smart HDD virus infection, malwarebytes PRO not removing it

jeanbean · April 22, 2012

I have read the other posts on this nasty virus and have not been able to remove the virus. I have Malwarebytes PRO installed and updated, it scans, detects 8 items, but the same virus keeps popping up after I reboot. What am I doing wrong?

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 1/7/2009 10:43:41 PM

System Uptime: 4/22/2012 1:34:39 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0NX907

Processor: Intel Pentium II processor | Microprocessor | 1861/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 36.898 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Modem Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000\4&CE4CBCD&0&0102

Manufacturer:

Name: Modem Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000\4&CE4CBCD&0&0102

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Ethernet Controller

Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0

Service:

.

==== System Restore Points ===================

.

RP836: 1/24/2012 10:43:21 AM - System Checkpoint

RP837: 1/25/2012 10:56:51 AM - System Checkpoint

RP838: 1/26/2012 11:44:25 AM - System Checkpoint

RP839: 1/27/2012 12:43:21 PM - System Checkpoint

RP840: 1/28/2012 1:43:20 PM - System Checkpoint

RP841: 1/29/2012 2:46:20 PM - System Checkpoint

RP842: 1/30/2012 3:43:16 PM - System Checkpoint

RP843: 1/31/2012 4:57:18 PM - System Checkpoint

RP844: 2/1/2012 5:38:16 PM - System Checkpoint

RP845: 2/2/2012 5:50:29 PM - System Checkpoint

RP846: 2/3/2012 6:44:24 PM - System Checkpoint

RP847: 2/4/2012 7:43:19 PM - System Checkpoint

RP848: 2/5/2012 8:43:19 PM - System Checkpoint

RP849: 2/6/2012 9:43:24 PM - System Checkpoint

RP850: 2/7/2012 5:00:27 PM - Software Distribution Service 3.0

RP851: 2/8/2012 5:06:41 PM - System Checkpoint

RP852: 2/9/2012 5:43:24 PM - System Checkpoint

RP853: 2/10/2012 6:19:10 PM - System Checkpoint

RP854: 2/11/2012 7:19:11 PM - System Checkpoint

RP855: 2/12/2012 8:19:12 PM - System Checkpoint

RP856: 2/13/2012 9:19:11 PM - System Checkpoint

RP857: 2/14/2012 10:19:10 PM - System Checkpoint

RP858: 2/15/2012 11:19:12 PM - System Checkpoint

RP859: 2/16/2012 5:00:31 PM - Software Distribution Service 3.0

RP860: 2/17/2012 5:33:07 PM - System Checkpoint

RP861: 2/18/2012 6:01:36 PM - System Checkpoint

RP862: 2/19/2012 7:02:41 PM - System Checkpoint

RP863: 2/20/2012 8:01:35 PM - System Checkpoint

RP864: 2/21/2012 8:04:57 PM - System Checkpoint

RP865: 2/22/2012 9:05:02 PM - System Checkpoint

RP866: 2/23/2012 10:04:57 PM - System Checkpoint

RP867: 2/25/2012 8:06:04 AM - System Checkpoint

RP868: 2/26/2012 9:04:58 AM - System Checkpoint

RP869: 2/27/2012 10:04:58 AM - System Checkpoint

RP870: 2/28/2012 10:06:04 AM - System Checkpoint

RP871: 2/29/2012 11:06:02 AM - System Checkpoint

RP872: 3/1/2012 12:04:58 PM - System Checkpoint

RP873: 3/2/2012 12:06:03 PM - System Checkpoint

RP874: 3/3/2012 12:26:53 PM - System Checkpoint

RP875: 3/4/2012 3:37:01 PM - System Checkpoint

RP876: 3/5/2012 3:39:42 PM - System Checkpoint

RP877: 3/6/2012 4:39:41 PM - System Checkpoint

RP878: 3/7/2012 4:40:48 PM - System Checkpoint

