Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8 Infection


  • Please log in to reply
12 replies to this topic

#1 Ninegauge

Ninegauge

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 15 March 2013 - 09:50 PM

Hi everyone,

 

I started getting messages that the computer was locked by the FBI, and they wanted to take it off by me sending them $300.00.  

 

RED FLAG.  

 

Then the screen would stay white.

 

I had to restore it to Feb the 12th but I am still infected.  Please help.  

 

I ran Malwarebytes scan  which cleaned some items out as well as Spybot Search and Destroy and Microsoft Security Essentials which also cleaned some nasty things out.  I think I am still infected though.  Any help would be appreciated.  

 

I was also told I had 35,000 "events" that were needing removal from Microsoft.

 

Thank you,

Dan


Edited by Ninegauge, 16 March 2013 - 09:53 AM.


BC AdBot (Login to Remove)

 


#2 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 15 March 2013 - 09:55 PM

I think there is still infection. 


Edited by Ninegauge, 16 March 2013 - 09:54 AM.


#3 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 16 March 2013 - 09:51 AM

Bump



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:57 AM

Posted 16 March 2013 - 09:53 AM

    

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#5 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 16 March 2013 - 10:05 AM

Ok...My Dad said it was Windows 8,  and it's really Windows 7.  Sorry. lol He's new.



#6 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 17 March 2013 - 06:54 PM

TDSSkiller Log

 

 

