Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage is all over the place


  • This topic is locked This topic is locked
19 replies to this topic

#1 atomic1225

atomic1225

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 22 February 2012 - 01:26 PM

When I open task manager the CPU usage is all over the place, we normally only browse the internet with firefox, I made a bunch of the recommended changes to the browser and settings that were recommended in the forum. Ive used AVG, AVast, Spybot and mbam and i dont find anything. Am I crazy or ??Attached File  hijackthis.log   9.58KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 25 February 2012 - 01:52 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


This may or may not be malware related but I will go thru the computer to at least rule out malware

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 25 February 2012 - 10:58 AM

Hello and Thank you first... Just same symptoms of high erradic CPU and Firefox not shutting down properly... heres the log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Compaq_Owner at 9:48:56 on 2012-02-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.589 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{FF2E8FCC-8118-45E6-8E81-DC211EC273DF} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\zu170txh.default\extensions\avg@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2010-3-22 38656]
.
=============== Created Last 30 ================
.
2012-02-22 02:16:55 14664 ----a-w- c:\windows\stinger.sys
2012-02-22 02:15:12 -------- d-----w- c:\program files\stinger
2012-02-15 10:05:52 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 10:05:52 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-05 20:38:21 -------- d-----w- c:\program files\eMusic Download Manager
2012-02-03 22:33:56 16116696 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-01-28 23:36:38 -------- d-----w- C:\Courageous
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 01:46:49 13824 ----a-w- c:\windows\system32\wscntfy.exe
2012-01-12 00:30:16 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-12-19 08:53:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53:33 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-16 13:16:31 369664 ----a-w- c:\windows\system32\html.iec
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 9:51:01.85 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 25 February 2012 - 01:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 25 February 2012 - 09:39 PM

Combofix insisted that AVG was running but I had previously uninstalled it...



LOG:

ComboFix 12-02-25.02 - Compaq_Owner 02/25/2012 17:08:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.623 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrator\WINDOWS
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Compaq_Owner\WINDOWS
C:\Documents and Settings\Default User\WINDOWS
C:\Program Files\CouponAlert_2pEI
C:\Program Files\RegGenie
C:\Program Files\RegGenie\Backups\40922.7569645139
C:\Program Files\RegGenie\RegGenie.ini
C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
C:\WINDOWS\jestertb.dll
C:\WINDOWS\RegGenieOnUninstall.exe
C:\WINDOWS\settings.reg
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\0a0231392a4bede3.fb
C:\WINDOWS\system32\Cache\272512937d9e61a4.fb
C:\WINDOWS\system32\Cache\287204568329e189.fb
C:\WINDOWS\system32\Cache\28bc8f716fd76a47.fb
C:\WINDOWS\system32\Cache\2c53092c95605355.fb
C:\WINDOWS\system32\Cache\3917078cb68ec657.fb
C:\WINDOWS\system32\Cache\487a7f1cdd4dc489.fb
C:\WINDOWS\system32\Cache\590ba23ce359fd0c.fb
C:\WINDOWS\system32\Cache\610289e025a3ee9a.fb
C:\WINDOWS\system32\Cache\651c5d3cdbfb8bd1.fb
C:\WINDOWS\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\WINDOWS\system32\Cache\ad10a52aff5e038d.fb
C:\WINDOWS\system32\Cache\c4d28dca2e7648be.fb
C:\WINDOWS\system32\Cache\d201ef9910cd39de.fb
C:\WINDOWS\system32\Cache\d2e94710a5708128.fb
C:\WINDOWS\system32\Cache\d79b9dfe81484ec4.fb
C:\WINDOWS\system32\Cache\e0de16f883bea794.fb
C:\WINDOWS\system32\config\systemprofile\WINDOWS
C:\WINDOWS\system32\ps2.bat
C:\WINDOWS\system32\SET38C.tmp
C:\WINDOWS\system32\SET391.tmp
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))