RP879: 3/8/2012 8:02:45 PM - System Checkpoint

RP880: 3/9/2012 9:55:13 PM - System Checkpoint

RP881: 3/11/2012 10:08:46 AM - System Checkpoint

RP882: 3/12/2012 7:06:27 PM - System Checkpoint

RP883: 3/14/2012 2:46:33 AM - System Checkpoint

RP884: 3/14/2012 5:00:26 PM - Software Distribution Service 3.0

RP885: 3/15/2012 8:11:54 PM - System Checkpoint

RP886: 3/16/2012 8:13:25 PM - System Checkpoint

RP887: 3/18/2012 7:34:58 AM - System Checkpoint

RP888: 3/19/2012 8:25:16 AM - System Checkpoint

RP889: 3/20/2012 8:41:58 AM - System Checkpoint

RP890: 3/21/2012 9:00:56 AM - System Checkpoint

RP891: 3/22/2012 9:13:17 AM - System Checkpoint

RP892: 3/23/2012 9:59:50 AM - System Checkpoint

RP893: 3/24/2012 10:59:51 AM - System Checkpoint

RP894: 3/25/2012 11:59:49 AM - System Checkpoint

RP895: 3/26/2012 2:22:09 PM - System Checkpoint

RP896: 3/27/2012 2:29:01 PM - System Checkpoint

RP897: 3/28/2012 2:30:04 PM - System Checkpoint

RP898: 3/29/2012 3:28:58 PM - System Checkpoint

RP899: 3/30/2012 4:04:16 PM - System Checkpoint

RP900: 3/31/2012 5:22:52 PM - System Checkpoint

RP901: 4/1/2012 5:54:54 PM - System Checkpoint

RP902: 4/2/2012 6:05:12 PM - System Checkpoint

RP903: 4/3/2012 6:54:55 PM - System Checkpoint

RP904: 4/4/2012 7:54:49 PM - System Checkpoint

RP905: 4/5/2012 8:18:36 PM - System Checkpoint

RP906: 4/6/2012 8:38:02 PM - System Checkpoint

RP907: 4/7/2012 9:38:00 PM - System Checkpoint

RP908: 4/9/2012 10:34:14 AM - System Checkpoint

RP909: 4/10/2012 10:38:01 AM - System Checkpoint

RP910: 4/11/2012 11:38:01 AM - System Checkpoint

RP911: 4/12/2012 1:35:19 PM - System Checkpoint

RP912: 4/12/2012 5:00:32 PM - Software Distribution Service 3.0

RP913: 4/13/2012 5:33:49 PM - System Checkpoint

RP914: 4/14/2012 6:23:53 PM - System Checkpoint

RP915: 4/15/2012 6:34:52 PM - System Checkpoint

RP916: 4/16/2012 10:26:38 PM - System Checkpoint

RP917: 4/17/2012 10:33:47 PM - System Checkpoint

RP918: 4/19/2012 12:17:05 AM - System Checkpoint

RP919: 4/20/2012 12:40:08 AM - System Checkpoint

RP920: 4/21/2012 1:33:50 AM - System Checkpoint

RP921: 4/22/2012 10:03:12 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 7.0.5

Adobe Shockwave Player 11.5

Aloha TriPeaks

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Big Fish Games: Game Manager

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 4.5

Bonjour

Click to Call with Skype

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

CutePDF Writer 2.8

Dell Resource CD

Dell Wireless WLAN Card Utility

Digital Photo Navigator 1.5

EasyBits GO

Everio MediaBrowser

Facebook Plug-In

Google Updater

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

iTunes

KhalInstallWrapper

LG United Mobile Drivers

LimeWire 5.2.13

Luxor 2

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Security Scan Plus

mCore

mDriver

mDrWiFi

MediaDirect

mHlpDell

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft DirectX 9.0 SDK Update (August 2005)

Microsoft Office File Validation Add-In

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Small Business Edition 2003

Microsoft Office Word 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft WinUsb 1.0