10:04:48.0264 7148  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:04:49.0071 7148  ============================================================
10:04:49.0071 7148  Current date / time: 2013/03/16 10:04:49.0071
10:04:49.0071 7148  SystemInfo:
10:04:49.0071 7148  
10:04:49.0071 7148  OS Version: 6.1.7601 ServicePack: 1.0
10:04:49.0071 7148  Product type: Workstation
10:04:49.0071 7148  ComputerName: DANIEL-HP
10:04:49.0072 7148  UserName: Daniel
10:04:49.0072 7148  Windows directory: C:\Windows
10:04:49.0072 7148  System windows directory: C:\Windows
10:04:49.0072 7148  Running under WOW64
10:04:49.0072 7148  Processor architecture: Intel x64
10:04:49.0072 7148  Number of processors: 2
10:04:49.0072 7148  Page size: 0x1000
10:04:49.0072 7148  Boot type: Normal boot
10:04:49.0072 7148  ============================================================
10:04:49.0784 7148  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:04:49.0787 7148  ============================================================
10:04:49.0787 7148  \Device\Harddisk0\DR0:
10:04:49.0787 7148  MBR partitions:
10:04:49.0787 7148  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:04:49.0787 7148  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37C9E000
10:04:49.0787 7148  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37D02000, BlocksNum 0x1E94000
10:04:49.0787 7148  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
10:04:49.0787 7148  ============================================================
10:04:49.0821 7148  C: <-> \Device\Harddisk0\DR0\Partition2
10:04:49.0862 7148  D: <-> \Device\Harddisk0\DR0\Partition3
10:04:49.0880 7148  E: <-> \Device\Harddisk0\DR0\Partition4
10:04:49.0880 7148  ============================================================
10:04:49.0880 7148  Initialize success
10:04:49.0880 7148  ============================================================
10:06:31.0036 5552  ============================================================
10:06:31.0036 5552  Scan started
10:06:31.0036 5552  Mode: Manual; 
10:06:31.0036 5552  ============================================================
10:06:31.0269 5552  ================ Scan system memory ========================
10:06:31.0269 5552  System memory - ok
10:06:31.0270 5552  ================ Scan services =============================
10:06:31.0453 5552  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:06:31.0458 5552  1394ohci - ok
10:06:31.0499 5552  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:06:31.0504 5552  ACPI - ok
10:06:31.0519 5552  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:06:31.0521 5552  AcpiPmi - ok
10:06:31.0604 5552  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:06:31.0605 5552  AdobeARMservice - ok
10:06:31.0729 5552  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:06:31.0732 5552  AdobeFlashPlayerUpdateSvc - ok
10:06:31.0791 5552  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:06:31.0800 5552  adp94xx - ok
10:06:31.0823 5552  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:06:31.0830 5552  adpahci - ok
10:06:31.0861 5552  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:06:31.0864 5552  adpu320 - ok
10:06:31.0893 5552  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:06:31.0894 5552  AeLookupSvc - ok
10:06:31.0935 5552  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:06:31.0941 5552  AFD - ok
10:06:31.0971 5552  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:06:31.0973 5552  agp440 - ok
10:06:31.0997 5552  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:06:31.0999 5552  ALG - ok
10:06:32.0032 5552  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:06:32.0033 5552  aliide - ok
10:06:32.0038 5552  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:06:32.0039 5552  amdide - ok
10:06:32.0068 5552  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:06:32.0070 5552  AmdK8 - ok
10:06:32.0102 5552  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:06:32.0104 5552  AmdPPM - ok
10:06:32.0122 5552  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:06:32.0125 5552  amdsata - ok
10:06:32.0162 5552  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:06:32.0165 5552  amdsbs - ok
10:06:32.0195 5552  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:06:32.0196 5552  amdxata - ok
10:06:32.0221 5552  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:06:32.0223 5552  AppID - ok
10:06:32.0255 5552  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:06:32.0256 5552  AppIDSvc - ok
10:06:32.0284 5552  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:06:32.0286 5552  Appinfo - ok
10:06:32.0357 5552  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:06:32.0359 5552  Apple Mobile Device - ok
10:06:32.0479 5552  [ DCEBADAB68650A3EC48FDC102A6D67E8 ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
10:06:32.0533 5552  Application Sendori - ok
10:06:32.0561 5552  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:06:32.0563 5552  arc - ok
10:06:32.0596 5552  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:06:32.0598 5552  arcsas - ok
10:06:32.0708 5552  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:06:32.0710 5552  aspnet_state - ok
10:06:32.0735 5552  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:06:32.0737 5552  AsyncMac - ok
10:06:32.0759 5552  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:06:32.0761 5552  atapi - ok
10:06:32.0807 5552  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:06:32.0818 5552  AudioEndpointBuilder - ok
10:06:32.0829 5552  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:06:32.0834 5552  AudioSrv - ok
10:06:32.0852 5552  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:06:32.0853 5552  AxInstSV - ok
10:06:32.0882 5552  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:06:32.0888 5552  b06bdrv - ok
10:06:32.0903 5552  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:06:32.0908 5552  b57nd60a - ok
10:06:32.0960 5552  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:06:32.0962 5552  BBSvc - ok
10:06:33.0016 5552  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:06:33.0031 5552  BCM43XX - ok
10:06:33.0060 5552  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:06:33.0062 5552  BDESVC - ok
10:06:33.0074 5552  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:06:33.0075 5552  Beep - ok
10:06:33.0104 5552  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:06:33.0112 5552  BFE - ok
10:06:33.0158 5552  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:06:33.0171 5552  BITS - ok
10:06:33.0196 5552  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:06:33.0197 5552  blbdrive - ok
10:06:33.0220 5552  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:06:33.0222 5552  bowser - ok
10:06:33.0239 5552  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:06:33.0241 5552  BrFiltLo - ok
10:06:33.0260 5552  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:06:33.0262 5552  BrFiltUp - ok
10:06:33.0295 5552  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:06:33.0298 5552  Browser - ok
10:06:33.0319 5552  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:06:33.0323 5552  Brserid - ok
10:06:33.0344 5552  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:06:33.0345 5552  BrSerWdm - ok
10:06:33.0357 5552  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:06:33.0358 5552  BrUsbMdm - ok
10:06:33.0385 5552  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:06:33.0386 5552  BrUsbSer - ok
10:06:33.0404 5552  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:06:33.0405 5552  BTHMODEM - ok
10:06:33.0451 5552  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:06:33.0453 5552  bthserv - ok
10:06:33.0487 5552  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:06:33.0489 5552  cdfs - ok
10:06:33.0531 5552  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:06:33.0534 5552  cdrom - ok
10:06:33.0584 5552  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:06:33.0589 5552  CertPropSvc - ok
10:06:33.0608 5552  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:06:33.0610 5552  circlass - ok
10:06:33.0635 5552  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:06:33.0639 5552  CLFS - ok
10:06:33.0704 5552  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:06:33.0706 5552  clr_optimization_v2.0.50727_32 - ok
10:06:33.0754 5552  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:06:33.0757 5552  clr_optimization_v2.0.50727_64 - ok
10:06:33.0807 5552  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:06:33.0810 5552  clr_optimization_v4.0.30319_32 - ok
10:06:33.0875 5552  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:06:33.0877 5552  clr_optimization_v4.0.30319_64 - ok
10:06:33.0904 5552  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
10:06:33.0905 5552  clwvd - ok
10:06:33.0931 5552  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:06:33.0932 5552  CmBatt - ok
10:06:33.0947 5552  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:06:33.0948 5552  cmdide - ok
10:06:33.0975 5552  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:06:33.0981 5552  CNG - ok
10:06:34.0000 5552  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:06:34.0001 5552  Compbatt - ok
