Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdss file system


  • This topic is locked This topic is locked
19 replies to this topic

#1 Matt1010

Matt1010

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 12 May 2012 - 01:16 PM

Hi,

On this system I run TDSKiller every few months after get a rootkit about 2 years ago. I ran it and it detected a tdss file system a couple other files. I removed the problem but was then unable to start the a number of services including windows firewall / internet connection sharing would not start. I opted to format the system and then restore from an image 6 months ago which im pretty sure was before I was infected.

Im concerned however that the system may still be infected as I did copy a small amount of data off the system. DDS will not run fully after 3 attempts. It runs fine then stops 75% through. Then locks the entire system. I have avast disabled during this.

My GMER log is attached.

Thanks very much for your help

BC AdBot (Login to Remove)

 


#2 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 12 May 2012 - 01:18 PM

Forgot to attach the GMER log

Attached Files

  • Attached File  ark.txt   44.77KB   5 downloads


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 12 May 2012 - 11:57 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 13 May 2012 - 05:35 AM

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Internet Security
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.235
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast afwServ.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

OTL

OTL logfile created on: 13/05/2012 10:14:58 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Briony\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.10 Mb Total Physical Memory | 365.84 Mb Available Physical Memory | 40.92% Memory free
2.21 Gb Paging File | 1.73 Gb Available in Paging File | 78.20% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 26.40 Gb Free Space | 47.25% Space Free | Partition Type: FAT32

Computer Name: BRIONY-LAPTOP | User Name: Briony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Briony\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\3\3Connect\BecHelperService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12051300\algo.dll ()
MOD - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll ()
MOD - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avutil-51.dll ()
MOD - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll ()
MOD - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avformat-53.dll ()
MOD - C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_84509ad4\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3b98cbc6\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e14e1af6\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cd26e44b\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\3\3Connect\BecHelperService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
MOD - C:\Acer\Empowering Technology\eRecovery\it41.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\imagefile.dll ()
MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (BecHelperService) -- C:\Program Files\3\3Connect\BecHelperService.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (psdvdisk) -- C:\WINDOWS\system32\Drivers\psdvdisk.sys File not found
DRV - (psdfilter) -- C:\WINDOWS\system32\Drivers\psdfilter.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\5.tmp File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswNdis) -- C:\WINDOWS\system32\drivers\aswNdis.sys (ALWIL Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\SearchScopes,DefaultScope = {C58C1B6D-9F76-4FD4-B0F4-BA62990D09B4}
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\SearchScopes\{C58C1B6D-9F76-4FD4-B0F4-BA62990D09B4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1149479805-779591368-227883006-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/06/20 17:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/06/20 17:06:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/02 14:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/02 14:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/09 20:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 13:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:41:22 | 000,000,000 | ---D | M]

[2011/05/02 13:59:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Briony\Application Data\Mozilla\Extensions
[2012/04/25 21:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Briony\Application Data\Mozilla\Firefox\Profiles\x4w4m4m9.default\extensions
[2011/05/02 13:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/20 17:06:16 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2011/06/20 17:06:16 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2011/06/20 17:06:16 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2012/04/29 13:26:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/09 18:51:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/12 22:18:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/29 13:26:40 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2012/04/29 13:26:40 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/29 13:26:40 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/29 13:26:40 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/29 13:26:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Documents and Settings\Briony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/09 20:57:42 | 000,442,034 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15191 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1149479805-779591368-227883006-1005\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [LaunchApp] File not found
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1149479805-779591368-227883006-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304340308109 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F47698F2-E45F-459B-9722-7EAD2BB14265}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Briony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Briony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/22 17:11:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 10:12:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Briony\Desktop\OTL.exe
[2012/05/12 18:27:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Briony\Recent
[2012/05/10 19:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Briony\Start Menu\Programs\Google Chrome
[2012/05/09 17:38:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/04 08:08:14 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/05/04 08:07:38 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/05/04 08:07:38 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/05/04 08:07:32 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/05/04 08:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/29 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/29 13:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/24 21:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Briony\My Documents\Leading Empowered Partnerships
[2012/04/21 19:04:30 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2012/04/14 16:30:30 | 000,000,000 | -HSD | C] -- C:\FOUND.002

========== Files - Modified Within 30 Days ==========

[2012/05/13 10:12:34 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Briony\Desktop\OTL.exe
[2012/05/13 10:06:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/13 10:05:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 10:05:24 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/12 19:01:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/12 18:50:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 18:31:24 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/12 18:22:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 19:32:42 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\Briony\Desktop\Google Chrome.lnk
[2012/05/10 19:32:42 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\Briony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/10 19:28:10 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1149479805-779591368-227883006-1005Core.job
[2012/05/10 19:18:20 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 17:39:36 | 000,443,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 17:39:36 | 000,072,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/09 14:33:14 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Briony\Desktop\Shortcut to WIA Canon MP490 ser.lnk
[2012/05/09 13:24:24 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Briony\My Documents\spider.sav
[2012/05/09 12:35:10 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Briony\Desktop\Microsoft Office Word 2003.lnk
[2012/05/05 20:23:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/05 15:31:40 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 15:31:40 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/04 08:07:40 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/04 08:01:56 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk

========== Files Created - No Company Name ==========

[2012/05/10 19:32:40 | 000,002,201 | ---- | C] () -- C:\Documents and Settings\Briony\Desktop\Google Chrome.lnk
[2012/05/10 19:32:40 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\Briony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/10 19:23:28 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1149479805-779591368-227883006-1005Core.job
[2012/05/09 14:33:12 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Briony\Desktop\Shortcut to WIA Canon MP490 ser.lnk
[2012/05/09 13:24:22 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Briony\My Documents\spider.sav
[2012/05/04 08:01:54 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/09 18:42:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/07 19:58:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/06/18 17:54:42 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Briony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 23:06:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 17:44:13 | 000,042,584 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/06 15:48:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2011/05/02 21:11:14 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/02 14:37:27 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/05/02 14:37:26 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/05/02 13:59:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/02 08:46:42 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2011/05/02 08:22:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Briony\Local Settings\Application Data\fusioncache.dat
[2011/05/02 02:10:15 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/05/02 02:10:14 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/05/02 02:10:14 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/05/02 02:10:14 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/05/02 02:10:14 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/05/02 02:07:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/02 00:14:54 | 001,154,584 | ---- | C] () -- C:\WINDOWS\YTB.EXE
[2011/05/02 00:14:54 | 000,633,446 | ---- | C] () -- C:\WINDOWS\GVista.exe
[2011/05/02 00:14:54 | 000,261,627 | ---- | C] () -- C:\WINDOWS\EMEAWG.EXE
[2011/05/02 00:14:50 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 13 May 2012 - 11:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 May 2012 - 03:16 PM

Hi again,

Tried to run Combofix 3 times and it jams the computer. It works fine up until the point it says scanning should take 10 mins. I left it an hour and it jammed. For my 3rd attempt I deleted AVAST and it made no difference. I also switched to my other xp user account as well.