Microsoft Works

mIWA

mLogView

mMHouse

MobileMe Control Panel

Move Media Player

Mozilla Firefox 11.0 (x86 en-US)

MP3 Player Utilities 4.18

mPfMgr

mPfWiz

mProSafe

mSCfg

MSN

mSSO

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

mWlsSafe

mWMI

mZConfig

NVIDIA Drivers

OutlookAddinSetup

QuickSet

QuickTime

Roxio Media Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SigmaTel Audio

Skype™ 5.5

StreamTorrent 1.0

TimeLeft

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

vGrabber

WebFldrs XP

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format Runtime

Windows XP Service Pack 3

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

4/22/2012 7:42:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm

4/22/2012 7:41:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/22/2012 7:17:25 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

4/21/2012 7:08:43 PM, error: RemoteAccess [20106] - Unable to add the interface {E5B8C49F-9672-43D5-B364-64CB88009925} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

4/21/2012 7:08:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

4/21/2012 5:46:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Tasha Jacobs at 13:48:15 on 2012-04-22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.316 [GMT -4:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe

C:\WINDOWS\system32\attrib.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg

uInternet Settings,ProxyServer = www.msn.com:80

uInternet Settings,ProxyOverride = <local>;*.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\stsystra.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [cdEaqoYrltbao.exe] c:\documents and settings\all users\application data\cdEaqoYrltbao.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\tashaj~1\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: NoDesktop = 1 (0x1)

IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program files\timeleft3\tlintergie.html - c:\program files\timeleft3\tlintergie.html\inprocserver32 does not exist!

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BCA1C17E-D9C5-41BC-AA1A-26B4C59602F6} : DhcpNameServer = 24.89.0.22 24.89.0.21

TCP: Interfaces\{F5CA31D2-61BB-4F45-8967-BFF155A0C9FD} : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\tasha jacobs\application data\mozilla\firefox\profiles\8rbfrwzu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\tasha jacobs\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\tasha jacobs\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\tasha jacobs\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\tasha jacobs\application data\mozilla\firefox\profiles\8rbfrwzu.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

.

============= SERVICES / DRIVERS ===============

.

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-22 22344]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-22 32072]

.

=============== Created Last 30 ================

.

2012-04-22 17:01:17 221184 ---ha-w- c:\documents and settings\all users\application data\d3cgLnuZ83xxGd.exe

2012-04-22 12:30:50 32072 ---ha-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-22 10:58:55 515330 ---ha-w- c:\windows\system32\PerfStringBackup.TMP

2012-04-21 21:09:08 300032 ---ha-w- c:\documents and settings\all users\application data\cdEaqoYrltbao.exe

2012-04-20 21:50:50 -------- d--h--w- c:\documents and settings\tasha jacobs\application data\StreamTorrent

2012-04-20 21:50:49 -------- d--h--w- c:\program files\StreamTorrent 1.0

2012-04-05 18:01:02 -------- d--h--w- c:\program files\v-Grabber

.

==================== Find3M ====================

.

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ---ha-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ---ha-w- c:\windows\system32\html.iec

2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys

.

============= FINISH: 13:54:13.67 ===============

MrCharlie · April 22, 2012

Welcome to the forum

------->Logs will be closed if you haven't replied within 3 days!<--------

From your DDS scan these are showing and malware related:

C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe

C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe

See if you can delete them......

You'll have to enable hidden files to see them:

http://www.howtogeek...-folders-in-xp/

[*]You may be able to use Malwarebytes FileASSASSIN to delete them.

Just open up MB and choose More Tools > Click run tool

Copy and paste these in one at a time in the "file name" and click open

C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe

C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe

It will ask to reboot > say no

Repeat the process for the next one > now reboot.

---------------------------------

See if following this guide works.

especially RogueKiller..........

See if you can run RogueKiller......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

Let me know........MrC

jeanbean · April 22, 2012

I'm unable to open Malwarebytes anymore. I did it before, in a round about way, but I can't seem to do it again. I keep getting a "run time error 5".