10:06:34.0017 5552  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:06:34.0018 5552  CompositeBus - ok
10:06:34.0022 5552  COMSysApp - ok
10:06:34.0050 5552  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:06:34.0054 5552  crcdisk - ok
10:06:34.0089 5552  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:06:34.0096 5552  CryptSvc - ok
10:06:34.0172 5552  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:06:34.0179 5552  cvhsvc - ok
10:06:34.0209 5552  [ 1CA90212A99DB6975C344826D11055C9 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
10:06:34.0210 5552  dc3d - ok
10:06:34.0246 5552  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:06:34.0253 5552  DcomLaunch - ok
10:06:34.0353 5552  [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
10:06:34.0355 5552  DefaultTabUpdate - ok
10:06:34.0423 5552  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:06:34.0428 5552  defragsvc - ok
10:06:34.0449 5552  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:06:34.0451 5552  DfsC - ok
10:06:34.0468 5552  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:06:34.0472 5552  Dhcp - ok
10:06:34.0490 5552  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:06:34.0491 5552  discache - ok
10:06:34.0511 5552  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:06:34.0513 5552  Disk - ok
10:06:34.0542 5552  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:06:34.0545 5552  Dnscache - ok
10:06:34.0570 5552  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:06:34.0573 5552  dot3svc - ok
10:06:34.0595 5552  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:06:34.0597 5552  DPS - ok
10:06:34.0616 5552  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:06:34.0618 5552  drmkaud - ok
10:06:34.0653 5552  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:06:34.0664 5552  DXGKrnl - ok
10:06:34.0688 5552  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:06:34.0691 5552  EapHost - ok
10:06:34.0763 5552  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:06:34.0798 5552  ebdrv - ok
10:06:34.0829 5552  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:06:34.0830 5552  EFS - ok
10:06:34.0894 5552  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:06:34.0902 5552  ehRecvr - ok
10:06:34.0920 5552  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:06:34.0923 5552  ehSched - ok
10:06:34.0961 5552  [ 627350A11295D82BF78D155B12FFD0EF ] ElRawDisk       C:\Windows\system32\drivers\ElRawDsk.sys
10:06:34.0962 5552  ElRawDisk - ok
10:06:34.0999 5552  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:06:35.0008 5552  elxstor - ok
10:06:35.0025 5552  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:06:35.0030 5552  ErrDev - ok
10:06:35.0066 5552  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:06:35.0071 5552  EventSystem - ok
10:06:35.0088 5552  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:06:35.0091 5552  exfat - ok
10:06:35.0111 5552  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:06:35.0114 5552  fastfat - ok
10:06:35.0140 5552  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:06:35.0148 5552  Fax - ok
10:06:35.0162 5552  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:06:35.0163 5552  fdc - ok
10:06:35.0183 5552  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:06:35.0184 5552  fdPHost - ok
10:06:35.0201 5552  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:06:35.0202 5552  FDResPub - ok
10:06:35.0211 5552  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:06:35.0212 5552  FileInfo - ok
10:06:35.0230 5552  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:06:35.0231 5552  Filetrace - ok
10:06:35.0250 5552  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:06:35.0251 5552  flpydisk - ok
10:06:35.0275 5552  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:06:35.0278 5552  FltMgr - ok
10:06:35.0333 5552  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:06:35.0346 5552  FontCache - ok
10:06:35.0397 5552  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:06:35.0398 5552  FontCache3.0.0.0 - ok
10:06:35.0414 5552  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:06:35.0416 5552  FsDepends - ok
10:06:35.0431 5552  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:06:35.0433 5552  Fs_Rec - ok
10:06:35.0461 5552  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:06:35.0465 5552  fvevol - ok
10:06:35.0495 5552  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:06:35.0497 5552  gagp30kx - ok
10:06:35.0535 5552  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:06:35.0539 5552  GamesAppService - ok
10:06:35.0564 5552  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:06:35.0566 5552  GEARAspiWDM - ok
10:06:35.0608 5552  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:06:35.0619 5552  gpsvc - ok
10:06:35.0704 5552  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:06:35.0706 5552  gupdate - ok
10:06:35.0714 5552  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:06:35.0716 5552  gupdatem - ok
10:06:35.0751 5552  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:06:35.0754 5552  gusvc - ok
10:06:35.0784 5552  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:06:35.0786 5552  hcw85cir - ok
10:06:35.0823 5552  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:06:35.0828 5552  HdAudAddService - ok
10:06:35.0874 5552  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:06:35.0877 5552  HDAudBus - ok
10:06:35.0944 5552  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:06:35.0945 5552  HidBatt - ok
10:06:35.0985 5552  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:06:35.0988 5552  HidBth - ok
10:06:36.0012 5552  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:06:36.0014 5552  HidIr - ok
10:06:36.0071 5552  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:06:36.0073 5552  hidserv - ok
10:06:36.0107 5552  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:06:36.0108 5552  HidUsb - ok
10:06:36.0137 5552  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:06:36.0140 5552  hkmsvc - ok
10:06:36.0159 5552  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:06:36.0164 5552  HomeGroupListener - ok
10:06:36.0199 5552  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:06:36.0204 5552  HomeGroupProvider - ok
10:06:36.0290 5552  [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:06:36.0291 5552  HP Support Assistant Service - ok
10:06:36.0359 5552  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:06:36.0364 5552  HPClientSvc - ok
10:06:36.0404 5552  [ 8EB0813B7760BBE161BACF8043322186 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:06:36.0407 5552  HPDrvMntSvc.exe - ok
10:06:36.0441 5552  [ 5298E3B4844328A11C9EB6C001CF0529 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:06:36.0449 5552  hpqwmiex - ok
10:06:36.0476 5552  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:06:36.0478 5552  HpSAMD - ok
10:06:36.0515 5552  [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:06:36.0517 5552  HPWMISVC - ok
10:06:36.0551 5552  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:06:36.0562 5552  HTTP - ok
10:06:36.0614 5552  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:06:36.0615 5552  hwpolicy - ok
10:06:36.0646 5552  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:06:36.0648 5552  i8042prt - ok
10:06:36.0689 5552  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:06:36.0693 5552  iaStor - ok
10:06:36.0740 5552  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:06:36.0741 5552  IAStorDataMgrSvc - ok
10:06:36.0776 5552  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:06:36.0782 5552  iaStorV - ok
10:06:36.0859 5552  [ D22D82D74FD1B6C77E7556DBDC3EA9D2 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:06:36.0940 5552  IconMan_R - ok
10:06:36.0976 5552  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:06:36.0986 5552  idsvc - ok
10:06:37.0247 5552  [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:06:37.0489 5552  igfx - ok
10:06:37.0510 5552  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:06:37.0511 5552  iirsp - ok
10:06:37.0548 5552  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:06:37.0558 5552  IKEEXT - ok
10:06:37.0583 5552  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:06:37.0587 5552  IntcDAud - ok
10:06:37.0598 5552  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:06:37.0600 5552  intelide - ok
10:06:37.0628 5552  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:06:37.0629 5552  intelppm - ok
10:06:37.0725 5552  [ 4C279F23F88E0854CE94731E55BF6E77 ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
10:06:37.0740 5552  ioloSystemService - ok
10:06:37.0767 5552  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:06:37.0769 5552  IPBusEnum - ok
10:06:37.0800 5552  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:06:37.0802 5552  IpFilterDriver - ok
10:06:37.0845 5552  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:06:37.0851 5552  iphlpsvc - ok
10:06:37.0867 5552  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:06:37.0869 5552  IPMIDRV - ok
10:06:37.0887 5552  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:06:37.0889 5552  IPNAT - ok
10:06:37.0974 5552  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:06:37.0982 5552  iPod Service - ok