2012-02-22 02:16:55 . 2012-02-22 02:18:07 14664 ----a-w- C:\WINDOWS\stinger.sys
2012-02-22 02:15:12 . 2012-02-22 02:33:01 -------- d-----w- C:\Program Files\stinger
2012-02-15 10:05:52 . 2012-01-11 19:06:47 3072 ------w- C:\WINDOWS\system32\iacenc.dll
2012-02-15 10:05:52 . 2012-01-11 19:06:47 3072 ------w- C:\WINDOWS\system32\dllcache\iacenc.dll
2012-02-05 20:38:21 . 2012-02-06 04:44:57 -------- d-----w- C:\Program Files\eMusic Download Manager
2012-02-03 22:33:56 . 2012-02-21 02:11:23 16116696 ----a-w- C:\Program Files\Mozilla Firefox\xul.dll
2012-01-29 23:20:03 . 2012-01-29 23:20:03 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2012-01-28 23:36:38 . 2012-01-29 02:49:18 -------- d-----w- C:\Courageous
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-12 16:53:24 . 2004-08-04 12:00:00 1859968 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-01-12 01:46:49 . 2004-08-04 12:00:00 13824 ----a-w- C:\WINDOWS\system32\wscntfy.exe
2012-01-12 00:30:16 . 2012-01-12 00:30:16 917504 ----a-w- C:\WINDOWS\system32\FLASH.OCX
2011-12-19 08:53:33 . 2004-08-04 12:00:00 667136 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-12-19 08:53:33 . 2004-08-04 12:00:00 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx
2011-12-19 08:53:32 . 2012-01-19 01:04:05 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2011-12-16 13:16:31 . 2004-08-04 12:00:00 369664 ----a-w- C:\WINDOWS\system32\html.iec
2011-12-10 21:24:06 . 2010-07-14 23:28:30 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-21 02:12:30 . 2012-02-03 22:34:43 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 06:34:02 245760]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-10 20:30:27 7557120]
"nwiz"="nwiz.exe" [2006-03-10 20:30:29 1519616]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-10 20:30:28 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-10 08:41:00 180269]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 15:51:52 57344]
"P17Helper"="P17.dll" [2005-05-03 11:38:42 64512]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 06:00:00 90112]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 06:52:06 59240]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 05:25:58 59240]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 18:13:50 49208]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-16 23:22:12 421736]
"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 20:12:28 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KGShareApp]
2011-09-22 18:27:46 394752 ----a-w- C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 esgiguard;esgiguard;\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys --> C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 SQTECH9052;Disney Micro;C:\WINDOWS\system32\drivers\Capt9052.sys [3/22/2010 3:54:23 PM 38656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-02-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50:20 . 2011-06-01 22:57:16]

2012-02-23 C:\WINDOWS\Tasks\At1.job
- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13:56 . 2011-05-25 22:13:56]

2012-02-23 C:\WINDOWS\Tasks\At2.job
- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13:56 . 2011-05-25 22:13:56]

2012-02-23 C:\WINDOWS\Tasks\At3.job
- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13:56 . 2011-05-25 22:13:56]

2012-02-25 C:\WINDOWS\Tasks\At4.job
- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13:56 . 2011-05-25 22:13:56]

2012-02-25 C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-02 20:53:10 . 2011-11-02 20:53:10]

2012-02-25 C:\WINDOWS\Tasks\HP Photo Creations Messager.job
- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-02 20:53:10 . 2011-11-02 20:53:10]

Supplementary scan did not complete!

- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-BJCFD - C:\Program Files\BroadJump\Client Foundation\CFD.exe

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 25 February 2012 - 09:58 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 26 February 2012 - 12:16 PM

My computer seems to be getting stuck when it restarts at the Black Windows XP screen when I restart it...