I did the rougekiller and here is the report...

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Tasha Jacobs [Admin rights]

Mode: Scan -- Date: 04/22/2012 17:00:12

¤¤¤ Bad processes: 3 ¤¤¤

[WINDOW : SMART HDD] d3cgLnuZ83xxGd.exe -- C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe -> KILLED [TermProc]

[sUSP PATH] VZWNotiAgent.exe -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc]

[sUSP PATH] cdEaqoYrltbao.exe -- C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 19 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND

[sUSP PATH] HKLM\[...]\Run : cdEaqoYrltbao.exe (C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (www.msn.com:80) -> FOUND

[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++

--- User ---

[MBR] dbd76fe17ce7d74b2edb945fb90cc3ff

[bSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 73194 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · April 22, 2012

Great!

Run RogueKiller again and click scan > when the scan completes

Click on the Bad processes tab and put a check next to these and then uncheck the rest.

Now click Delete in the right hand column.

¤¤¤ Bad processes: 3 ¤¤¤
[WINDOW : SMART HDD] d3cgLnuZ83xxGd.exe -- C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe -> KILLED [TermProc]
[sUSP PATH] cdEaqoYrltbao.exe -- C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe -> KILLED [TermProc]

Do the same for Registry Entries:

¤¤¤ Registry Entries: 19 ¤¤¤
[sUSP PATH] HKLM\[...]\Run : cdEaqoYrltbao.exe (C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe) -> FOUND

Let me know if you can run MB, MrC

jeanbean · April 22, 2012

Progress! I managed to get things almost back to normal. I redid the rougekiller program and deleted the one file from the registry that you suggested. Here is the report.

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Tasha Jacobs [Admin rights]

Mode: Scan -- Date: 04/22/2012 19:19:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (www.msn.com:80) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++

--- User ---

[MBR] dbd76fe17ce7d74b2edb945fb90cc3ff

[bSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 73194 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

MrCharlie · April 22, 2012

Great

Can you Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

jeanbean · April 22, 2012

Yes, it worked! THANK YOU!!!!!

Here is the report...

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.22.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Tasha Jacobs :: SCHOOL-929EE6B6 [administrator]

Protection: Disabled

4/22/2012 7:46:35 PM

mbam-log-2012-04-22 (19-46-35).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 208921

Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · April 23, 2012

OK, the absence of symptoms doesn't mean you're necessarily clean.

I want to run two more programs to see if there's any other malware on the system.

------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

jeanbean · April 23, 2012

Ok. Here is the report...

20:02:35.0343 3004 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

20:02:36.0203 3004 ============================================================

20:02:36.0203 3004 Current date / time: 2012/04/22 20:02:36.0203

20:02:36.0203 3004 SystemInfo:

20:02:36.0203 3004

20:02:36.0203 3004 OS Version: 5.1.2600 ServicePack: 3.0

20:02:36.0203 3004 Product type: Workstation

20:02:36.0203 3004 ComputerName: SCHOOL-929EE6B6

20:02:36.0203 3004 UserName: Tasha Jacobs

20:02:36.0203 3004 Windows directory: C:\WINDOWS

20:02:36.0203 3004 System windows directory: C:\WINDOWS

20:02:36.0203 3004 Processor architecture: Intel x86

20:02:36.0203 3004 Number of processors: 1

20:02:36.0203 3004 Page size: 0x1000

20:02:36.0203 3004 Boot type: Normal boot

20:02:36.0203 3004 ============================================================

20:02:40.0125 3004 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:02:40.0125 3004 \Device\Harddisk0\DR0:

20:02:40.0125 3004 MBR partitions:

20:02:40.0125 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8EF54B3

20:02:40.0250 3004 C: <-> \Device\Harddisk0\DR0\Partition0

20:02:40.0250 3004 Initialize success

20:02:40.0250 3004 ============================================================

20:03:13.0281 2112 ============================================================

20:03:13.0281 2112 Scan started

20:03:13.0281 2112 Mode: Manual; SigCheck; TDLFS;