10:06:38.0007 5552  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:06:38.0008 5552  IRENUM - ok
10:06:38.0029 5552  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:06:38.0030 5552  isapnp - ok
10:06:38.0056 5552  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:06:38.0059 5552  iScsiPrt - ok
10:06:38.0073 5552  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:06:38.0075 5552  kbdclass - ok
10:06:38.0085 5552  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:06:38.0086 5552  kbdhid - ok
10:06:38.0095 5552  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:06:38.0097 5552  KeyIso - ok
10:06:38.0122 5552  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:06:38.0124 5552  KSecDD - ok
10:06:38.0141 5552  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:06:38.0144 5552  KSecPkg - ok
10:06:38.0154 5552  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:06:38.0155 5552  ksthunk - ok
10:06:38.0184 5552  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:06:38.0190 5552  KtmRm - ok
10:06:38.0215 5552  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:06:38.0219 5552  LanmanServer - ok
10:06:38.0239 5552  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:06:38.0242 5552  LanmanWorkstation - ok
10:06:38.0337 5552  [ 3C7FCBBC35E0A52CE9B12E9CC4F5B991 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:06:38.0363 5552  LiveUpdate - ok
10:06:38.0381 5552  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:06:38.0383 5552  lltdio - ok
10:06:38.0408 5552  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:06:38.0413 5552  lltdsvc - ok
10:06:38.0436 5552  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:06:38.0437 5552  lmhosts - ok
10:06:38.0466 5552  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:06:38.0468 5552  LMS - ok
10:06:38.0488 5552  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:06:38.0490 5552  LSI_FC - ok
10:06:38.0517 5552  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:06:38.0519 5552  LSI_SAS - ok
10:06:38.0531 5552  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:06:38.0533 5552  LSI_SAS2 - ok
10:06:38.0556 5552  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:06:38.0560 5552  LSI_SCSI - ok
10:06:38.0577 5552  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:06:38.0579 5552  luafv - ok
10:06:38.0646 5552  [ 1F02B554DDC4086D786537A3BF6488F1 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
10:06:38.0648 5552  lxecCATSCustConnectService - ok
10:06:38.0656 5552  lxec_device - ok
10:06:38.0708 5552  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:06:38.0709 5552  MBAMProtector - ok
10:06:38.0753 5552  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:06:38.0759 5552  MBAMScheduler - ok
10:06:38.0794 5552  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:06:38.0802 5552  MBAMService - ok
10:06:38.0826 5552  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:06:38.0829 5552  Mcx2Svc - ok
10:06:38.0855 5552  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:06:38.0860 5552  megasas - ok
10:06:38.0892 5552  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:06:38.0897 5552  MegaSR - ok
10:06:38.0932 5552  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:06:38.0935 5552  MEIx64 - ok
10:06:38.0959 5552  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:06:38.0962 5552  MMCSS - ok
10:06:39.0002 5552  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:06:39.0003 5552  Modem - ok
10:06:39.0017 5552  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:06:39.0019 5552  monitor - ok
10:06:39.0034 5552  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:06:39.0036 5552  mouclass - ok
10:06:39.0047 5552  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:06:39.0048 5552  mouhid - ok
10:06:39.0076 5552  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:06:39.0077 5552  mountmgr - ok
10:06:39.0141 5552  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:06:39.0143 5552  MozillaMaintenance - ok
10:06:39.0185 5552  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:06:39.0189 5552  MpFilter - ok
10:06:39.0221 5552  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:06:39.0224 5552  mpio - ok
10:06:39.0239 5552  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:06:39.0241 5552  mpsdrv - ok
10:06:39.0288 5552  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:06:39.0299 5552  MpsSvc - ok
10:06:39.0314 5552  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:06:39.0317 5552  MRxDAV - ok
10:06:39.0352 5552  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:06:39.0355 5552  mrxsmb - ok
10:06:39.0382 5552  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:06:39.0387 5552  mrxsmb10 - ok
10:06:39.0395 5552  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:06:39.0397 5552  mrxsmb20 - ok
10:06:39.0423 5552  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:06:39.0425 5552  msahci - ok
10:06:39.0487 5552  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:06:39.0490 5552  msdsm - ok
10:06:39.0515 5552  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:06:39.0519 5552  MSDTC - ok
10:06:39.0555 5552  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:06:39.0557 5552  Msfs - ok
10:06:39.0578 5552  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:06:39.0579 5552  mshidkmdf - ok
10:06:39.0602 5552  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:06:39.0604 5552  msisadrv - ok
10:06:39.0643 5552  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:06:39.0647 5552  MSiSCSI - ok
10:06:39.0655 5552  msiserver - ok
10:06:39.0668 5552  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:06:39.0670 5552  MSKSSRV - ok
10:06:39.0736 5552  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:06:39.0736 5552  MsMpSvc - ok
10:06:39.0755 5552  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:06:39.0756 5552  MSPCLOCK - ok
10:06:39.0802 5552  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:06:39.0804 5552  MSPQM - ok
10:06:39.0827 5552  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:06:39.0835 5552  MsRPC - ok
10:06:39.0894 5552  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:06:39.0895 5552  mssmbios - ok
10:06:39.0943 5552  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:06:39.0944 5552  MSTEE - ok
10:06:39.0993 5552  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:06:39.0995 5552  MTConfig - ok
10:06:40.0013 5552  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:06:40.0015 5552  Mup - ok
10:06:40.0057 5552  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:06:40.0063 5552  napagent - ok
10:06:40.0082 5552  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:06:40.0087 5552  NativeWifiP - ok
10:06:40.0133 5552  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:06:40.0143 5552  NDIS - ok
10:06:40.0172 5552  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:06:40.0173 5552  NdisCap - ok
10:06:40.0187 5552  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:06:40.0188 5552  NdisTapi - ok
10:06:40.0202 5552  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:06:40.0203 5552  Ndisuio - ok
10:06:40.0224 5552  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:06:40.0226 5552  NdisWan - ok
10:06:40.0245 5552  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:06:40.0247 5552  NDProxy - ok
10:06:40.0259 5552  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:06:40.0261 5552  NetBIOS - ok
10:06:40.0279 5552  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:06:40.0282 5552  NetBT - ok
10:06:40.0295 5552  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:06:40.0297 5552  Netlogon - ok
10:06:40.0332 5552  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:06:40.0338 5552  Netman - ok
10:06:40.0376 5552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:06:40.0379 5552  NetMsmqActivator - ok
10:06:40.0389 5552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:06:40.0391 5552  NetPipeActivator - ok
10:06:40.0417 5552  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:06:40.0423 5552  netprofm - ok
10:06:40.0579 5552  [ 31609B481CC202BFB441E37FEBCDEA05 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
10:06:40.0601 5552  netr28x - ok
10:06:40.0620 5552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:06:40.0622 5552  NetTcpActivator - ok
10:06:40.0628 5552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:06:40.0630 5552  NetTcpPortSharing - ok
10:06:40.0664 5552  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:06:40.0666 5552  nfrd960 - ok
10:06:40.0679 5552  Scan interrupted by user!
10:06:40.0679 5552  ================ Scan global ===============================
10:06:40.0679 5552  Scan interrupted by user!
10:06:40.0679 5552  ================ Scan MBR ==================================
10:06:40.0679 5552  Scan interrupted by user!
10:06:40.0679 5552  ================ Scan VBR ==================================
10:06:40.0679 5552  Scan interrupted by user!
10:06:40.0679 5552  ============================================================
10:06:40.0679 5552  Scan finished
10:06:40.0679 5552  ============================================================
10:06:40.0690 8072  Detected object count: 0
10:06:40.0690 8072  Actual detected object count: 0
10:06:50.0195 6280  Deinitialize success
 