DO you think the rootkit is still active from the information from the logs?

Thanks for your help,

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 15 May 2012 - 05:43 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 15 May 2012 - 02:18 PM

Thanks -Combofix Log



ComboFix 12-05-15.04 - Briony 15/05/2012 20:00:15.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.577 [GMT 1:00]
Running from: c:\documents and settings\Other User\Desktop\ComboFix.exe
Command switches used :: /nombr
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\program files\3
c:\program files\3\3Connect\3ConnectHelp.chm
c:\program files\3\3Connect\AceDB.encrypt
c:\program files\3\3Connect\AutoRun.dat
c:\program files\3\3Connect\BEC_Reset.exe
c:\program files\3\3Connect\BecHelperService.exe
c:\program files\3\3Connect\birdstepdns.cmd
c:\program files\3\3Connect\birdstepip.cmd
c:\program files\3\3Connect\birdstepping.cmd
c:\program files\3\3Connect\birdsteppingv2.cmd
c:\program files\3\3Connect\BlackListedDev.cfg
c:\program files\3\3Connect\BlacklistedProcesses.xml
c:\program files\3\3Connect\browsing1.html
c:\program files\3\3Connect\cable_image.gif
c:\program files\3\3Connect\capicom.dll
c:\program files\3\3Connect\checkdata_online.html
c:\program files\3\3Connect\CiscoApiWrapper.dll
c:\program files\3\3Connect\Config.encrypt
c:\program files\3\3Connect\Config.xml
c:\program files\3\3Connect\Config_23420.encrypt
c:\program files\3\3Connect\Config_23420.xml
c:\program files\3\3Connect\Config_27205.encrypt
c:\program files\3\3Connect\Config_27205.xml
c:\program files\3\3Connect\Config_Default.encrypt
c:\program files\3\3Connect\Config_Default.xml
c:\program files\3\3Connect\ConfigAup.encrypt
c:\program files\3\3Connect\ConfigAup.xml
c:\program files\3\3Connect\connecting1.html
c:\program files\3\3Connect\Content.css2
c:\program files\3\3Connect\Convert.xsl
c:\program files\3\3Connect\datausageguide1.html
c:\program files\3\3Connect\DeviceInstaller.exe
c:\program files\3\3Connect\Devices.xml
c:\program files\3\3Connect\Dialog.cfg
c:\program files\3\3Connect\ejectdisk.exe
c:\program files\3\3Connect\ElevatedShell.exe
c:\program files\3\3Connect\endpoint.css
c:\program files\3\3Connect\endpoint2.css
c:\program files\3\3Connect\ExeAddOns\rmreg.exe
c:\program files\3\3Connect\Flash.ocx
c:\program files\3\3Connect\homepage1.html
c:\program files\3\3Connect\HuaweiE220.dll
c:\program files\3\3Connect\ImportConfiguration.exe
c:\program files\3\3Connect\improve.htm
c:\program files\3\3Connect\incompatiblesoft.htm
c:\program files\3\3Connect\InstallHelpers.dll
c:\program files\3\3Connect\installservice.exe
c:\program files\3\3Connect\Killautorun.exe
c:\program files\3\3Connect\LanDevice.dll
c:\program files\3\3Connect\lastbill.htm
c:\program files\3\3Connect\live.css
c:\program files\3\3Connect\Logger.dll
c:\program files\3\3Connect\Mbb_abroad.htm
c:\program files\3\3Connect\mfc80u.dll
c:\program files\3\3Connect\Microsoft.VC80.CRT.manifest
c:\program files\3\3Connect\Microsoft.VC80.MFC.manifest
c:\program files\3\3Connect\modemcust.cfg
c:\program files\3\3Connect\modeminfo.cfg
c:\program files\3\3Connect\Modems\ZTE_MF627_LEGACY_DRIVER_1.2059.0.4.exe
c:\program files\3\3Connect\msvcp80.dll
c:\program files\3\3Connect\msvcr80.dll
c:\program files\3\3Connect\NetworkCodes.cfg
c:\program files\3\3Connect\OperatorList.xml
c:\program files\3\3Connect\OptGlobetrotterGTMax72.dll
c:\program files\3\3Connect\PatchInfo.ini
c:\program files\3\3Connect\ping1.html
c:\program files\3\3Connect\pingtest.JPG
c:\program files\3\3Connect\proxy.JPG
c:\program files\3\3Connect\Res.dll
c:\program files\3\3Connect\Roaming\RoamingPrice_23420.ini
c:\program files\3\3Connect\Skins\FlashSkin\gui.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\config.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\tretab.swf
c:\program files\3\3Connect\Skins\FlexSkin\gui.swf
c:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
c:\program files\3\3Connect\Skins\FlexSkin\state.xml
c:\program files\3\3Connect\Sms.xml
c:\program files\3\3Connect\SmsApp2.dll
c:\program files\3\3Connect\SocketMgr.dll
c:\program files\3\3Connect\SoftOpt.encrypt
c:\program files\3\3Connect\speed.htm
c:\program files\3\3Connect\startup.exe
c:\program files\3\3Connect\status.htm
c:\program files\3\3Connect\Strings.txt
c:\program files\3\3Connect\SysConfig.dat
c:\program files\3\3Connect\SystemInfo.txt
c:\program files\3\3Connect\topup.html
c:\program files\3\3Connect\Update\ConfigAup.encrypt
c:\program files\3\3Connect\Update\ConfigAup.xml
c:\program files\3\3Connect\UserGuide.chm
c:\program files\3\3Connect\Version.encrypt
c:\program files\3\3Connect\WelcomeApp.exe
c:\program files\3\3Connect\WelcomeApp.ini
c:\program files\3\3Connect\Wilog.exe
c:\program files\3\3Connect\wilogapp.exe
c:\program files\3\3Connect\WWanDevice.dll
c:\program files\3\3Connect\ZTE620.dll
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BecHelperService
-------\Legacy_BecHelperService
-------\Service_BecHelperService
-------\Service_BecHelperService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-14 21:59 . 2012-05-14 21:59 -------- d-----w- c:\program files\iPod
2012-05-14 21:59 . 2012-05-14 21:59 -------- d-----w- c:\program files\iTunes
2012-05-14 21:57 . 2012-05-14 21:57 -------- d-----w- c:\program files\Apple Software Update
2012-05-14 21:57 . 2012-05-14 21:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-14 21:56 . 2012-05-14 21:56 -------- d-----w- c:\program files\Bonjour
2012-05-14 20:26 . 2012-05-14 20:26 -------- d-----w- C:\FOUND.006
2012-05-14 18:48 . 2012-05-14 18:48 -------- d-----w- c:\documents and settings\Other User
2012-05-14 18:44 . 2012-05-14 18:44 -------- d-----w- C:\FOUND.005
2012-05-13 18:42 . 2012-05-13 18:42 -------- d-----w- C:\FOUND.004
2012-04-29 12:26 . 2012-04-29 12:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-29 12:26 . 2012-04-29 12:26 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-29 12:26 . 2012-04-29 12:26 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 18:04 . 2012-04-21 18:04 -------- d-----w- C:\FOUND.003
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:31 . 2012-04-12 21:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:31 . 2011-06-01 19:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2004-08-10 19:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2005-09-28 16:04 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2005-09-28 15:35 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-09 17:51 . 2012-04-09 17:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-09 17:51 . 2011-05-02 11:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56 . 2011-05-02 01:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-01-09 10:02 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 19:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 19:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 19:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 19:00 385024 ------w- c:\windows\system32\html.iec
2012-04-29 12:26 . 2012-04-12 21:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ehTray"=c:\windows\ehome\ehtray.exe
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"dvd43"=c:\program files\dvd43\dvd43_tray.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [02/05/2011 14:37 13496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2011 17:31 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/04/2012 22:15 257696]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [02/05/2011 02:10 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [02/05/2011 02:10 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2011 17:31 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/09/2009 15:55 7680]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29/04/2012 13:26 129976]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 16:31]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 16:31]
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 14:31]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149479805-779591368-227883006-1005Core.job
- c:\documents and settings\Briony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-10 18:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Briony\Application Data\Mozilla\Firefox\Profiles\x4w4m4m9.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LaunchApp - (no file)
AddRemove-Acer English Online Help Creator - c:\program files\Acer Inc.\Acer English Online Help Creator\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 20:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-05-15 20:10:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 19:10
.
Pre-Run: 27,795,030,016 bytes free
Post-Run: 27,680,210,944 bytes free
.
- - End Of File - - 3CCBB2EC1F39559CE7D233FB61A11AEF