20:03:13.0281 2112 ============================================================

20:03:13.0546 2112 Abiosdsk - ok

20:03:13.0593 2112 abp480n5 - ok

20:03:13.0640 2112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:03:15.0734 2112 ACPI - ok

20:03:15.0843 2112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:03:16.0000 2112 ACPIEC - ok

20:03:16.0031 2112 adpu160m - ok

20:03:16.0078 2112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:03:16.0218 2112 aec - ok

20:03:16.0281 2112 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys

20:03:16.0296 2112 AegisP ( UnsignedFile.Multi.Generic ) - warning

20:03:16.0296 2112 AegisP - detected UnsignedFile.Multi.Generic (1)

20:03:16.0359 2112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:03:16.0453 2112 AFD - ok

20:03:16.0468 2112 Aha154x - ok

20:03:16.0468 2112 aic78u2 - ok

20:03:16.0500 2112 aic78xx - ok

20:03:16.0546 2112 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

20:03:16.0656 2112 Alerter - ok

20:03:16.0671 2112 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

20:03:16.0796 2112 ALG - ok

20:03:16.0796 2112 AliIde - ok

20:03:16.0812 2112 amsint - ok

20:03:16.0875 2112 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

20:03:16.0890 2112 APPDRV ( UnsignedFile.Multi.Generic ) - warning

20:03:16.0890 2112 APPDRV - detected UnsignedFile.Multi.Generic (1)

20:03:17.0031 2112 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:03:17.0046 2112 Apple Mobile Device - ok

20:03:17.0062 2112 AppMgmt - ok

20:03:17.0109 2112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:03:17.0218 2112 Arp1394 - ok

20:03:17.0234 2112 asc - ok

20:03:17.0250 2112 asc3350p - ok

20:03:17.0250 2112 asc3550 - ok

20:03:17.0359 2112 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:03:17.0375 2112 aspnet_state - ok

20:03:17.0406 2112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:03:17.0515 2112 AsyncMac - ok

20:03:17.0546 2112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:03:17.0671 2112 atapi - ok

20:03:17.0671 2112 Atdisk - ok

20:03:17.0734 2112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:03:17.0843 2112 Atmarpc - ok

20:03:17.0890 2112 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

20:03:18.0000 2112 AudioSrv - ok

20:03:18.0062 2112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:03:18.0187 2112 audstub - ok

20:03:18.0296 2112 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

20:03:18.0500 2112 BCM43XX - ok

20:03:18.0578 2112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:03:18.0718 2112 Beep - ok

20:03:18.0765 2112 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

20:03:18.0937 2112 BITS - ok

20:03:19.0078 2112 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

20:03:19.0093 2112 Bonjour Service - ok

20:03:19.0171 2112 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

20:03:19.0296 2112 Browser - ok

20:03:19.0328 2112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:03:19.0468 2112 cbidf2k - ok

20:03:19.0531 2112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:03:19.0656 2112 CCDECODE - ok

20:03:19.0671 2112 cd20xrnt - ok

20:03:19.0734 2112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:03:19.0875 2112 Cdaudio - ok

20:03:19.0921 2112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:03:20.0046 2112 Cdfs - ok

20:03:20.0078 2112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:03:20.0187 2112 Cdrom - ok

20:03:20.0250 2112 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

20:03:20.0281 2112 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

20:03:20.0281 2112 cercsr6 - detected UnsignedFile.Multi.Generic (1)

20:03:20.0296 2112 Changer - ok

20:03:20.0328 2112 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

20:03:20.0484 2112 CiSvc - ok

20:03:20.0515 2112 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

20:03:20.0609 2112 ClipSrv - ok

20:03:20.0734 2112 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:03:20.0750 2112 clr_optimization_v2.0.50727_32 - ok

20:03:20.0796 2112 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:03:20.0906 2112 CmBatt - ok