asuMBR Log
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-16 10:32:14
-----------------------------
10:32:14.544    OS Version: Windows x64 6.1.7601 Service Pack 1
10:32:14.544    Number of processors: 2 586 0x2A07
10:32:14.545    ComputerName: DANIEL-HP  UserName: Daniel
10:32:15.574    Initialize success
10:42:15.666    AVAST engine defs: 13031600
10:42:46.567    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:42:46.572    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
10:42:46.588    Disk 0 MBR read successfully
10:42:46.593    Disk 0 MBR scan
10:42:46.603    Disk 0 Windows 7 default MBR code
10:42:46.618    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
10:42:46.639    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       457020 MB offset 409600
10:42:46.671    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15656 MB offset 936386560
10:42:46.694    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4063 MB offset 968450048
10:42:46.747    Disk 0 scanning C:\Windows\system32\drivers
10:42:57.257    Service scanning
10:43:32.567    Modules scanning
10:43:32.569    Disk 0 trace - called modules:
10:43:32.589    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
10:43:32.591    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007183060]
10:43:32.592    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e3050]
10:43:34.365    AVAST engine scan C:\Windows
10:43:38.722    AVAST engine scan C:\Windows\system32
10:46:34.905    AVAST engine scan C:\Windows\system32\drivers
10:46:48.995    AVAST engine scan C:\Users\Daniel
10:51:32.933    File: C:\Users\Daniel\AppData\LocalLow\Playbryte\Assemblies\1\BrowserObjects.dll  **INFECTED** MSIL:BHO-A [Trj]
10:51:32.963    File: C:\Users\Daniel\AppData\LocalLow\Playbryte\Assemblies\1\Inline.dll  **INFECTED** MSIL:BHO-B [Trj]
10:52:42.941    AVAST engine scan C:\ProgramData
10:54:31.784    Scan finished successfully
10:54:56.584    Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
10:54:56.591    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"
 
