Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disenfection Request


  • This topic is locked This topic is locked
16 replies to this topic

#1 T_Thomas

T_Thomas

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 20 February 2012 - 07:42 PM

User said she clicked an email link from "FedEX" (she was expecting a package...)

Computer froze, then re-booted, and immediately got a window saying machine was infected and "click to repair"

She called me, the defacto tech guy who really knows not very much about such matters.

I powered the machine off without touching anything, then booted into SafeMode and logged into a different Administrator account.

SuperAntiSpyWare, MBAM, SpywareBlaster were already installed on machine, so I ran these from SafeMode.

Each found several infections along with many tracking cookies, and I let them remove all. One of the items SAS found was: Rootkit.Cloaked/Service-GEN C:\WINDOWS\SYSTEM32\DRIVERS\EE1C3F3D487D15B7.SYS

This rootkit cannot be deleted, and continues to show up in subsequent SAS and GMER scans.

GMER gives an error message upon execution (see gmer_Error.jpg attachment), but it then runs with some options grayed out. (See gmr_Screen.jpg)


Also, AntiVir will not run"real-time protection", because the service will not start.
I did do a full system Avira scan, and removed/quarantined several other infections.



The machine actually seems to be functioning properly now, but SAS and GMER still flag the rootkit, and Avira will not run its realtime service. I have tried de-installing and reinstalling Avira, but this was before some of the other diagnostics.




--------------------------------------------------
DDS Log:
--------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ******** at 18:55:38 on 2012-02-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.697 [GMT -5:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8978D7A8-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EC-0D24-347CA8A3377C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\1038ea9f-ba33-4ff5-9a7c-e9d8d4dea043.com
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = about:blank
mCustomizeSearch = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uExplorerRun: [PlotSoft] c:\documents and settings\**********\application data\9B43D7.exe
uPolicies-explorer: MaxRecentDocs = 6 (0x6)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
Trusted Zone: web-access.com\www.rbccentura
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148304425578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.4483449074
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.2
TCP: Interfaces\{C4713C70-ED9A-4BDD-B777-31BC3F384982} : DhcpNameServer = 192.168.0.2
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.0.6 sabrina
.
============= SERVICES / DRIVERS ===============
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-20 86224]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-12-22 821592]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
S0 5b316656b5922ac5;KB00261892.exe;\SystemRoot\\SystemRoot\System32\Drivers\5b316656b5922ac5.sys --> \SystemRoot\\SystemRoot\System32\Drivers\5b316656b5922ac5.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-20 36000]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-20 110032]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-20 74640]
S3 ILWGLHU;ILWGLHU;c:\docume~1\oaksun~1.sab\locals~1\temp\ILWGLHU.exe [2012-2-20 457600]
S3 OFAJIJQPNMZ;OFAJIJQPNMZ;c:\docume~1\admini~1.sab\locals~1\temp\OFAJIJQPNMZ.exe [2012-2-20 461696]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\peachtree2011\SmartPostingService2011.exe [2010-9-13 43848]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2012-2-20 30368]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2012-2-20 16208]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2012-2-20 246816]
.
=============== Created Last 30 ================
.
2012-02-20 19:23:21 -------- d-----w- c:\documents and settings\************\application data\Avira
2012-02-20 19:21:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-20 19:21:53 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-20 19:21:51 -------- d-----w- c:\program files\Avira
2012-02-20 19:21:51 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-02-20 19:18:52 -------- d-----w- c:\documents and settings\************\application data\IObit
2012-02-20 19:05:16 -------- d-----w- c:\program files\common files\Spigot
2012-02-20 17:54:21 -------- d-----w- c:\documents and settings\all users\application data\529C535701377E010003E1F6D151FC84
.
==================== Find3M ====================
.
2011-12-22 12:52:16 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:56:11.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 21 February 2012 - 10:22 AM

Progress Update:

Used MBAM FileASSASSIN to kill the file named as a rootkit.

After a couple reboot cycles, Avira realtime service started and ran properly.

Windows Update downloaded and installed 21 updates without error.
(Was set for AutoUpdate, but must have been disabled for some time...)

Manually downloaded latest versions of Adobe Reader and Java,
then uninstalled previous versions of these and installed new versions.

Avira, SuperAntiSpyware, & MBAM now run clean scans.

GMER now also loads properly and runs clean scan.