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 15 May 2012 - 09:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 16 May 2012 - 02:13 AM

07:47:09.0343 3516 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
07:47:09.0515 3516 ============================================================
07:47:09.0515 3516 Current date / time: 2012/05/16 07:47:09.0515
07:47:09.0515 3516 SystemInfo:
07:47:09.0515 3516
07:47:09.0515 3516 OS Version: 5.1.2600 ServicePack: 3.0
07:47:09.0515 3516 Product type: Workstation
07:47:09.0515 3516 ComputerName: BRIONY-LAPTOP
07:47:09.0515 3516 UserName: Briony
07:47:09.0515 3516 Windows directory: C:\WINDOWS
07:47:09.0515 3516 System windows directory: C:\WINDOWS
07:47:09.0515 3516 Processor architecture: Intel x86
07:47:09.0515 3516 Number of processors: 1
07:47:09.0515 3516 Page size: 0x1000
07:47:09.0515 3516 Boot type: Normal boot
07:47:09.0515 3516 ============================================================
07:47:10.0765 3516 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:47:10.0765 3516 ============================================================
07:47:10.0765 3516 \Device\Harddisk0\DR0:
07:47:10.0765 3516 MBR partitions:
07:47:10.0765 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x6FC7C41
07:47:10.0765 3516 ============================================================
07:47:11.0093 3516 C: <-> \Device\Harddisk0\DR0\Partition0
07:47:11.0093 3516 ============================================================
07:47:11.0093 3516 Initialize success
07:47:11.0093 3516 ============================================================
07:47:27.0156 2532 ============================================================
07:47:27.0156 2532 Scan started
07:47:27.0156 2532 Mode: Manual; SigCheck; TDLFS;
07:47:27.0156 2532 ============================================================
07:47:27.0406 2532 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:47:27.0562 2532 !SASCORE - ok
07:47:27.0656 2532 Abiosdsk - ok
07:47:27.0718 2532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:47:29.0750 2532 abp480n5 - ok
07:47:29.0765 2532 AcerMemUsageCheckService - ok
07:47:29.0812 2532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:47:30.0031 2532 ACPI - ok
07:47:30.0125 2532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:47:30.0296 2532 ACPIEC - ok
07:47:30.0390 2532 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:47:30.0406 2532 AdobeFlashPlayerUpdateSvc - ok
07:47:30.0468 2532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:47:30.0671 2532 adpu160m - ok
07:47:30.0718 2532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:47:30.0875 2532 aec - ok
07:47:30.0937 2532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:47:31.0000 2532 AFD - ok
07:47:31.0031 2532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:47:31.0187 2532 agp440 - ok
07:47:31.0203 2532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:47:31.0343 2532 agpCPQ - ok
07:47:31.0421 2532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:47:31.0500 2532 Aha154x - ok
07:47:31.0531 2532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:47:31.0718 2532 aic78u2 - ok
07:47:31.0734 2532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:47:31.0906 2532 aic78xx - ok
07:47:31.0984 2532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:47:32.0140 2532 Alerter - ok
07:47:32.0171 2532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:47:32.0343 2532 ALG - ok
07:47:32.0421 2532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:47:32.0578 2532 AliIde - ok
07:47:32.0609 2532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:47:32.0765 2532 alim1541 - ok
07:47:32.0765 2532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:47:32.0921 2532 amdagp - ok
07:47:33.0000 2532 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
07:47:33.0062 2532 AmdK8 - ok
07:47:33.0093 2532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:47:33.0203 2532 amsint - ok
07:47:33.0296 2532 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:47:33.0312 2532 Apple Mobile Device - ok
07:47:33.0359 2532 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:47:33.0500 2532 AppMgmt - ok
07:47:33.0546 2532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:47:33.0734 2532 asc - ok
07:47:33.0750 2532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:47:33.0875 2532 asc3350p - ok
07:47:33.0906 2532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:47:34.0078 2532 asc3550 - ok
07:47:34.0171 2532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:47:34.0187 2532 aspnet_state - ok
07:47:34.0218 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:47:34.0375 2532 AsyncMac - ok
07:47:34.0406 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:47:34.0562 2532 atapi - ok
07:47:34.0609 2532 Atdisk - ok
07:47:34.0734 2532 Ati HotKey Poller (6bdce382bb72ab6990d57f288ac640be) C:\WINDOWS\system32\Ati2evxx.exe
07:47:34.0828 2532 Ati HotKey Poller - ok
07:47:34.0953 2532 ati2mtag (e609b308910f7a495d323ab13d011a70) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:47:35.0078 2532 ati2mtag - ok
07:47:35.0156 2532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:47:35.0312 2532 Atmarpc - ok
07:47:35.0468 2532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:47:35.0625 2532 AudioSrv - ok
07:47:35.0703 2532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:47:35.0890 2532 audstub - ok
07:47:35.0953 2532 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:47:36.0031 2532 BCM43XX - ok
07:47:36.0046 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:47:36.0250 2532 Beep - ok
07:47:36.0375 2532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:47:36.0531 2532 BITS - ok
07:47:36.0671 2532 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:47:36.0687 2532 Bonjour Service - ok
07:47:36.0765 2532 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:47:36.0921 2532 Browser - ok
07:47:37.0015 2532 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
07:47:37.0171 2532 BthEnum - ok
07:47:37.0203 2532 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
07:47:37.0328 2532 BthPan - ok
07:47:37.0406 2532 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
07:47:37.0437 2532 BTHPORT - ok
07:47:37.0515 2532 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
07:47:37.0656 2532 BthServ - ok
07:47:37.0687 2532 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
07:47:37.0859 2532 BTHUSB - ok
07:47:37.0953 2532 catchme - ok
07:47:37.0984 2532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:47:38.0140 2532 cbidf - ok
07:47:38.0140 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:47:38.0328 2532 cbidf2k - ok
07:47:38.0390 2532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:47:38.0484 2532 cd20xrnt - ok
07:47:38.0515 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:47:38.0703 2532 Cdaudio - ok
07:47:38.0796 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:47:38.0953 2532 Cdfs - ok
07:47:38.0968 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:47:39.0125 2532 Cdrom - ok
07:47:39.0140 2532 Changer - ok
07:47:39.0218 2532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:47:39.0375 2532 CiSvc - ok
07:47:39.0484 2532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:47:39.0640 2532 ClipSrv - ok