Heres the Logs:

TDSSKiller:

21:06:11.0578 1304 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
21:06:12.0046 1304 ============================================================
21:06:12.0046 1304 Current date / time: 2012/02/25 21:06:12.0046
21:06:12.0046 1304 SystemInfo:
21:06:12.0046 1304
21:06:12.0046 1304 OS Version: 5.1.2600 ServicePack: 3.0
21:06:12.0046 1304 Product type: Workstation
21:06:12.0046 1304 ComputerName: BURNETT
21:06:12.0046 1304 UserName: Compaq_Owner
21:06:12.0046 1304 Windows directory: C:\WINDOWS
21:06:12.0046 1304 System windows directory: C:\WINDOWS
21:06:12.0046 1304 Processor architecture: Intel x86
21:06:12.0046 1304 Number of processors: 1
21:06:12.0046 1304 Page size: 0x1000
21:06:12.0046 1304 Boot type: Normal boot
21:06:12.0046 1304 ============================================================
21:06:14.0984 1304 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:06:15.0062 1304 \Device\Harddisk0\DR0:
21:06:15.0062 1304 MBR used
21:06:15.0062 1304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xD05C93
21:06:15.0062 1304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD05CD2, BlocksNum 0x11D0EF2E
21:06:15.0125 1304 Initialize success
21:06:15.0125 1304 ============================================================
21:06:58.0500 0596 ============================================================
21:06:58.0500 0596 Scan started
21:06:58.0500 0596 Mode: Manual;
21:06:58.0500 0596 ============================================================
21:06:59.0515 0596 Abiosdsk - ok
21:07:00.0171 0596 abp480n5 - ok
21:07:01.0031 0596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:07:01.0171 0596 ACPI - ok
21:07:01.0890 0596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:07:01.0890 0596 ACPIEC - ok
21:07:02.0562 0596 adpu160m - ok
21:07:03.0375 0596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:07:03.0390 0596 aec - ok
21:07:04.0218 0596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:07:04.0328 0596 AFD - ok
21:07:05.0031 0596 Aha154x - ok
21:07:05.0687 0596 aic78u2 - ok
21:07:06.0390 0596 aic78xx - ok
21:07:09.0046 0596 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:07:11.0000 0596 ALCXWDM - ok
21:07:11.0734 0596 AliIde - ok
21:07:12.0468 0596 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:07:12.0468 0596 AmdK8 - ok
21:07:13.0109 0596 amsint - ok
21:07:13.0875 0596 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:07:13.0937 0596 Arp1394 - ok
21:07:14.0625 0596 asc - ok
21:07:15.0281 0596 asc3350p - ok
21:07:15.0953 0596 asc3550 - ok
21:07:16.0703 0596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:07:16.0703 0596 AsyncMac - ok
21:07:18.0796 0596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:07:18.0812 0596 atapi - ok
21:07:19.0890 0596 Atdisk - ok
21:07:22.0015 0596 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:07:23.0140 0596 ati2mtag - ok
21:07:23.0890 0596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:07:23.0937 0596 Atmarpc - ok
21:07:24.0687 0596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:07:24.0703 0596 audstub - ok
21:07:25.0437 0596 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
21:07:25.0437 0596 bb-run - ok
21:07:26.0156 0596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:07:26.0156 0596 Beep - ok
21:07:26.0281 0596 catchme - ok
21:07:27.0093 0596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:07:27.0109 0596 cbidf2k - ok
21:07:27.0843 0596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:07:27.0859 0596 CCDECODE - ok
21:07:28.0546 0596 cd20xrnt - ok
21:07:29.0562 0596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:07:29.0578 0596 Cdaudio - ok
21:07:30.0750 0596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:07:30.0750 0596 Cdfs - ok
21:07:32.0375 0596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:07:32.0421 0596 Cdrom - ok
21:07:33.0421 0596 Changer - ok
21:07:34.0390 0596 CmdIde - ok
21:07:35.0343 0596 Cpqarray - ok
21:07:37.0156 0596 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
21:07:37.0156 0596 ctsfm2k - ok
21:07:38.0328 0596 dac2w2k - ok
21:07:39.0140 0596 dac960nt - ok
21:07:39.0937 0596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:07:39.0937 0596 Disk - ok
21:07:41.0593 0596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:07:42.0406 0596 dmboot - ok
21:07:43.0390 0596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:07:43.0515 0596 dmio - ok
21:07:44.0359 0596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:07:44.0359 0596 dmload - ok
21:07:45.0203 0596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:07:45.0250 0596 DMusic - ok
21:07:46.0031 0596 dpti2o - ok
21:07:46.0703 0596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:07:46.0703 0596 drmkaud - ok
21:07:46.0828 0596 esgiguard - ok
21:07:47.0843 0596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:07:47.0937 0596 Fastfat - ok
21:07:48.0718 0596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:07:48.0750 0596 Fdc - ok
21:07:49.0578 0596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:07:49.0578 0596 Fips - ok
21:07:50.0375 0596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:07:50.0390 0596 Flpydisk - ok
21:07:51.0281 0596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:07:51.0343 0596 FltMgr - ok
21:07:52.0187 0596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:07:52.0203 0596 Fs_Rec - ok
21:07:52.0984 0596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:07:53.0031 0596 Ftdisk - ok
21:07:53.0906 0596 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
21:07:54.0031 0596 ftsata2 - ok
21:07:54.0875 0596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:07:54.0890 0596 GEARAspiWDM - ok
21:07:55.0625 0596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:07:55.0656 0596 Gpc - ok
21:07:56.0421 0596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:07:56.0437 0596 HidUsb - ok
21:07:57.0109 0596 hpn - ok
21:07:58.0093 0596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:07:58.0093 0596 HTTP - ok
21:07:58.0765 0596 i2omgmt - ok
21:07:59.0421 0596 i2omp - ok
21:08:00.0187 0596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:08:00.0234 0596 i8042prt - ok
21:08:01.0656 0596 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:08:01.0671 0596 iaStor - ok