Remaining issues:

Why does DDS show 6 instances of AVIRA?
What are the toolbar (TB) entries in the DDS log?
How do I permanently get rid of ctfmon.exe?
Is AdobeARM necessary?
The removed rootkit file still shows up in the log "Services/Drivers" ("S0" entries) with "[?]" by the listing.
There are also a few other listings here with the "[?]" ...


Anything else I should be concerned about?

Thanks




-------------------------------------------

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ************ at 9:44:22 on 2012-02-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.855 [GMT -5:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8978D7A8-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EC-0D24-347CA8A3377C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = about:blank
mCustomizeSearch = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uExplorerRun: [PlotSoft] c:\documents and settings\************\application data\9B43D7.exe
uPolicies-explorer: MaxRecentDocs = 6 (0x6)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148304425578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.4483449074
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.2
TCP: Interfaces\{C4713C70-ED9A-4BDD-B777-31BC3F384982} : DhcpNameServer = 192.168.0.2
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.0.6 **********
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-20 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-20 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-20 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-20 74640]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-12-22 821592]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
S0 5b316656b5922ac5;KB00261892.exe;\SystemRoot\\SystemRoot\System32\Drivers\5b316656b5922ac5.sys --> \SystemRoot\\SystemRoot\System32\Drivers\5b316656b5922ac5.sys [?]
S0 ee1c3f3d487d15b7;KB00261892.exe;\SystemRoot\\SystemRoot\System32\Drivers\ee1c3f3d487d15b7.sys --> \SystemRoot\\SystemRoot\System32\Drivers\ee1c3f3d487d15b7.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 ILWGLHU;ILWGLHU;c:\docume~1\oaksun~1.sab\locals~1\temp\ilwglhu.exe --> c:\docume~1\oaksun~1.sab\locals~1\temp\ILWGLHU.exe [?]
S3 OFAJIJQPNMZ;OFAJIJQPNMZ;c:\docume~1\admini~1.sab\locals~1\temp\ofajijqpnmz.exe --> c:\docume~1\admini~1.sab\locals~1\temp\OFAJIJQPNMZ.exe [?]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\peachtree2011\SmartPostingService2011.exe [2010-9-13 43848]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2012-2-20 30368]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2012-2-20 16208]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2012-2-20 246816]
.
=============== Created Last 30 ================
.
2012-02-21 13:49:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-21 13:49:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 12:18:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-21 12:18:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-20 19:23:21 -------- d-----w- c:\documents and settings\************\application data\Avira
2012-02-20 19:21:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-20 19:21:53 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-20 19:21:51 -------- d-----w- c:\program files\Avira
2012-02-20 19:21:51 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-02-20 19:18:52 -------- d-----w- c:\documents and settings\************\application data\IObit
2012-02-20 19:05:16 -------- d-----w- c:\program files\common files\Spigot
2012-02-20 17:54:21 -------- d-----w- c:\documents and settings\all users\application data\529C535701377E010003E1F6D151FC84
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 12:52:16 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 9:45:21.93 ===============

Edited by T_Thomas, 21 February 2012 - 10:25 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 26 February 2012 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Is this process from SuperAntiSpyware or some malware?
C:\Program Files\SUPERAntiSpyware\1038ea9f-ba33-4ff5-9a7c-e9d8d4dea043.com
If not sure please stop the process using the Task Manager.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 27 February 2012 - 08:44 AM

Hello nasdaq,

Thank you for assisting.

The process C:\Program Files\SUPERAntiSpyware\1038ea9f-ba33-4ff5-9a7c-e9d8d4dea043.com
is not currently running on the machine.

If you will refer back to my previous post, you will see that it is also absent from the more recent DDS Scan.