07:47:39.0750 2532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:47:39.0750 2532 clr_optimization_v2.0.50727_32 - ok
07:47:39.0781 2532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:47:39.0937 2532 CmBatt - ok
07:47:39.0984 2532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:47:40.0171 2532 CmdIde - ok
07:47:40.0187 2532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:47:40.0343 2532 Compbatt - ok
07:47:40.0406 2532 COMSysApp - ok
07:47:40.0437 2532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:47:40.0640 2532 Cpqarray - ok
07:47:40.0734 2532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:47:40.0875 2532 CryptSvc - ok
07:47:41.0000 2532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:47:41.0187 2532 dac2w2k - ok
07:47:41.0281 2532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:47:41.0437 2532 dac960nt - ok
07:47:41.0531 2532 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:47:41.0609 2532 DcomLaunch - ok
07:47:41.0703 2532 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:47:41.0859 2532 Dhcp - ok
07:47:41.0875 2532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:47:42.0031 2532 Disk - ok
07:47:42.0078 2532 dmadmin - ok
07:47:42.0218 2532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:47:42.0390 2532 dmboot - ok
07:47:42.0484 2532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:47:42.0625 2532 dmio - ok
07:47:42.0671 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:47:42.0875 2532 dmload - ok
07:47:43.0000 2532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:47:43.0156 2532 dmserver - ok
07:47:43.0156 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:47:43.0312 2532 DMusic - ok
07:47:43.0390 2532 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:47:43.0453 2532 Dnscache - ok
07:47:43.0562 2532 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:47:43.0703 2532 Dot3svc - ok
07:47:43.0812 2532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:47:43.0984 2532 dpti2o - ok
07:47:44.0062 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:47:44.0203 2532 drmkaud - ok
07:47:44.0281 2532 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
07:47:44.0296 2532 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
07:47:44.0296 2532 dvd43llh - detected UnsignedFile.Multi.Generic (1)
07:47:44.0343 2532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:47:44.0500 2532 EapHost - ok
07:47:44.0640 2532 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe
07:47:44.0687 2532 ehRecvr - ok
07:47:44.0734 2532 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
07:47:44.0796 2532 ehSched - ok
07:47:44.0843 2532 EMSCR (12133fd03d4b34cfafffa9a19c953812) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
07:47:44.0859 2532 EMSCR - ok
07:47:44.0953 2532 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
07:47:45.0000 2532 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
07:47:45.0000 2532 epmntdrv - detected UnsignedFile.Multi.Generic (1)
07:47:45.0078 2532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:47:45.0218 2532 ERSvc - ok
07:47:45.0265 2532 ESDCR (9f0fa60836e1d1148cc0c1b6e67aa6f7) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
07:47:45.0296 2532 ESDCR - ok
07:47:45.0328 2532 ESMCR (d9da881be71b74b328471ccf28b5f0a9) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
07:47:45.0390 2532 ESMCR - ok
07:47:45.0468 2532 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
07:47:45.0484 2532 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
07:47:45.0484 2532 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
07:47:45.0562 2532 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:47:45.0625 2532 Eventlog - ok
07:47:45.0718 2532 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:47:45.0734 2532 EventSystem - ok
07:47:45.0765 2532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:47:45.0921 2532 Fastfat - ok
07:47:45.0984 2532 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:47:46.0031 2532 FastUserSwitchingCompatibility - ok
07:47:46.0062 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:47:46.0203 2532 Fdc - ok
07:47:46.0234 2532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:47:46.0390 2532 Fips - ok
07:47:46.0406 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:47:46.0593 2532 Flpydisk - ok
07:47:46.0703 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:47:46.0828 2532 FltMgr - ok
07:47:46.0937 2532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:47:46.0953 2532 FontCache3.0.0.0 - ok
07:47:46.0984 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:47:47.0171 2532 Fs_Rec - ok
07:47:47.0218 2532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:47:47.0406 2532 Ftdisk - ok
07:47:47.0468 2532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:47:47.0484 2532 GEARAspiWDM - ok
07:47:47.0515 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:47:47.0656 2532 Gpc - ok
07:47:47.0750 2532 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:47:47.0765 2532 gupdate - ok
07:47:47.0765 2532 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:47:47.0781 2532 gupdatem - ok
07:47:47.0828 2532 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:47:47.0843 2532 gusvc - ok
07:47:47.0890 2532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:47:48.0046 2532 HDAudBus - ok
07:47:48.0125 2532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:47:48.0281 2532 helpsvc - ok
07:47:48.0406 2532 HidServ - ok
07:47:48.0453 2532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:47:48.0593 2532 HidUsb - ok
07:47:48.0734 2532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:47:48.0890 2532 hkmsvc - ok
07:47:48.0984 2532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:47:49.0156 2532 hpn - ok
07:47:49.0296 2532 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:47:49.0343 2532 HSFHWAZL - ok
07:47:49.0437 2532 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:47:49.0484 2532 HSF_DPV - ok
07:47:49.0515 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:47:49.0562 2532 HTTP - ok
07:47:49.0656 2532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:47:49.0796 2532 HTTPFilter - ok
07:47:49.0890 2532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:47:50.0015 2532 i2omgmt - ok
07:47:50.0031 2532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:47:50.0187 2532 i2omp - ok
07:47:50.0203 2532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:47:50.0390 2532 i8042prt - ok
07:47:50.0546 2532 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
07:47:50.0578 2532 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:47:50.0578 2532 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:47:50.0703 2532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:47:50.0750 2532 idsvc - ok
07:47:50.0796 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:47:50.0937 2532 Imapi - ok
07:47:51.0078 2532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:47:51.0218 2532 ImapiService - ok
07:47:51.0281 2532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:47:51.0468 2532 ini910u - ok
07:47:51.0703 2532 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:47:51.0921 2532 IntcAzAudAddService - ok
07:47:52.0046 2532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:47:52.0203 2532 IntelIde - ok
07:47:52.0250 2532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:47:52.0390 2532 Ip6Fw - ok