20:03:20.0921 2112 CmdIde - ok

20:03:20.0937 2112 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:03:21.0046 2112 Compbatt - ok

20:03:21.0062 2112 COMSysApp - ok

20:03:21.0093 2112 Cpqarray - ok

20:03:21.0140 2112 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

20:03:21.0250 2112 CryptSvc - ok

20:03:21.0265 2112 dac2w2k - ok

20:03:21.0281 2112 dac960nt - ok

20:03:21.0328 2112 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

20:03:21.0421 2112 DcomLaunch - ok

20:03:21.0484 2112 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

20:03:21.0609 2112 Dhcp - ok

20:03:21.0625 2112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:03:21.0734 2112 Disk - ok

20:03:21.0750 2112 dmadmin - ok

20:03:21.0812 2112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:03:21.0984 2112 dmboot - ok

20:03:22.0031 2112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:03:22.0140 2112 dmio - ok

20:03:22.0187 2112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:03:22.0328 2112 dmload - ok

20:03:22.0375 2112 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

20:03:22.0468 2112 dmserver - ok

20:03:22.0515 2112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:03:22.0625 2112 DMusic - ok

20:03:22.0671 2112 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

20:03:22.0781 2112 Dnscache - ok

20:03:22.0843 2112 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

20:03:22.0968 2112 Dot3svc - ok

20:03:22.0984 2112 dpti2o - ok

20:03:23.0046 2112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:03:23.0156 2112 drmkaud - ok

20:03:23.0203 2112 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

20:03:23.0312 2112 EapHost - ok

20:03:23.0375 2112 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

20:03:23.0484 2112 ERSvc - ok

20:03:23.0531 2112 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:03:23.0578 2112 Eventlog - ok

20:03:23.0625 2112 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

20:03:23.0656 2112 EventSystem - ok

20:03:23.0812 2112 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

20:03:23.0843 2112 EvtEng ( UnsignedFile.Multi.Generic ) - warning

20:03:23.0843 2112 EvtEng - detected UnsignedFile.Multi.Generic (1)

20:03:23.0921 2112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:03:24.0046 2112 Fastfat - ok

20:03:24.0078 2112 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:03:24.0156 2112 FastUserSwitchingCompatibility - ok

20:03:24.0203 2112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:03:24.0312 2112 Fdc - ok

20:03:24.0343 2112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:03:24.0468 2112 Fips - ok

20:03:24.0484 2112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:03:24.0593 2112 Flpydisk - ok

20:03:24.0625 2112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:03:24.0718 2112 FltMgr - ok

20:03:24.0843 2112 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:03:24.0859 2112 FontCache3.0.0.0 - ok

20:03:24.0890 2112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:03:25.0031 2112 Fs_Rec - ok

20:03:25.0140 2112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:03:25.0281 2112 Ftdisk - ok

20:03:25.0343 2112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:03:25.0359 2112 GEARAspiWDM - ok

20:03:25.0406 2112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:03:25.0515 2112 Gpc - ok

20:03:25.0625 2112 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:03:25.0640 2112 gusvc - ok

20:03:25.0687 2112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:03:25.0796 2112 HDAudBus - ok

20:03:25.0859 2112 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:03:25.0968 2112 helpsvc - ok

20:03:25.0984 2112 HidServ - ok

20:03:26.0015 2112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:03:26.0125 2112 HidUsb - ok

20:03:26.0187 2112 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

20:03:26.0281 2112 hkmsvc - ok

20:03:26.0296 2112 hpn - ok

20:03:26.0375 2112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:03:26.0421 2112 HTTP - ok

20:03:26.0468 2112 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

20:03:26.0578 2112 HTTPFilter - ok

20:03:26.0593 2112 i2omgmt - ok

20:03:26.0609 2112 i2omp - ok

20:03:26.0640 2112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:03:26.0734 2112 i8042prt - ok

20:03:27.0015 2112 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:03:27.0468 2112 ialm - ok