TDSKiller is clean:


08:00:31.0343 3696 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
08:00:31.0718 3696 ============================================================
08:00:31.0718 3696 Current date / time: 2012/02/27 08:00:31.0718
08:00:31.0718 3696 SystemInfo:
08:00:31.0718 3696
08:00:31.0718 3696 OS Version: 5.1.2600 ServicePack: 3.0
08:00:31.0718 3696 Product type: Workstation
08:00:31.0718 3696 ComputerName: SABRINA
08:00:31.0718 3696 UserName: **********
08:00:31.0718 3696 Windows directory: C:\WINDOWS
08:00:31.0718 3696 System windows directory: C:\WINDOWS
08:00:31.0718 3696 Processor architecture: Intel x86
08:00:31.0718 3696 Number of processors: 1
08:00:31.0718 3696 Page size: 0x1000
08:00:31.0718 3696 Boot type: Normal boot
08:00:31.0718 3696 ============================================================
08:00:33.0343 3696 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:00:33.0343 3696 \Device\Harddisk0\DR0:
08:00:33.0343 3696 MBR used
08:00:33.0343 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A6DA7A
08:00:33.0390 3696 Initialize success
08:00:33.0390 3696 ============================================================
08:01:24.0250 1268 ============================================================
08:01:24.0250 1268 Scan started
08:01:24.0250 1268 Mode: Manual;
08:01:24.0250 1268 ============================================================
08:01:24.0546 1268 5b316656b5922ac5 - ok
08:01:24.0578 1268 Abiosdsk - ok
08:01:24.0625 1268 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
08:01:24.0625 1268 abp480n5 - ok
08:01:24.0718 1268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:01:24.0718 1268 ACPI - ok
08:01:24.0796 1268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:01:24.0796 1268 ACPIEC - ok
08:01:24.0875 1268 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
08:01:24.0875 1268 adpu160m - ok
08:01:24.0968 1268 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
08:01:24.0968 1268 aeaudio - ok
08:01:25.0062 1268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:01:25.0062 1268 aec - ok
08:01:25.0171 1268 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:01:25.0171 1268 AFD - ok
08:01:25.0296 1268 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
08:01:25.0296 1268 agp440 - ok
08:01:25.0375 1268 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
08:01:25.0375 1268 agpCPQ - ok
08:01:25.0468 1268 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
08:01:25.0468 1268 Aha154x - ok
08:01:25.0546 1268 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
08:01:25.0546 1268 aic78u2 - ok
08:01:25.0625 1268 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
08:01:25.0625 1268 aic78xx - ok
08:01:25.0718 1268 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
08:01:25.0718 1268 AliIde - ok
08:01:25.0796 1268 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
08:01:25.0796 1268 alim1541 - ok
08:01:25.0906 1268 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
08:01:25.0906 1268 amdagp - ok
08:01:25.0984 1268 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
08:01:25.0984 1268 amsint - ok
08:01:26.0078 1268 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
08:01:26.0078 1268 asc - ok
08:01:26.0156 1268 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
08:01:26.0156 1268 asc3350p - ok
08:01:26.0234 1268 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
08:01:26.0234 1268 asc3550 - ok
08:01:26.0343 1268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:01:26.0343 1268 AsyncMac - ok
08:01:26.0437 1268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:01:26.0437 1268 atapi - ok
08:01:26.0546 1268 Atdisk - ok
08:01:26.0625 1268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:01:26.0625 1268 Atmarpc - ok
08:01:26.0718 1268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:01:26.0718 1268 audstub - ok
08:01:26.0812 1268 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:01:26.0812 1268 avgntflt - ok
08:01:26.0906 1268 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:01:26.0906 1268 avipbb - ok
08:01:27.0000 1268 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
08:01:27.0000 1268 avkmgr - ok
08:01:27.0125 1268 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
08:01:27.0140 1268 BCMModem - ok
08:01:27.0265 1268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:01:27.0265 1268 Beep - ok
08:01:27.0328 1268 bvrp_pci - ok
08:01:27.0390 1268 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
08:01:27.0390 1268 cbidf - ok
08:01:27.0437 1268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:01:27.0437 1268 cbidf2k - ok
08:01:27.0531 1268 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
08:01:27.0531 1268 cd20xrnt - ok
08:01:27.0593 1268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:01:27.0593 1268 Cdaudio - ok
08:01:27.0671 1268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:01:27.0671 1268 Cdfs - ok
08:01:27.0750 1268 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
08:01:27.0750 1268 Cdr4_xp - ok
08:01:27.0843 1268 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
08:01:27.0843 1268 Cdralw2k - ok
08:01:27.0937 1268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:01:27.0937 1268 Cdrom - ok
08:01:28.0015 1268 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
08:01:28.0031 1268 cdudf_xp - ok
08:01:28.0078 1268 Changer - ok
08:01:28.0187 1268 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
08:01:28.0187 1268 CmdIde - ok