07:47:52.0468 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:47:52.0656 2532 IpFilterDriver - ok
07:47:52.0656 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:47:52.0796 2532 IpInIp - ok
07:47:52.0843 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:47:52.0984 2532 IpNat - ok
07:47:53.0171 2532 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
07:47:53.0218 2532 iPod Service - ok
07:47:53.0234 2532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:47:53.0375 2532 IPSec - ok
07:47:53.0390 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:47:53.0578 2532 IRENUM - ok
07:47:53.0640 2532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:47:53.0781 2532 isapnp - ok
07:47:53.0906 2532 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
07:47:53.0921 2532 JavaQuickStarterService - ok
07:47:53.0953 2532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:47:54.0093 2532 Kbdclass - ok
07:47:54.0125 2532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:47:54.0265 2532 kmixer - ok
07:47:54.0375 2532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:47:54.0406 2532 KSecDD - ok
07:47:54.0484 2532 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:47:54.0562 2532 lanmanserver - ok
07:47:54.0625 2532 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:47:54.0656 2532 lanmanworkstation - ok
07:47:54.0671 2532 lbrtfdc - ok
07:47:54.0765 2532 LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:47:54.0781 2532 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:47:54.0781 2532 LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:47:54.0906 2532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:47:55.0062 2532 LmHosts - ok
07:47:55.0140 2532 massfilter (59f57b06d1e3c7a3f22d62c7c5b4c3c3) C:\WINDOWS\system32\drivers\massfilter.sys
07:47:55.0203 2532 massfilter - ok
07:47:55.0265 2532 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
07:47:55.0328 2532 McrdSvc - ok
07:47:55.0375 2532 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:47:55.0375 2532 mdmxsdk - ok
07:47:55.0406 2532 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
07:47:55.0437 2532 mdvrmng ( UnsignedFile.Multi.Generic ) - warning
07:47:55.0437 2532 mdvrmng - detected UnsignedFile.Multi.Generic (1)
07:47:55.0484 2532 MEMSWEEP2 - ok
07:47:55.0562 2532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:47:55.0703 2532 Messenger - ok
07:47:55.0796 2532 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
07:47:55.0812 2532 MHN ( UnsignedFile.Multi.Generic ) - warning
07:47:55.0812 2532 MHN - detected UnsignedFile.Multi.Generic (1)
07:47:55.0843 2532 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:47:55.0859 2532 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
07:47:55.0859 2532 MHNDRV - detected UnsignedFile.Multi.Generic (1)
07:47:55.0906 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:47:56.0109 2532 mnmdd - ok
07:47:56.0171 2532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:47:56.0343 2532 mnmsrvc - ok
07:47:56.0375 2532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:47:56.0515 2532 Modem - ok
07:47:56.0531 2532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:47:56.0671 2532 Mouclass - ok
07:47:56.0734 2532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:47:56.0937 2532 mouhid - ok
07:47:56.0968 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:47:57.0125 2532 MountMgr - ok
07:47:57.0171 2532 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:47:57.0187 2532 MozillaMaintenance - ok
07:47:57.0218 2532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:47:57.0406 2532 mraid35x - ok
07:47:57.0437 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:47:57.0593 2532 MRxDAV - ok
07:47:57.0671 2532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:47:57.0765 2532 MRxSmb - ok
07:47:57.0843 2532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:47:58.0000 2532 MSDTC - ok
07:47:58.0031 2532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:47:58.0187 2532 Msfs - ok
07:47:58.0234 2532 MSIServer - ok
07:47:58.0250 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:47:58.0390 2532 MSKSSRV - ok
07:47:58.0406 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:47:58.0562 2532 MSPCLOCK - ok
07:47:58.0593 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:47:58.0734 2532 MSPQM - ok
07:47:58.0781 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:47:58.0906 2532 mssmbios - ok
07:47:58.0953 2532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:47:59.0015 2532 Mup - ok
07:47:59.0093 2532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:47:59.0265 2532 napagent - ok
07:47:59.0343 2532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:47:59.0484 2532 NDIS - ok
07:47:59.0531 2532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:47:59.0593 2532 NdisTapi - ok
07:47:59.0609 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:47:59.0750 2532 Ndisuio - ok
07:47:59.0843 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:47:59.0984 2532 NdisWan - ok
07:48:00.0031 2532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:48:00.0062 2532 NDProxy - ok
07:48:00.0078 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:48:00.0218 2532 NetBIOS - ok
07:48:00.0250 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:48:00.0406 2532 NetBT - ok
07:48:00.0562 2532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:48:00.0703 2532 NetDDE - ok
07:48:00.0703 2532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:48:00.0843 2532 NetDDEdsdm - ok
07:48:00.0890 2532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:48:01.0031 2532 Netlogon - ok
07:48:01.0140 2532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:48:01.0296 2532 Netman - ok
07:48:01.0437 2532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:48:01.0437 2532 NetTcpPortSharing - ok
07:48:01.0515 2532 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:48:01.0546 2532 Nla - ok
07:48:01.0578 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:48:01.0734 2532 Npfs - ok
07:48:01.0859 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:48:02.0015 2532 Ntfs - ok
07:48:02.0062 2532 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
07:48:02.0062 2532 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
07:48:02.0062 2532 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
07:48:02.0093 2532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:48:02.0234 2532 NtLmSsp - ok
07:48:02.0343 2532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:48:02.0484 2532 NtmsSvc - ok
07:48:02.0531 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:48:02.0734 2532 Null - ok
07:48:02.0828 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:48:03.0015 2532 NwlnkFlt - ok
07:48:03.0046 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:48:03.0234 2532 NwlnkFwd - ok
07:48:03.0390 2532 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:48:03.0406 2532 ose - ok
07:48:03.0437 2532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:48:03.0578 2532 Parport - ok
07:48:03.0593 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:48:03.0734 2532 PartMgr - ok
07:48:03.0828 2532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:48:04.0031 2532 ParVdm - ok
07:48:04.0046 2532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:48:04.0171 2532 PCI - ok