21:08:02.0453 0596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:08:02.0500 0596 Imapi - ok
21:08:03.0171 0596 ini910u - ok
21:08:03.0875 0596 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:08:03.0875 0596 IntelIde - ok
21:08:04.0734 0596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:08:04.0765 0596 intelppm - ok
21:08:05.0625 0596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:08:05.0625 0596 Ip6Fw - ok
21:08:06.0375 0596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:08:06.0406 0596 IpFilterDriver - ok
21:08:07.0125 0596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:08:07.0140 0596 IpInIp - ok
21:08:08.0015 0596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:08:08.0140 0596 IpNat - ok
21:08:08.0906 0596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:08:08.0906 0596 IPSec - ok
21:08:09.0593 0596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:08:09.0609 0596 IRENUM - ok
21:08:10.0328 0596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:08:10.0343 0596 isapnp - ok
21:08:11.0046 0596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:08:11.0046 0596 Kbdclass - ok
21:08:11.0734 0596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:08:11.0750 0596 kbdhid - ok
21:08:12.0609 0596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:08:12.0765 0596 kmixer - ok
21:08:13.0562 0596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:08:13.0578 0596 KSecDD - ok
21:08:14.0250 0596 lbrtfdc - ok
21:08:15.0000 0596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:08:15.0015 0596 mnmdd - ok
21:08:15.0750 0596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:08:15.0781 0596 Modem - ok
21:08:16.0515 0596 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:08:16.0531 0596 MODEMCSA - ok
21:08:17.0328 0596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:08:17.0343 0596 Mouclass - ok
21:08:18.0093 0596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:08:18.0109 0596 mouhid - ok
21:08:18.0828 0596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:08:18.0828 0596 MountMgr - ok
21:08:19.0484 0596 mraid35x - ok
21:08:20.0312 0596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:08:20.0328 0596 MRxDAV - ok
21:08:21.0406 0596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:08:21.0750 0596 MRxSmb - ok
21:08:22.0453 0596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:08:22.0453 0596 Msfs - ok
21:08:23.0203 0596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:08:23.0203 0596 MSKSSRV - ok
21:08:23.0921 0596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:08:23.0921 0596 MSPCLOCK - ok
21:08:24.0625 0596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:08:24.0640 0596 MSPQM - ok
21:08:25.0343 0596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:08:25.0359 0596 mssmbios - ok
21:08:26.0062 0596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:08:26.0062 0596 MSTEE - ok
21:08:26.0875 0596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:08:26.0906 0596 Mup - ok
21:08:27.0671 0596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:08:27.0750 0596 NABTSFEC - ok
21:08:28.0671 0596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:08:28.0671 0596 NDIS - ok
21:08:29.0359 0596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:08:29.0375 0596 NdisIP - ok
21:08:30.0093 0596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:08:30.0109 0596 NdisTapi - ok
21:08:30.0796 0596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:08:30.0812 0596 Ndisuio - ok
21:08:31.0593 0596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:08:31.0671 0596 NdisWan - ok
21:08:32.0421 0596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:08:32.0453 0596 NDProxy - ok
21:08:33.0234 0596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:08:33.0234 0596 NetBIOS - ok
21:08:34.0046 0596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:08:34.0187 0596 NetBT - ok
21:08:34.0953 0596 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:08:35.0015 0596 NIC1394 - ok
21:08:35.0718 0596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:08:35.0718 0596 Npfs - ok
21:08:36.0890 0596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:08:36.0890 0596 Ntfs - ok
21:08:37.0609 0596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:08:37.0625 0596 Null - ok
21:08:41.0531 0596 nv (34da533ef41bafa187a38a78146fbe49) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:08:44.0640 0596 nv - ok
21:08:45.0390 0596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:08:45.0406 0596 NwlnkFlt - ok
21:08:46.0109 0596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:08:46.0140 0596 NwlnkFwd - ok
21:08:46.0906 0596 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:08:46.0921 0596 ohci1394 - ok
21:08:47.0718 0596 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
21:08:47.0718 0596 ossrv - ok
21:08:49.0671 0596 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
21:08:50.0843 0596 P17 - ok
21:08:51.0609 0596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:08:51.0671 0596 Parport - ok
21:08:52.0421 0596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:08:52.0421 0596 PartMgr - ok
21:08:53.0140 0596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:08:53.0140 0596 ParVdm - ok
21:08:53.0937 0596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:08:53.0937 0596 PCI - ok
21:08:54.0593 0596 PCIDump - ok
21:08:55.0265 0596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:08:55.0265 0596 PCIIde - ok
21:08:56.0062 0596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:08:56.0171 0596 Pcmcia - ok
21:08:56.0843 0596 PDCOMP - ok
21:08:57.0500 0596 PDFRAME - ok
21:08:58.0171 0596 PDRELI - ok
21:08:58.0859 0596 PDRFRAME - ok
21:08:59.0531 0596 perc2 - ok
21:09:00.0203 0596 perc2hib - ok
21:09:01.0015 0596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:09:01.0046 0596 PptpMiniport - ok
21:09:01.0781 0596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:09:01.0796 0596 Processor - ok
21:09:02.0546 0596 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
21:09:02.0578 0596 Ps2 - ok
21:09:03.0312 0596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:09:03.0375 0596 PSched - ok
21:09:04.0109 0596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:09:04.0125 0596 Ptilink - ok