08:01:28.0281 1268 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
08:01:28.0281 1268 Cpqarray - ok
08:01:28.0375 1268 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
08:01:28.0375 1268 dac2w2k - ok
08:01:28.0453 1268 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
08:01:28.0453 1268 dac960nt - ok
08:01:28.0562 1268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:01:28.0562 1268 Disk - ok
08:01:28.0687 1268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:01:28.0703 1268 dmboot - ok
08:01:28.0843 1268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:01:28.0843 1268 dmio - ok
08:01:28.0937 1268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:01:28.0937 1268 dmload - ok
08:01:29.0031 1268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:01:29.0031 1268 DMusic - ok
08:01:29.0109 1268 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
08:01:29.0109 1268 dpti2o - ok
08:01:29.0187 1268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:01:29.0187 1268 drmkaud - ok
08:01:29.0265 1268 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
08:01:29.0265 1268 dvd_2K - ok
08:01:29.0359 1268 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:01:29.0359 1268 E100B - ok
08:01:29.0421 1268 ee1c3f3d487d15b7 - ok
08:01:29.0515 1268 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
08:01:29.0515 1268 EL90XBC - ok
08:01:29.0625 1268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:01:29.0625 1268 Fastfat - ok
08:01:29.0734 1268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:01:29.0734 1268 Fdc - ok
08:01:29.0875 1268 FileMonitor (9200a69413d69ab86add9bc81960be7b) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
08:01:29.0890 1268 FileMonitor - ok
08:01:29.0984 1268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:01:29.0984 1268 Fips - ok
08:01:30.0093 1268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:01:30.0093 1268 Flpydisk - ok
08:01:30.0203 1268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:01:30.0203 1268 FltMgr - ok
08:01:30.0281 1268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:01:30.0296 1268 Fs_Rec - ok
08:01:30.0359 1268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:01:30.0359 1268 Ftdisk - ok
08:01:30.0453 1268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:01:30.0453 1268 Gpc - ok
08:01:30.0546 1268 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
08:01:30.0546 1268 hpn - ok
08:01:30.0640 1268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:01:30.0640 1268 HTTP - ok
08:01:30.0734 1268 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:01:30.0734 1268 i2omgmt - ok
08:01:30.0812 1268 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
08:01:30.0812 1268 i2omp - ok
08:01:30.0890 1268 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:01:30.0890 1268 i8042prt - ok
08:01:30.0968 1268 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
08:01:30.0968 1268 i81x - ok
08:01:31.0046 1268 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
08:01:31.0046 1268 iAimFP0 - ok
08:01:31.0125 1268 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
08:01:31.0125 1268 iAimFP1 - ok
08:01:31.0218 1268 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
08:01:31.0218 1268 iAimFP2 - ok
08:01:31.0296 1268 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
08:01:31.0296 1268 iAimFP3 - ok
08:01:31.0375 1268 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
08:01:31.0375 1268 iAimFP4 - ok
08:01:31.0484 1268 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
08:01:31.0484 1268 iAimTV0 - ok
08:01:31.0562 1268 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
08:01:31.0562 1268 iAimTV1 - ok
08:01:31.0625 1268 iAimTV2 - ok
08:01:31.0687 1268 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
08:01:31.0687 1268 iAimTV3 - ok
08:01:31.0796 1268 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
08:01:31.0796 1268 iAimTV4 - ok
08:01:31.0890 1268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:01:31.0890 1268 Imapi - ok
08:01:31.0968 1268 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
08:01:31.0968 1268 ini910u - ok
08:01:32.0062 1268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
08:01:32.0062 1268 IntelIde - ok
08:01:32.0156 1268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:01:32.0156 1268 intelppm - ok
08:01:32.0218 1268 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:01:32.0218 1268 ip6fw - ok
08:01:32.0281 1268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:01:32.0281 1268 IpFilterDriver - ok
08:01:32.0359 1268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:01:32.0359 1268 IpInIp - ok
08:01:32.0453 1268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:01:32.0453 1268 IpNat - ok
08:01:32.0546 1268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:01:32.0546 1268 IPSec - ok
08:01:32.0625 1268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:01:32.0625 1268 IRENUM - ok
08:01:32.0703 1268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:01:32.0703 1268 isapnp - ok
08:01:32.0781 1268 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:01:32.0781 1268 Kbdclass - ok
08:01:32.0859 1268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:01:32.0859 1268 kmixer - ok
08:01:32.0953 1268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:01:32.0953 1268 KSecDD - ok
08:01:33.0031 1268 Lbd - ok
08:01:33.0062 1268 lbrtfdc - ok
08:01:33.0156 1268 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