ESET Scan Log
 
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application
C:\Downloads_042212\dvdburning_1289.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Daniel\AppData\Local\RivalGaming\RivalGaming.dll probably a variant of Win32/Adware.Gamevance.DB application cleaned by deleting - quarantined
C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.CZ application cleaned by deleting - quarantined
C:\Users\Daniel\VideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\Daniel\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.X application cleaned by deleting - quarantined
E:\DANIEL-HP\Backup Set 2012-12-30 123738\Backup Files 2012-12-30 123738\Backup files 1.zip a variant of Win32/Adware.Gamevance.CZ application deleted - quarantined
E:\DANIEL-HP\Backup Set 2012-12-30 123738\Backup Files 2012-12-30 123738\Backup files 3.zip multiple threats deleted - quarantined
 


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:57 AM

Posted 17 March 2013 - 06:57 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log



#8 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 18 March 2013 - 09:53 AM

Malwarebytes log
 
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.17.13
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-HP [administrator]
 
Protection: Enabled
 
3/17/2013 7:13:52 PM
mbam-log-2013-03-17 (19-13-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211338
Time elapsed: 2 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
MiniToolBox log
 
MiniToolBox by Farbar  Version:05-03-2013
Ran by Daniel (administrator) on 17-03-2013 at 20:39:30
Running from "C:\Users\Daniel\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Daniel-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.actdsltmp
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : domain.actdsltmp
   Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 38-59-F9-B9-E5-BB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bc1a:882f:742f:96e%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, March 17, 2013 9:56:40 AM
   Lease Expires . . . . . . . . . . : Sunday, March 24, 2013 6:49:50 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 322460153
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-00-92-4B-44-1E-A1-DE-6B-66
   DNS Servers . . . . . . . . . . . : 216.146.35.240
                                       216.146.36.240
                                       192.168.0.1
                                       205.171.3.25
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 44-1E-A1-DE-6B-66
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.domain.actdsltmp:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{05E49820-B9A0-495C-97D9-B08B3F2BEA7D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:cfb:3cc:bcff:fb64(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::cfb:3cc:bcff:fb64%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  sendori-rdns1.dyndns.com
Address:  216.146.35.240
 
Name:    google.com
Addresses:  2607:f8b0:4009:803::1001
 74.125.225.134
 74.125.225.129
 74.125.225.137
 74.125.225.130
 74.125.225.128
 74.125.225.142
 74.125.225.131
 74.125.225.135
 74.125.225.132
 74.125.225.136
 74.125.225.133
 
 
Pinging google.com [74.125.225.134] with 32 bytes of data:
Reply from 74.125.225.134: bytes=32 time=78ms TTL=57
Reply from 74.125.225.134: bytes=32 time=82ms TTL=57
 
Ping statistics for 74.125.225.134:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 82ms, Average = 80ms
Server:  sendori-rdns1.dyndns.com
Address:  216.146.35.240
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=465ms TTL=53
Reply from 98.139.183.24: bytes=32 time=395ms TTL=53
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 395ms, Maximum = 465ms, Average = 430ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=19ms TTL=64
Reply from 127.0.0.1: bytes=32 time=7ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 19ms, Average = 13ms
===========================================================================
Interface List
 13...38 59 f9 b9 e5 bb ......Ralink RT5390 802.11b/g/n WiFi Adapter
 11...44 1e a1 de 6b 66 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    281
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:4137:9e76:1435:2125:bcff:fb64/128
                                    On-link
 13    281 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::1435:2125:bcff:fb64/128
                                    On-link
 13    281 fe80::bc1a:882f:742f:96e/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
Farbar's Service Scanner log
 