07:48:04.0187 2532 PCIDump - ok
07:48:04.0234 2532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:48:04.0421 2532 PCIIde - ok
07:48:04.0515 2532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:48:04.0656 2532 Pcmcia - ok
07:48:04.0671 2532 PDCOMP - ok
07:48:04.0703 2532 PDFRAME - ok
07:48:04.0718 2532 PDRELI - ok
07:48:04.0734 2532 PDRFRAME - ok
07:48:04.0796 2532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:48:04.0984 2532 perc2 - ok
07:48:05.0031 2532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:48:05.0218 2532 perc2hib - ok
07:48:05.0343 2532 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:48:05.0406 2532 PlugPlay - ok
07:48:05.0437 2532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:48:05.0562 2532 PolicyAgent - ok
07:48:05.0609 2532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:48:05.0750 2532 PptpMiniport - ok
07:48:05.0812 2532 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:48:05.0953 2532 Processor - ok
07:48:05.0984 2532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:48:06.0125 2532 ProtectedStorage - ok
07:48:06.0140 2532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:48:06.0281 2532 PSched - ok
07:48:06.0296 2532 psdfilter - ok
07:48:06.0312 2532 psdvdisk - ok
07:48:06.0343 2532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:48:06.0546 2532 Ptilink - ok
07:48:06.0656 2532 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:48:06.0656 2532 PxHelp20 - ok
07:48:06.0703 2532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:48:06.0890 2532 ql1080 - ok
07:48:06.0937 2532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:48:07.0125 2532 Ql10wnt - ok
07:48:07.0218 2532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:48:07.0406 2532 ql12160 - ok
07:48:07.0437 2532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:48:07.0609 2532 ql1240 - ok
07:48:07.0625 2532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:48:07.0828 2532 ql1280 - ok
07:48:07.0921 2532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:48:08.0093 2532 RasAcd - ok
07:48:08.0218 2532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:48:08.0375 2532 RasAuto - ok
07:48:08.0390 2532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:48:08.0531 2532 Rasl2tp - ok
07:48:08.0625 2532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:48:08.0765 2532 RasMan - ok
07:48:08.0796 2532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:48:08.0984 2532 RasPppoe - ok
07:48:09.0015 2532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:48:09.0187 2532 Raspti - ok
07:48:09.0218 2532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:48:09.0375 2532 Rdbss - ok
07:48:09.0406 2532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:48:09.0578 2532 RDPCDD - ok
07:48:09.0625 2532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:48:09.0781 2532 rdpdr - ok
07:48:09.0843 2532 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:48:09.0890 2532 RDPWD - ok
07:48:09.0984 2532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:48:10.0109 2532 RDSessMgr - ok
07:48:10.0203 2532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:48:10.0343 2532 redbook - ok
07:48:10.0437 2532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:48:10.0578 2532 RemoteAccess - ok
07:48:10.0625 2532 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:48:10.0765 2532 RemoteRegistry - ok
07:48:10.0828 2532 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
07:48:10.0968 2532 RFCOMM - ok
07:48:11.0109 2532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:48:11.0250 2532 RpcLocator - ok
07:48:11.0328 2532 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
07:48:11.0421 2532 RpcSs - ok
07:48:11.0484 2532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:48:11.0671 2532 RSVP - ok
07:48:11.0718 2532 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
07:48:11.0765 2532 RTL8023xp - ok
07:48:11.0843 2532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:48:11.0984 2532 SamSs - ok
07:48:12.0078 2532 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:48:12.0078 2532 SASDIFSV - ok
07:48:12.0093 2532 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:48:12.0109 2532 SASKUTIL - ok
07:48:12.0187 2532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:48:12.0328 2532 SCardSvr - ok
07:48:12.0406 2532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:48:12.0562 2532 Schedule - ok
07:48:12.0593 2532 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:48:12.0750 2532 sdbus - ok
07:48:12.0765 2532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:48:12.0906 2532 Secdrv - ok
07:48:13.0000 2532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:48:13.0156 2532 seclogon - ok
07:48:13.0187 2532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:48:13.0343 2532 SENS - ok
07:48:13.0406 2532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
07:48:13.0546 2532 Serial - ok
07:48:13.0593 2532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:48:13.0750 2532 Sfloppy - ok
07:48:13.0796 2532 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:48:13.0968 2532 SharedAccess - ok
07:48:14.0000 2532 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:48:14.0015 2532 ShellHWDetection - ok
07:48:14.0031 2532 Simbad - ok
07:48:14.0062 2532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:48:14.0203 2532 sisagp - ok
07:48:14.0328 2532 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
07:48:14.0328 2532 SmartDefragDriver - ok
07:48:14.0390 2532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:48:14.0484 2532 Sparrow - ok
07:48:14.0515 2532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:48:14.0656 2532 splitter - ok
07:48:14.0734 2532 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:48:14.0781 2532 Spooler - ok
07:48:14.0796 2532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:48:14.0953 2532 sr - ok
07:48:15.0062 2532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:48:15.0218 2532 srservice - ok
07:48:15.0328 2532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:48:15.0390 2532 Srv - ok
07:48:15.0468 2532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:48:15.0625 2532 SSDPSRV - ok
07:48:15.0703 2532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:48:15.0843 2532 stisvc - ok
07:48:15.0875 2532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:48:16.0015 2532 swenum - ok
07:48:16.0031 2532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:48:16.0218 2532 swmidi - ok
07:48:16.0281 2532 SwPrv - ok
07:48:16.0343 2532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:48:16.0515 2532 symc810 - ok
07:48:16.0593 2532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:48:16.0781 2532 symc8xx - ok
07:48:16.0796 2532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:48:16.0953 2532 sym_hi - ok
07:48:17.0000 2532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:48:17.0171 2532 sym_u3 - ok
07:48:17.0234 2532 SynTP (9d3611fa3bcca8090fdd1a45bd1ea586) C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:48:17.0296 2532 SynTP - ok
07:48:17.0343 2532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:48:17.0500 2532 sysaudio - ok
07:48:17.0609 2532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:48:17.0750 2532 SysmonLog - ok