08:01:33.0156 1268 mmc_2K - ok
08:01:33.0250 1268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:01:33.0250 1268 mnmdd - ok
08:01:33.0328 1268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:01:33.0328 1268 Modem - ok
08:01:33.0390 1268 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:01:33.0390 1268 MODEMCSA - ok
08:01:33.0468 1268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:01:33.0468 1268 Mouclass - ok
08:01:33.0578 1268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:01:33.0578 1268 MountMgr - ok
08:01:33.0640 1268 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
08:01:33.0640 1268 mraid35x - ok
08:01:33.0734 1268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:01:33.0734 1268 MRxDAV - ok
08:01:33.0843 1268 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:01:33.0859 1268 MRxSmb - ok
08:01:33.0984 1268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:01:33.0984 1268 Msfs - ok
08:01:34.0078 1268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:01:34.0078 1268 MSKSSRV - ok
08:01:34.0156 1268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:01:34.0156 1268 MSPCLOCK - ok
08:01:34.0218 1268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:01:34.0218 1268 MSPQM - ok
08:01:34.0296 1268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:01:34.0296 1268 mssmbios - ok
08:01:34.0375 1268 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:01:34.0375 1268 Mup - ok
08:01:34.0453 1268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:01:34.0453 1268 NDIS - ok
08:01:34.0593 1268 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:01:34.0609 1268 NdisTapi - ok
08:01:34.0671 1268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:01:34.0671 1268 Ndisuio - ok
08:01:34.0750 1268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:01:34.0750 1268 NdisWan - ok
08:01:34.0859 1268 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:01:34.0859 1268 NDProxy - ok
08:01:34.0921 1268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:01:34.0921 1268 NetBIOS - ok
08:01:35.0031 1268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:01:35.0046 1268 NetBT - ok
08:01:35.0171 1268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:01:35.0171 1268 Npfs - ok
08:01:35.0265 1268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:01:35.0281 1268 Ntfs - ok
08:01:35.0406 1268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:01:35.0406 1268 Null - ok
08:01:35.0531 1268 nv (225e98ae20ac0a37ee2ab89a1596b0c1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:01:35.0546 1268 nv - ok
08:01:35.0656 1268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:01:35.0656 1268 NwlnkFlt - ok
08:01:35.0734 1268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:01:35.0734 1268 NwlnkFwd - ok
08:01:35.0828 1268 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
08:01:35.0828 1268 omci - ok
08:01:35.0921 1268 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
08:01:35.0937 1268 P3 - ok
08:01:36.0000 1268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:01:36.0000 1268 Parport - ok
08:01:36.0078 1268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:01:36.0078 1268 PartMgr - ok
08:01:36.0140 1268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:01:36.0140 1268 ParVdm - ok
08:01:36.0218 1268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:01:36.0218 1268 PCI - ok
08:01:36.0265 1268 PCIDump - ok
08:01:36.0343 1268 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:01:36.0343 1268 PCIIde - ok
08:01:36.0453 1268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:01:36.0468 1268 Pcmcia - ok
08:01:36.0562 1268 PDCOMP - ok
08:01:36.0609 1268 PDFRAME - ok
08:01:36.0640 1268 PDRELI - ok
08:01:36.0671 1268 PDRFRAME - ok
08:01:36.0718 1268 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
08:01:36.0734 1268 perc2 - ok
08:01:36.0796 1268 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
08:01:36.0796 1268 perc2hib - ok
08:01:36.0906 1268 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
08:01:36.0906 1268 pfc - ok
08:01:36.0984 1268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:01:36.0984 1268 PptpMiniport - ok
08:01:37.0078 1268 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:01:37.0078 1268 Processor - ok
08:01:37.0156 1268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:01:37.0156 1268 PSched - ok
08:01:37.0218 1268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:01:37.0218 1268 Ptilink - ok
08:01:37.0312 1268 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
08:01:37.0312 1268 pwd_2k - ok
08:01:37.0375 1268 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
08:01:37.0375 1268 ql1080 - ok
08:01:37.0468 1268 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
08:01:37.0468 1268 Ql10wnt - ok
08:01:37.0546 1268 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
08:01:37.0546 1268 ql12160 - ok
08:01:37.0625 1268 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
08:01:37.0625 1268 ql1240 - ok
08:01:37.0703 1268 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
08:01:37.0703 1268 ql1280 - ok
08:01:37.0781 1268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:01:37.0781 1268 RasAcd - ok
08:01:37.0875 1268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:01:37.0875 1268 Rasl2tp - ok
08:01:37.0953 1268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:01:37.0953 1268 RasPppoe - ok
08:01:38.0015 1268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:01:38.0015 1268 Raspti - ok