Farbar Service Scanner Version: 03-03-2013
Ran by Daniel (administrator) on 17-03-2013 at 21:29:34
Running from "C:\Users\Daniel\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
AdwCleaner log
 
# AdwCleaner v2.115 - Logfile created 03/17/2013 at 21:31:09
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Daniel - DANIEL-HP
# Boot Mode : Normal
# Running from : C:\Users\Daniel\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : DefaultTabUpdate
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\fwlbf8kp.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Program Files (x86)\SavingsApp
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\GamesBar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Daniel\AppData\Local\Conduit
Folder Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\WhiteSmoke_US_New
Folder Deleted : C:\Users\Daniel\AppData\Roaming\DefaultTab
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{462BE121-2B54-4218-BF00-B9BF8135B23F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{462BE121-2B54-4218-BF00-B9BF8135B23F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
 
Junkware Removal Tool
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on Sun 03/17/2013 at 21:42:12.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] televisionfanaticservice 
Successfully deleted: [Service] televisionfanaticservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\televisionfanatic browser plugin loader
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\televisionfanatic search scope monitor
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_current_user\software\aol toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\aol toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\firstsearch
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0696f815-a3a9-490a-bb14-9ec3350b1276}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{26d675ac-d925-4bbf-a720-62c2aa4a81eb}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{26d675ac-d925-4bbf-a720-62c2aa4a81eb}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{36377dd7-b3eb-42f5-986f-680baf59ba9d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e5c2a1fe-86db-87b4-11f0-1aa2579e81dd}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5c2a1fe-86db-87b4-11f0-1aa2579e81dd}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} 
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} 
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Daniel\AppData\LocalLow\FCTB000100815
Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\smart pc cleaner"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\local\aol toolbar"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\local\rivalgaming"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Folder] "C:\Program Files (x86)\savevalet"
Successfully deleted: [Folder] "C:\Program Files (x86)\smart pc cleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\speeditup free"
Successfully deleted: [Folder] "C:\Program Files (x86)\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files (x86)\televisionfanaticei"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\fwlbf8kp.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\64ffxtbr@televisionfanatic.com
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\fwlbf8kp.default\minidumps [8 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/17/2013 at 21:52:17.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Rkill Log
Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/18/2013 09:42:25 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Daniel\Desktop\rkill\rkill-03-18-2013-09-42-28.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/18/2013 09:42:39 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
 