21:09:04.0875 0596 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:09:04.0875 0596 PxHelp20 - ok
21:09:05.0625 0596 ql1080 - ok
21:09:06.0281 0596 Ql10wnt - ok
21:09:06.0937 0596 ql12160 - ok
21:09:07.0593 0596 ql1240 - ok
21:09:08.0250 0596 ql1280 - ok
21:09:08.0984 0596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:09:09.0000 0596 RasAcd - ok
21:09:09.0718 0596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:09:09.0765 0596 Rasl2tp - ok
21:09:10.0468 0596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:09:10.0515 0596 RasPppoe - ok
21:09:11.0187 0596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:09:11.0203 0596 Raspti - ok
21:09:12.0031 0596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:09:12.0125 0596 Rdbss - ok
21:09:12.0796 0596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:09:12.0812 0596 RDPCDD - ok
21:09:13.0640 0596 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:09:13.0750 0596 RDPWD - ok
21:09:14.0609 0596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:09:14.0656 0596 redbook - ok
21:09:15.0453 0596 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:09:15.0546 0596 RTL8023xp - ok
21:09:16.0296 0596 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:09:16.0312 0596 rtl8139 - ok
21:09:17.0015 0596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:09:17.0046 0596 Secdrv - ok
21:09:17.0796 0596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:09:17.0843 0596 Serial - ok
21:09:18.0562 0596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:09:18.0578 0596 Sfloppy - ok
21:09:19.0281 0596 Simbad - ok
21:09:19.0984 0596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:09:20.0000 0596 SLIP - ok
21:09:20.0656 0596 smserial - ok
21:09:21.0312 0596 Sparrow - ok
21:09:22.0000 0596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:09:22.0015 0596 splitter - ok
21:09:22.0750 0596 SQTECH9052 (69b4ad63ab4e4329773efa33c69c1943) C:\WINDOWS\system32\Drivers\Capt9052.sys
21:09:22.0796 0596 SQTECH9052 - ok
21:09:23.0515 0596 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINDOWS\system32\Drivers\Capt905c.sys
21:09:23.0546 0596 SQTECH905C - ok
21:09:24.0343 0596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:09:24.0343 0596 sr - ok
21:09:25.0359 0596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:09:25.0609 0596 Srv - ok
21:09:26.0328 0596 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:09:26.0328 0596 StillCam - ok
21:09:27.0062 0596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:09:27.0078 0596 streamip - ok
21:09:27.0765 0596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:09:27.0765 0596 swenum - ok
21:09:28.0531 0596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:09:28.0578 0596 swmidi - ok
21:09:29.0312 0596 symc810 - ok
21:09:29.0968 0596 symc8xx - ok
21:09:30.0625 0596 sym_hi - ok
21:09:31.0359 0596 sym_u3 - ok
21:09:32.0125 0596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:09:32.0171 0596 sysaudio - ok
21:09:33.0218 0596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:09:33.0218 0596 Tcpip - ok
21:09:33.0953 0596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:09:33.0953 0596 TDPIPE - ok
21:09:34.0718 0596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:09:34.0750 0596 TDTCP - ok
21:09:35.0515 0596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:09:35.0546 0596 TermDD - ok
21:09:36.0218 0596 TosIde - ok
21:09:36.0953 0596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:09:37.0015 0596 Udfs - ok
21:09:37.0687 0596 ultra - ok
21:09:38.0734 0596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:09:39.0062 0596 Update - ok
21:09:39.0875 0596 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:09:39.0906 0596 USBAAPL - ok
21:09:40.0656 0596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:09:40.0687 0596 usbccgp - ok
21:09:41.0406 0596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:09:41.0421 0596 usbehci - ok
21:09:42.0156 0596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:09:42.0203 0596 usbhub - ok
21:09:42.0890 0596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:09:42.0906 0596 usbohci - ok
21:09:43.0625 0596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:09:43.0640 0596 usbprint - ok
21:09:44.0406 0596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:09:44.0421 0596 usbscan - ok
21:09:45.0140 0596 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:09:45.0156 0596 usbstor - ok
21:09:45.0875 0596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:09:45.0890 0596 usbuhci - ok
21:09:46.0609 0596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:09:46.0625 0596 VgaSave - ok
21:09:47.0312 0596 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:09:47.0312 0596 ViaIde - ok
21:09:48.0031 0596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:09:48.0031 0596 VolSnap - ok
21:09:48.0734 0596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:09:48.0765 0596 Wanarp - ok
21:09:49.0468 0596 WDICA - ok
21:09:50.0234 0596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:09:50.0296 0596 wdmaud - ok
21:09:51.0062 0596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:09:51.0078 0596 WS2IFSL - ok
21:09:51.0796 0596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:09:51.0812 0596 WSTCODEC - ok
21:09:52.0593 0596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:09:52.0656 0596 WudfPf - ok
21:09:53.0437 0596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:09:53.0515 0596 WudfRd - ok
21:09:53.0609 0596 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
21:09:53.0656 0596 \Device\Harddisk0\DR0 - ok
21:09:53.0671 0596 Boot (0x1200) (140c05c0ad02af0decf69695245e9513) \Device\Harddisk0\DR0\Partition0
21:09:53.0671 0596 \Device\Harddisk0\DR0\Partition0 - ok
21:09:53.0687 0596 Boot (0x1200) (ec2d21e0e3abe886d96949665fd70ef1) \Device\Harddisk0\DR0\Partition1
21:09:53.0687 0596 \Device\Harddisk0\DR0\Partition1 - ok
21:09:53.0687 0596 ============================================================
21:09:53.0687 0596 Scan finished
21:09:53.0687 0596 ============================================================
21:09:53.0703 0176 Detected object count: 0
21:09:53.0703 0176 Actual detected object count: 0
21:12:40.0328 1620 Deinitialize success