08:01:38.0109 1268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:01:38.0109 1268 Rdbss - ok
08:01:38.0187 1268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:01:38.0187 1268 RDPCDD - ok
08:01:38.0281 1268 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:01:38.0296 1268 rdpdr - ok
08:01:38.0406 1268 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:01:38.0406 1268 RDPWD - ok
08:01:38.0531 1268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:01:38.0531 1268 redbook - ok
08:01:38.0671 1268 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
08:01:38.0671 1268 RegFilter - ok
08:01:38.0781 1268 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:01:38.0781 1268 SASDIFSV - ok
08:01:38.0796 1268 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:01:38.0796 1268 SASKUTIL - ok
08:01:38.0937 1268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:01:38.0937 1268 Secdrv - ok
08:01:39.0031 1268 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:01:39.0031 1268 serenum - ok
08:01:39.0109 1268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:01:39.0109 1268 Serial - ok
08:01:39.0203 1268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:01:39.0203 1268 Sfloppy - ok
08:01:39.0250 1268 Simbad - ok
08:01:39.0312 1268 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
08:01:39.0328 1268 sisagp - ok
08:01:39.0437 1268 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
08:01:39.0453 1268 smwdm - ok
08:01:39.0593 1268 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
08:01:39.0593 1268 Sparrow - ok
08:01:39.0671 1268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:01:39.0671 1268 splitter - ok
08:01:39.0781 1268 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
08:01:39.0781 1268 sptd - ok
08:01:39.0906 1268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:01:39.0921 1268 sr - ok
08:01:40.0031 1268 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:01:40.0031 1268 Srv - ok
08:01:40.0171 1268 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:01:40.0171 1268 ssmdrv - ok
08:01:40.0265 1268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:01:40.0265 1268 swenum - ok
08:01:40.0343 1268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:01:40.0343 1268 swmidi - ok
08:01:40.0421 1268 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
08:01:40.0421 1268 symc810 - ok
08:01:40.0515 1268 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
08:01:40.0515 1268 symc8xx - ok
08:01:40.0593 1268 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
08:01:40.0593 1268 sym_hi - ok
08:01:40.0656 1268 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
08:01:40.0656 1268 sym_u3 - ok
08:01:40.0750 1268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:01:40.0750 1268 sysaudio - ok
08:01:40.0875 1268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:01:40.0875 1268 Tcpip - ok
08:01:41.0015 1268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:01:41.0015 1268 TDPIPE - ok
08:01:41.0078 1268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:01:41.0093 1268 TDTCP - ok
08:01:41.0171 1268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:01:41.0171 1268 TermDD - ok
08:01:41.0250 1268 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
08:01:41.0250 1268 TosIde - ok
08:01:41.0343 1268 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
08:01:41.0343 1268 UdfReadr_xp - ok
08:01:41.0453 1268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:01:41.0453 1268 Udfs - ok
08:01:41.0531 1268 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
08:01:41.0531 1268 ultra - ok
08:01:41.0625 1268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:01:41.0640 1268 Update - ok
08:01:41.0781 1268 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
08:01:41.0781 1268 UrlFilter - ok
08:01:41.0890 1268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:01:41.0890 1268 usbehci - ok
08:01:41.0968 1268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:01:41.0968 1268 usbhub - ok
08:01:42.0031 1268 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:01:42.0046 1268 USBSTOR - ok
08:01:42.0109 1268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:01:42.0109 1268 usbuhci - ok
08:01:42.0187 1268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:01:42.0187 1268 VgaSave - ok
08:01:42.0281 1268 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
08:01:42.0281 1268 viaagp - ok
08:01:42.0375 1268 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
08:01:42.0375 1268 ViaIde - ok
08:01:42.0453 1268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:01:42.0453 1268 VolSnap - ok
08:01:42.0562 1268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:01:42.0562 1268 Wanarp - ok
08:01:42.0640 1268 WDICA - ok
08:01:42.0703 1268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:01:42.0703 1268 wdmaud - ok
08:01:42.0812 1268 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:01:42.0984 1268 \Device\Harddisk0\DR0 - ok
08:01:42.0984 1268 Boot (0x1200) (e5f5de8acc4bbf2ef7bb1db40611eb42) \Device\Harddisk0\DR0\Partition0
08:01:43.0000 1268 \Device\Harddisk0\DR0\Partition0 - ok
08:01:43.0000 1268 ============================================================
08:01:43.0000 1268 Scan finished
08:01:43.0000 1268 ============================================================
08:01:43.0015 1596 Detected object count: 0
08:01:43.0015 1596 Actual detected object count: 0





