-1975489361-449909758-1000UA.job
- c:\users\Wayne Liao\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG9\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 18:55
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-18 18:58:08
ComboFix-quarantined-files.txt 2011-10-18 23:58
ComboFix2.txt 2011-10-18 04:33
ComboFix3.txt 2010-10-14 18:13
.
Pre-Run: 214,220,984,320 bytes free
Post-Run: 214,196,510,720 bytes free
.
- - End Of File - - A89A0D0E9A424DD1FFD3CAF4F3149BEF

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

10/18/2011 7:16:30 PM
mbam-log-2011-10-18 (19-16-30).txt

Scan type: Quick scan
Objects scanned: 134250
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\JavaBackupOnline.dll.vir Win32/TrojanDownloader.Tracur.I trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\wevtapi.dll.vir Win32/Agent.STE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Local\InternetUser.dll.vir a variant of Win32/Kryptik.TYW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Local\SystemPTR.dll.vir a variant of Win32/Kryptik.UAE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll.vir a variant of Win32/Kryptik.UAE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll.vir a variant of Win32/Kryptik.UAE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Local\Google\GoogleUpdate\Googleupdt32.dll.vir a variant of Win32/Kryptik.TYW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Roaming\Adobe\plugs\mmc257965686.txt.vir a variant of Win32/Kryptik.RBO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Wayne Liao\AppData\Roaming\Mozilla\Firefox\Profiles\hft2pfnn.default\extensions\{a02b37c4-ad1f-49e6-aa34-4ec84d3756e8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\AskSBar\bar\Cache\0D5B599A Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6b7fb14c-1e28f58b a variant of Win32/Kryptik.TPW trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\455b38f-6940480a a variant of Win32/Kryptik.TQB trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42d6ad16-7440d971 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-1d62fa60 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21af6c-6ce29652 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3cfe1c75-5a942f85 a variant of Win32/Kryptik.RBH trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5e44d8b8-3eb7b1e8 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-5004d770 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2bc3143e-7e1c3e0e a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Wayne Liao\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Wayne Liao\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Wayne Liao\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Wayne Liao\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Wayne Liao\Desktop\frostwire-4.13.4.windows.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Users\Wayne Liao\Downloads\frostwire-4.21.1.windows.exe Win32/OpenCandy application deleted - quarantined

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 18 October 2011 - 10:07 PM

Hello,


Please re-run MalwareBytes again we like to see all 0's. Go ahead and run Eset first. Then post those two logs. How is the machine running now. Any popups?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 20 October 2011 - 01:42 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 wtl63

wtl63
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 21 October 2011 - 12:17 AM

ESET showed zero threats so there was no option for creating a log. Below is malwarebytes log. The redirecting virus appears to be gone now. Thanks. The only issue i have now is that my internet speed has been inconsistent, going from normal to slow. however another computer in the house that's connected directly to modem is always at normal speed. my computer is using off the wireless router so i thought it should be same speed. is this an internet connection issue?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

10/21/2011 12:13:10 AM
mbam-log-2011-10-21 (00-13-10).txt

Scan type: Quick scan
Objects scanned: 136694
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 21 October 2011 - 10:40 PM

my computer is using off the wireless router so i thought it should be same speed. is this an internet connection issue?

It's probably more of a Wireless Router issue. There are different routers and usually the less money equals less quality. I would plug directly into the other router not the wireless one and see if your speed is better.



Hello, wtl63.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 23 October 2011 - 08:53 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:05 AM

Posted 26 October 2011 - 10:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users