aswMBR :

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 09:53:22
-----------------------------
09:53:22.312 OS Version: Windows 5.1.2600 Service Pack 3
09:53:22.312 Number of processors: 1 586 0x2F02
09:53:22.312 ComputerName: BURNETT UserName:
09:53:27.265 Initialize success
09:54:37.359 AVAST engine defs: 12022502
09:54:49.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:54:49.062 Disk 0 Vendor: ST3160023AS 3.43 Size: 152627MB BusType: 3
09:54:49.093 Disk 0 MBR read successfully
09:54:49.093 Disk 0 MBR scan
09:54:49.234 Disk 0 unknown MBR code
09:54:49.234 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6667 MB offset 63
09:54:49.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145949 MB offset 13655250
09:54:49.296 Disk 0 scanning sectors +312560640
09:54:49.500 Disk 0 scanning C:\WINDOWS\system32\drivers
09:55:46.109 Service scanning
09:56:53.750 Modules scanning
09:57:33.093 Disk 0 trace - called modules:
09:57:33.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
09:57:33.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f4cab8]
09:57:33.609 3 CLASSPNP.SYS[f7530fd7] -> nt!IofCallDriver -> \Device\00000060[0x86f8c250]
09:57:33.609 5 ACPI.sys[f73a7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f4bd98]
09:57:37.859 AVAST engine scan C:\WINDOWS
09:57:58.109 AVAST engine scan C:\WINDOWS\system32
10:13:10.765 AVAST engine scan C:\WINDOWS\system32\drivers
10:14:07.796 AVAST engine scan C:\Documents and Settings\Compaq_Owner
10:40:31.625 AVAST engine scan C:\Documents and Settings\All Users
10:47:09.531 Scan finished successfully
10:53:27.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\Bleeping Computer\MBR.dat"
10:53:27.718 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\Bleeping Computer\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 26 February 2012 - 01:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