aswMBR Log:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 08:03:58
-----------------------------
08:03:58.968 OS Version: Windows 5.1.2600 Service Pack 3
08:03:58.968 Number of processors: 1 586 0x207
08:03:58.968 ComputerName: ********** UserName:
08:03:59.468 Initialize success
08:04:44.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:04:44.718 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
08:04:44.750 Disk 0 MBR read successfully
08:04:44.750 Disk 0 MBR scan
08:04:44.750 Disk 0 Windows XP default MBR code
08:04:44.750 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
08:04:44.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38107 MB offset 64260
08:04:44.765 Disk 0 scanning sectors +78108030
08:04:44.843 Disk 0 scanning C:\WINDOWS\system32\drivers
08:04:55.546 Service scanning
08:05:09.671 Modules scanning
08:05:16.296 Disk 0 trace - called modules:
08:05:16.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:05:16.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8973bab8]
08:05:16.328 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8974ad98]
08:05:16.328 Scan finished successfully
08:06:09.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\**********\Desktop\MBR.dat"
08:06:09.453 The log file has been saved successfully to "C:\Documents and Settings\**********\Desktop\aswMBR_2012-02-27.txt"





The attachment MBR.dat file was renamed because I was not allowed to upload *.dat files.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 27 February 2012 - 09:47 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