07:48:17.0906 2532 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:48:18.0062 2532 TapiSrv - ok
07:48:18.0125 2532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:48:18.0156 2532 Tcpip - ok
07:48:18.0203 2532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:48:18.0359 2532 TDPIPE - ok
07:48:18.0359 2532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:48:18.0500 2532 TDTCP - ok
07:48:18.0531 2532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:48:18.0656 2532 TermDD - ok
07:48:18.0765 2532 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:48:18.0921 2532 TermService - ok
07:48:19.0015 2532 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:48:19.0031 2532 Themes - ok
07:48:19.0109 2532 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:48:19.0265 2532 TlntSvr - ok
07:48:19.0328 2532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:48:19.0484 2532 TosIde - ok
07:48:19.0578 2532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:48:19.0734 2532 TrkWks - ok
07:48:19.0781 2532 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
07:48:19.0812 2532 UBHelper ( UnsignedFile.Multi.Generic ) - warning
07:48:19.0812 2532 UBHelper - detected UnsignedFile.Multi.Generic (1)
07:48:19.0828 2532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:48:19.0968 2532 Udfs - ok
07:48:19.0984 2532 UIUSys - ok
07:48:20.0031 2532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:48:20.0109 2532 ultra - ok
07:48:20.0171 2532 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
07:48:20.0265 2532 UMWdf - ok
07:48:20.0312 2532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:48:20.0468 2532 Update - ok
07:48:20.0578 2532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:48:20.0734 2532 upnphost - ok
07:48:20.0796 2532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:48:20.0937 2532 UPS - ok
07:48:21.0000 2532 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:48:21.0015 2532 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
07:48:21.0015 2532 USBAAPL - detected UnsignedFile.Multi.Generic (1)
07:48:21.0078 2532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:48:21.0218 2532 usbccgp - ok
07:48:21.0250 2532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:48:21.0375 2532 usbehci - ok
07:48:21.0421 2532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:48:21.0578 2532 usbhub - ok
07:48:21.0593 2532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:48:21.0812 2532 usbohci - ok
07:48:21.0906 2532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:48:22.0046 2532 usbprint - ok
07:48:22.0062 2532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:48:22.0218 2532 usbscan - ok
07:48:22.0250 2532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:48:22.0390 2532 USBSTOR - ok
07:48:22.0406 2532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:48:22.0609 2532 VgaSave - ok
07:48:22.0671 2532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:48:22.0828 2532 viaagp - ok
07:48:22.0859 2532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:48:23.0000 2532 ViaIde - ok
07:48:23.0078 2532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:48:23.0218 2532 VolSnap - ok
07:48:23.0296 2532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:48:23.0437 2532 VSS - ok
07:48:23.0578 2532 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:48:23.0734 2532 W32Time - ok
07:48:23.0750 2532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:48:23.0921 2532 Wanarp - ok
07:48:23.0968 2532 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
07:48:24.0015 2532 WDC_SAM - ok
07:48:24.0015 2532 WDICA - ok
07:48:24.0046 2532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:48:24.0187 2532 wdmaud - ok
07:48:24.0281 2532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:48:24.0421 2532 WebClient - ok
07:48:24.0500 2532 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:48:24.0546 2532 winachsf - ok
07:48:24.0609 2532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:48:24.0765 2532 winmgmt - ok
07:48:24.0890 2532 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
07:48:24.0937 2532 WmdmPmSN - ok
07:48:25.0031 2532 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
07:48:25.0140 2532 Wmi - ok
07:48:25.0156 2532 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:48:25.0312 2532 WmiAcpi - ok
07:48:25.0375 2532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:48:25.0531 2532 WmiApSrv - ok
07:48:25.0562 2532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:48:25.0750 2532 WS2IFSL - ok
07:48:25.0921 2532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:48:26.0046 2532 wscsvc - ok
07:48:26.0171 2532 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:48:26.0296 2532 wuauserv - ok
07:48:26.0421 2532 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:48:26.0578 2532 WZCSVC - ok
07:48:26.0656 2532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:48:26.0812 2532 xmlprov - ok
07:48:26.0843 2532 ZTEusbmdm6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
07:48:26.0890 2532 ZTEusbmdm6k - ok
07:48:26.0937 2532 ZTEusbnmea (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
07:48:26.0953 2532 ZTEusbnmea - ok
07:48:26.0968 2532 ZTEusbser6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
07:48:26.0984 2532 ZTEusbser6k - ok
07:48:27.0015 2532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:48:27.0187 2532 \Device\Harddisk0\DR0 - ok
07:48:27.0203 2532 Boot (0x1200) (508f07127cf722f7386ea1be775c96fa) \Device\Harddisk0\DR0\Partition0
07:48:27.0203 2532 \Device\Harddisk0\DR0\Partition0 - ok
07:48:27.0203 2532 ============================================================
07:48:27.0203 2532 Scan finished
07:48:27.0203 2532 ============================================================
07:48:27.0312 3876 Detected object count: 11
07:48:27.0312 3876 Actual detected object count: 11
07:49:14.0140 3876 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0140 3876 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0140 3876 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0140 3876 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0140 3876 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0140 3876 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0140 3876 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0140 3876 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0140 3876 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0140 3876 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0140 3876 mdvrmng ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0140 3876 mdvrmng ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0156 3876 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0156 3876 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0156 3876 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0156 3876 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0156 3876 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0156 3876 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0156 3876 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0156 3876 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:14.0156 3876 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
07:49:14.0156 3876 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:49:23.0859 3488 Deinitialize success


ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 07:49:45
-----------------------------
07:49:45.953 OS Version: Windows 5.1.2600 Service Pack 3
07:49:45.953 Number of processors: 1 586 0x4C02
07:49:45.953 ComputerName: BRIONY-LAPTOP UserName: Briony
07:49:46.531 Initialize success
07:58:30.640 AVAST engine defs: 12051501
07:59:05.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-a
07:59:05.812 Disk 0 Vendor: Hitachi_HTS541660J9AT00 SBBOA70H Size: 57231MB BusType: 3
07:59:05.843 Disk 0 MBR read successfully
07:59:05.843 Disk 0 MBR scan
07:59:05.906 Disk 0 Windows XP default MBR code
07:59:05.937 Disk 0 Partition 1 80 (A) 0B FAT32 MSWIN4.1 57231 MB offset 63
07:59:05.953 Disk 0 scanning sectors +117210240
07:59:06.125 Disk 0 scanning C:\WINDOWS\system32\drivers
07:59:16.437 Service scanning
07:59:36.093 Modules scanning
07:59:44.093 Disk 0 trace - called modules:
07:59:44.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:59:44.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8558e630]
07:59:44.515 3 CLASSPNP.SYS[f7592fd7] -> nt!IofCallDriver -> \Device\000000a2[0x855471c0]
07:59:44.531 5 ACPI.sys[f73a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-a[0x8552e940]
07:59:45.093 AVAST engine scan C:\WINDOWS
07:59:51.468 AVAST engine scan C:\WINDOWS\system32
08:02:26.515 AVAST engine scan C:\WINDOWS\system32\drivers
08:02:39.781 AVAST engine scan C:\Documents and Settings\Briony
08:05:51.843 AVAST engine scan C:\Documents and Settings\All Users
08:06:08.187 Scan finished successfully
08:12:21.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Briony\Desktop\MBR.dat"
08:12:21.468 The log file has been saved successfully to "C:\Documents and Settings\Briony\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 16 May 2012 - 05:25 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 16 May 2012 - 03:45 PM

Same problem as before Combofix jams at the search/scanning screen. Works fine until that point

Thnaks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 17 May 2012 - 01:30 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Matt1010

Matt1010
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 17 May 2012 - 03:53 PM

3Connect
Acer Empowering Technology
Acer ePerformance Management
Acer ePower Management
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Bonjour
Canon MP490 series MP Drivers
CCleaner
Compatibility Pack for the 2007 Office system
DivX Setup
DriveImage XML (Private Edition)
DVD43 v4.6.0
EASEUS Partition Master 8.0.1 Home Edition
eMusic Download Manager 4.1.4
ESET Online Scanner v3
Foxit Reader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
inSSIDer 2.0
iTunes
Java Auto Updater
Java™ 6 Update 31
LightScribe 1.4.97.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
NTI CD & DVD-Maker
PowerDVD
PowerProducer
Quick Startup 2.8.0.718
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923789)
Smart Defrag 2
Sonic Encoders
Spybot - Search & Destroy
SpywareBlaster 4.6
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3
ZTE_MF627_USB_MODEM_1.2059.0.4
ZTE_MF6X6_USB_MODEM_1.2050.0.6

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 AM

Posted 17 May 2012 - 04:50 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Foxit Reader
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users