AtJob::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 26 February 2012 - 09:28 PM

combofix keeps stalling at the log creation part... not sure why?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 26 February 2012 - 09:44 PM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 February 2012 - 10:35 AM

ComboFix 12-02-25.02 - Administrator 02/27/2012 8:20.4.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.703 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-26 15:44 . 2012-02-26 15:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2012-02-22 02:16 . 2012-02-22 02:18 14664 ----a-w- c:\windows\stinger.sys
2012-02-22 02:15 . 2012-02-22 02:33 -------- d-----w- c:\program files\stinger
2012-02-15 10:05 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 10:05 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-05 20:38 . 2012-02-06 04:44 -------- d-----w- c:\program files\eMusic Download Manager
2012-01-29 23:20 . 2012-01-29 23:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-28 23:36 . 2012-01-29 02:49 -------- d-----w- C:\Courageous
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 01:46 . 2004-08-04 12:00 13824 ----a-w- c:\windows\system32\wscntfy.exe
2012-01-12 00:30 . 2012-01-12 00:30 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-12-19 08:53 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2012-01-19 01:04 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-16 13:16 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-12-10 21:24 . 2010-07-14 23:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 06:53 . 2012-02-27 13:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-25_23.31.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-26 15:44 . 2011-09-12 20:06 169590 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-10 7557120]
"nwiz"="nwiz.exe" [2006-03-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-10 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-10 180269]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [3/22/2010 3:54 PM 38656]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-02-23 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13]
.
2012-02-26 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13]
.
2012-02-23 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13]
.
2012-02-25 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25 22:13]
.
2012-02-26 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-02 20:53]
.
2012-02-27 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-11-02 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8pcrqo0.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Scooby-Doo™, Showdown in Ghost Town™ - c:\program files\The Learning Company\Scooby-Doo™
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 08:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-02-27 08:40:59
ComboFix-quarantined-files.txt 2012-02-27 14:40
.
Pre-Run: 72,165,814,272 bytes free
Post-Run: 72,145,125,376 bytes free
.
- - End Of File - - 5ECF1AF712F123D955C4249B32D90F55