#6 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 27 February 2012 - 09:53 AM

Do you see something which suggests that there is still a problem?

I ask because it is inconvenient for me to get access to this machine during business hours.
It can be done in an emergency, but it is disruptive.

Is the ComboFix just preventative, or urgent?

If not urgent, I will wait until latre this afternoon to run the scans...

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 27 February 2012 - 11:34 AM

No urgency do it when you can.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 04 March 2012 - 10:56 AM

Are you still with me?

#9 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 05 March 2012 - 10:11 AM

Yes, sorry for the delay.
I will attempt to run ComboFix sometime today and post logs.

#10 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 09 March 2012 - 03:32 PM

ComboFix 12-03-09.05 - ********** 03/09/2012 15:16:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.802 [GMT -5:00]
Running from: c:\documents and settings\**********\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00DB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804E5358-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8978D7A8-FFA4-00EC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EC-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\**********\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\AF101dat.dll
c:\windows\system32\AF120dat.dll
c:\windows\system32\AF180DAT.dll
c:\windows\system32\AF223DAT.dll
c:\windows\system32\af320dat.dll
c:\windows\system32\AF557DAT.dll
c:\windows\system32\AF800DAT.dll
c:\windows\system32\AF857DAT.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-02-21 15:10 . 2012-02-21 15:10 -------- d-----w- c:\documents and settings\**********\Local Settings\Application Data\Temp
2012-02-21 13:49 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-21 13:49 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 12:19 . 2012-02-21 12:19 -------- d-----w- c:\program files\Common Files\Java
2012-02-21 12:18 . 2012-02-21 12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-21 12:18 . 2012-02-21 12:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-21 12:18 . 2012-02-21 12:18 -------- d-----w- c:\program files\Java
2012-02-21 12:17 . 2012-02-21 12:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-20 19:37 . 2012-02-20 19:37 -------- d-----w- c:\documents and settings\OaksUnlimited
2012-02-20 19:23 . 2012-02-20 19:23 -------- d-----w- c:\documents and settings\**********\Application Data\Avira
2012-02-20 19:21 . 2012-02-20 22:19 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-20 19:21 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-20 19:21 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-20 19:21 . 2012-02-20 19:21 -------- d-----w- c:\program files\Avira
2012-02-20 19:21 . 2012-02-20 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-02-20 19:18 . 2012-02-20 19:28 -------- d-----w- c:\documents and settings\**********\Application Data\IObit
2012-02-20 19:05 . 2012-02-20 19:05 -------- d-----w- c:\program files\Common Files\Spigot
2012-02-20 18:07 . 2012-02-20 18:09 -------- d-----w- c:\documents and settings\Administrator.**********
2012-02-20 17:54 . 2012-02-20 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\529C535701377E010003E1F6D151FC84
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 18:31 . 2011-05-13 12:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2002-08-29 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 12:52 . 2011-12-22 12:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-17 19:46 . 2006-04-28 14:58 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-12-22 16:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-14 23:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"HPDJ Taskbar Utility"=c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe
"BCMSMMSG"=BCMSMMSG.exe
"<NO NAME>"=
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" /autostart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Peach\\V1500\\PeachUpdx15.exe"=
"c:\\Program Files\\Sage Software\\Integration Services\\bin\\AIS2.Server.Console.exe"=
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [2/20/2012 2:21 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 12:54 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/20/2012 2:21 PM 86224]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [12/22/2011 7:47 AM 821592]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [6/6/2008 12:03 PM 435496]
S0 5b316656b5922ac5;KB00261892.exe;\SystemRoot\\SystemRoot\System32\Drivers\5b316656b5922ac5.sys --> \SystemRoot\\SystemRoot\System32\Drivers\5b316656b5922ac5.sys [?]
S0 ee1c3f3d487d15b7;KB00261892.exe;\SystemRoot\\SystemRoot\System32\Drivers\ee1c3f3d487d15b7.sys --> \SystemRoot\\SystemRoot\System32\Drivers\ee1c3f3d487d15b7.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [12/29/2010 6:06 PM 691696]
S3 ILWGLHU;ILWGLHU;c:\docume~1\OAKSUN~1.SAB\LOCALS~1\Temp\ILWGLHU.exe --> c:\docume~1\OAKSUN~1.SAB\LOCALS~1\Temp\ILWGLHU.exe [?]
S3 OFAJIJQPNMZ;OFAJIJQPNMZ;c:\docume~1\ADMINI~1.SAB\LOCALS~1\Temp\OFAJIJQPNMZ.exe --> c:\docume~1\ADMINI~1.SAB\LOCALS~1\Temp\OFAJIJQPNMZ.exe [?]
S3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\program files\Peachtree2011\SmartPostingService2011.exe [9/13/2010 6:55 PM 43848]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [2/20/2012 2:04 PM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [2/20/2012 2:04 PM 16208]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [2/20/2012 2:04 PM 246816]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
Trusted Zone: web-access.com\www.rbccentura
TCP: DhcpNameServer = 192.168.0.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-09 15:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3007800785-313467718-2400134143-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-03-09 15:25:34
ComboFix-quarantined-files.txt 2012-03-09 20:25
.
Pre-Run: 23,642,910,720 bytes free
Post-Run: 23,809,871,872 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 05B77DE9DF92F110C54834244B8B6B23

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 11 March 2012 - 09:36 AM

Sorry for this long delay. I lost my internet all day yesterday and just got it back.

The ComboFix log is clean.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#12 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 12 March 2012 - 11:06 AM

...Let me know what problem persists.


No problem at all on the delay - long past the critical stage of this exorcism.

Will run this later and get back to you.

Thanks

#13 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 14 March 2012 - 06:23 AM

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware
HijackThis 2.0.2
CCleaner
Java Web Start
Java™ 6 Update 31
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
IObit IObit Malware Fighter IMFsrv.exe
``````````End of Log````````````

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 14 March 2012 - 09:19 AM

Your log is clean.

I would remove the HijackThis 2.0.2 using the Add/Remove Programs list.
The DDS tool is now requested by most forum. It gives us more information on your system.
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#15 T_Thomas

T_Thomas
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 14 March 2012 - 09:48 AM

OK, will do.

And - Thanks very much for your help.

Is there some rating or review process to give you credit for the assistance?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users