Autoruns log
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "EzPrint" "" "" "c:\program files (x86)\lexmark pro800-pro900 series\ezprint.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "lxecmon.exe" "Printer Device Monitor" "" "c:\program files (x86)\lexmark pro800-pro900 series\lxecmon.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SetDefault" "SetDefault" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp launchbox\setdefault.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "HPOSD" "HP On Screen Display" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe"
+ "HPQuickWebProxy" "HP QuickWeb Utilities" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp quickweb\hpqwutils.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Performance Center" "Ascentive Performance Center" "Ascentive" "c:\program files (x86)\ascentive\performance center\apcmain.exe"
+ "SDTray" "Spybot - Search & Destroy tray access" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdtray.exe"
+ "Sendori Tray" "Sendori Notification Icon" "Sendori, Inc." "c:\program files (x86)\sendori\sendoritray.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "fliptoast.lnk" "" "" "c:\program files (x86)\fliptoast\fliptoast.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\daniel\appdata\local\google\update\googleupdate.exe"
+ "Spybot-S&D Cleaning" "Search results cleaner" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdcleaner.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "Weather" "" "AWS Convergence Technologies, Inc." "c:\program files (x86)\aws\weatherbug\weather.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "Incinerator" "iolo Incinerator ®" "iolo technologies, LLC" "c:\windows\system32\incinerator64.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Incinerator" "iolo Incinerator ®" "iolo technologies, LLC" "c:\windows\syswow64\incinerator32.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "Incinerator" "iolo Incinerator ®" "iolo technologies, LLC" "c:\windows\system32\incinerator64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Incinerator" "iolo Incinerator ®" "iolo technologies, LLC" "c:\windows\syswow64\incinerator32.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "GamesBarBHO Class" "" "" "File not found: C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files (x86)\yahoo!\companion\installs\cpn0\ytsingleinstance.dll"
+ "Spybot-S&D IE Protection" "Blocks URLs that could install spyware, malware etc." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Add to Evernote 4" "" "" "File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204"
+ "Spybot - Search && Destroy Configuration" "Blocks URLs that could install spyware, malware etc." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2286661717-2778223920-3614335701-1000Core" "Google Installer" "Google Inc." "c:\users\daniel\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2286661717-2778223920-3614335701-1000UA" "Google Installer" "Google Inc." "c:\users\daniel\appdata\local\google\update\googleupdate.exe"
+ "\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpsfmessenger\hpsfmsgr.exe"
+ "\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" "HPTuneUp" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hptuneup.exe"
+ "\Hewlett-Packard\HP Support Assistant\PC Health Analysis" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe"
+ "\Hewlett-Packard\HP Support Assistant\PC Tuneup" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe"
+ "\Hewlett-Packard\HP Support Assistant\Update Check" "HP Support Assistant Updater" "Hewlett-Packard" "c:\programdata\hewlett-packard\hp support framework\resources\updater\hpsfupdater.exe"
+ "\HPCeeScheduleForDaniel" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\HPCeeScheduleForDANIEL-HP$" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\cyberlink\youcam\ycmmirage.exe"
+ "\PC Optimizer Pro Updates" "" "" "File not found: C:\Program Files\PC Optimizer Pro\StartApps.exe"
+ "\PC Optimizer Pro64 startups" "" "" "File not found: C:\Program Files\PC Optimizer Pro\StartApps.exe"
+ "\RGames Updater" "" "" "File not found: C:\Users\Daniel\AppData\Local\RivalGaming\Updater.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Check for updates" "Update" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" "Pro-active browser protection" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Scan the system" "Malware Scanner" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdscan.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Application Sendori" "Sets and maintains Sendori protection on this computer." "Sendori, Inc." "c:\program files (x86)\sendori\sendorisvc.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IconMan_R" "Realtek Card Reader Icon Tool." "Realsil Microelectronics Inc." "c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe"
+ "ioloSystemService" "iolo System component" "iolo technologies, LLC" "c:\program files (x86)\iolo\common\lib\ioloservicemanager.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files (x86)\symantec\liveupdate\lucomserver_3_2.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "lxec_device" "Printer Communication System" " " "c:\windows\system32\lxeccoms.exe"
+ "lxecCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\x64\3\lxecserv.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "NWVZHelper" "NWHelper Module" "Novatel Wireless Inc." "c:\program files (x86)\novatel wireless\verizon\drivers\nwhelper_001.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RoxioNow Service" "Windows Service App" "Roxio" "c:\program files (x86)\roxio\roxionow player\rnowsvc.exe"
+ "SDScannerService" "Offers malware scanning services to Spybot-S&D modules." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe"
+ "SDUpdateService" "Downloads Spybot updates and installs them." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe"
+ "SDWSCService" "Integrates Spybot into the Windows Security Center." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "Service Sendori" "Service Sendori." "sendori" "c:\program files (x86)\sendori\sendori.service.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "sndappv2" "Sets and maintains sndappv2 LSP protection on this computer." "Sendori" "c:\program files (x86)\sendori\sndappv2.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "ElRawDisk" "RawDisk Driver. Allows write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008." "EldoS Corporation" "c:\windows\system32\drivers\elrawdsk.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "netr28x" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28x.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm62x64.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "NWADI" "NWADI Interface Bus Enumerator" "Novatel Wireless Inc" "c:\windows\system32\drivers\nwadienum.sys"
+ "NWUSBCDFIL64" "Novatel Wireless USB CD Filter Driver" "Novatel Wireless Inc." "c:\windows\system32\drivers\nwusbcdfil64.sys"
+ "NWUSBModem_000" "Novatel Wireless USB Modem/Serial Device Driver" "Novatel Wireless Inc." "c:\windows\system32\drivers\nwusbmdm_000.sys"
+ "NWUSBPort2_000" "Novatel Wireless USB Modem/Serial Device Driver" "Novatel Wireless Inc." "c:\windows\system32\drivers\nwusbser2_000.sys"
+ "NWUSBPort_000" "Novatel Wireless USB Modem/Serial Device Driver" "Novatel Wireless Inc." "c:\windows\system32\drivers\nwusbser_000.sys"
+ "PDFsFilter" "Raxco File System Minifilter Driver" "Raxco Software, Inc." "c:\windows\system32\drivers\pdfsfilter.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtspstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "SendoriLSP" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [TCP/IP]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [TCP/IPv6]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [UDP/IP]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [UDP/IPv6]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PDFCreator" "" "" "c:\windows\system32\pdfcmnnt.dll"
+ "Pro800-Pro900 Series Port" "Printer Communication System" " " "c:\windows\system32\lxeclmpm.dll"
 
 
 


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:57 AM

Posted 18 March 2013 - 09:58 AM

Go to control panel-add or remove programs and uninstall

 

Sendori

 

Restart the PC and let me know the current issues



#10 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 18 March 2013 - 06:57 PM

Things seem to be running normally now. 



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:57 AM

Posted 18 March 2013 - 06:58 PM


That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)



#12 Ninegauge

Ninegauge
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 18 March 2013 - 07:28 PM

Thank you so very much for your help!!! 



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:57 AM

Posted 18 March 2013 - 07:35 PM

:welcome:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users