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 27 February 2012 - 01:09 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 28 February 2012 - 08:40 AM

When I ran OTL, it started but then it froze at "scanning Firefox settings" for 2 hours before i terminated it...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:46 PM

Posted 28 February 2012 - 09:01 AM

Hello

was firefox open?

make sure it is closed and try in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 atomic1225

atomic1225
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 28 February 2012 - 01:40 PM

OTL logfile created on: 2/28/2012 12:18:24 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 793.63 Mb Available Physical Memory | 77.62% Memory free
2.41 Gb Paging File | 2.34 Gb Available in Paging File | 97.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.53 Gb Total Space | 67.19 Gb Free Space | 47.14% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.33% Space Free | Partition Type: FAT32
Drive J: | 383.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BURNETT | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found


========== Driver Services (SafeList) ==========

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SQTECH9052) -- C:\WINDOWS\system32\drivers\Capt9052.sys (Service & Quality Technology.)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/01/23 09:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/01/23 09:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/28 07:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 09:15:55 | 000,000,000 | ---D | M]

[2012/01/11 18:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/27 07:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/28 07:48:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/21 20:27:07 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/19 01:36:06 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/28 07:48:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/28 07:48:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/25 17:30:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2513367401-2949996391-2986643738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2E8FCC-8118-45E6-8E81-DC211EC273DF}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 23:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/07/31 13:15:00 | 000,827,392 | R--- | M] (Infogrames Interactive) - J:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/05/29 10:44:50 | 000,000,043 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 08:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/27 08:16:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/02/26 09:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HPQ
[2012/02/25 17:06:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/25 17:01:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/25 17:01:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/25 17:01:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/25 17:01:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/25 17:01:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/25 15:26:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/25 11:24:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/21 20:16:55 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/02/21 20:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/02/05 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMusic Download Manager
[2012/02/05 14:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 12:07:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 12:04:55 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/02/28 12:01:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/02/28 11:18:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2012/02/28 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/27 23:59:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/27 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/27 14:00:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/27 13:26:36 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/27 07:45:50 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/26 11:03:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/26 09:43:54 | 000,002,846 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk
[2012/02/25 17:30:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/21 20:18:07 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/02/20 20:08:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/18 10:41:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/18 08:55:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 08:54:32 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:36:01 | 000,446,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 03:36:01 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/01 22:05:26 | 386,684,927 | ---- | M] () -- C:\TRB-0N-NW1.1_DES.ISO
[2012/01/29 12:51:27 | 042,416,127 | ---- | M] () -- C:\COURAGEOUS.ISO
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 07:45:50 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/27 07:45:50 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/25 17:01:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/25 17:01:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/25 17:01:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/25 17:01:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/25 17:01:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/15 04:05:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 04:05:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/01 20:54:27 | 386,684,927 | ---- | C] () -- C:\TRB-0N-NW1.1_DES.ISO
[2012/01/21 08:34:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/01/21 08:34:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/12/30 13:06:33 | 000,015,070 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
[2011/10/30 22:57:00 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/06/06 07:55:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 14:44:53 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/08 15:05:01 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/17 16:08:40 | 000,000,067 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2010/10/07 17:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/09/20 20:12:55 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010/09/20 20:12:55 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/09/20 19:57:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2010/09/16 17:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/07/25 12:40:42 | 000,000,419 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/05/15 20:58:26 | 000,061,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/04 15:19:36 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2010/04/03 17:04:13 | 000,000,824 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/04/03 16:30:10 | 000,000,771 | ---- | C] () -- C:\WINDOWS\KA.INI
[2010/03/22 09:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/22 08:58:09 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wscntfy.exe:SummaryInformation

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users