20:03:27.0625 2112 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:03:27.0640 2112 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:03:27.0640 2112 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:03:27.0750 2112 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:03:27.0843 2112 idsvc - ok

20:03:27.0906 2112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:03:28.0015 2112 Imapi - ok

20:03:28.0062 2112 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

20:03:28.0171 2112 ImapiService - ok

20:03:28.0187 2112 ini910u - ok

20:03:28.0203 2112 IntelIde - ok

20:03:28.0234 2112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:03:28.0328 2112 intelppm - ok

20:03:28.0390 2112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:03:28.0515 2112 Ip6Fw - ok

20:03:28.0578 2112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:03:28.0703 2112 IpFilterDriver - ok

20:03:28.0765 2112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:03:28.0890 2112 IpInIp - ok

20:03:28.0921 2112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:03:29.0031 2112 IpNat - ok

20:03:29.0156 2112 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe

20:03:29.0234 2112 iPod Service - ok

20:03:29.0281 2112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:03:29.0390 2112 IPSec - ok

20:03:29.0437 2112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:03:29.0562 2112 IRENUM - ok

20:03:29.0609 2112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:03:29.0718 2112 isapnp - ok

20:03:29.0734 2112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:03:29.0843 2112 Kbdclass - ok

20:03:29.0890 2112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:03:30.0000 2112 kmixer - ok

20:03:30.0031 2112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:03:30.0125 2112 KSecDD - ok

20:03:30.0156 2112 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

20:03:30.0234 2112 lanmanserver - ok

20:03:30.0296 2112 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

20:03:30.0343 2112 lanmanworkstation - ok

20:03:30.0359 2112 lbrtfdc - ok

20:03:30.0421 2112 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

20:03:30.0531 2112 LmHosts - ok

20:03:30.0578 2112 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

20:03:30.0875 2112 mbamchameleon - ok

20:03:30.0937 2112 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

20:03:30.0953 2112 MBAMProtector - ok

20:03:31.0093 2112 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

20:03:31.0140 2112 MBAMService - ok

20:03:31.0218 2112 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

20:03:31.0234 2112 McComponentHostService - ok

20:03:31.0296 2112 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

20:03:31.0312 2112 MDM - ok

20:03:31.0406 2112 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

20:03:31.0531 2112 Messenger - ok

20:03:31.0578 2112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:03:31.0718 2112 mnmdd - ok

20:03:31.0750 2112 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

20:03:31.0843 2112 mnmsrvc - ok

20:03:31.0906 2112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:03:32.0015 2112 Modem - ok

20:03:32.0062 2112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:03:32.0171 2112 Mouclass - ok

20:03:32.0234 2112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:03:32.0359 2112 mouhid - ok

20:03:32.0406 2112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:03:32.0515 2112 MountMgr - ok

20:03:32.0531 2112 mraid35x - ok

20:03:32.0562 2112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:03:32.0671 2112 MRxDAV - ok

20:03:32.0703 2112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:03:32.0828 2112 MRxSmb - ok

20:03:32.0859 2112 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

20:03:32.0984 2112 MSDTC - ok

20:03:33.0015 2112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:03:33.0125 2112 Msfs - ok

20:03:33.0140 2112 MSIServer - ok

20:03:33.0187 2112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:03:33.0281 2112 MSKSSRV - ok

20:03:33.0328 2112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:03:33.0453 2112 MSPCLOCK - ok

20:03:33.0500 2112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:03:33.0609 2112 MSPQM - ok

20:03:33.0656 2112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:03:33.0765 2112 mssmbios - ok

20:03:33.0812 2112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:03:33.0937 2112 MSTEE - ok

20:03:33.0968 2112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:03:34.0031 2112 Mup - ok

20:03:34.0078 2112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:03:34.0203 2112 NABTSFEC - ok

20:03:34.0265 2112 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

20:03:34.0375 2112 napagent - ok

20:03:34.0406 2112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:03:34.0515 2112 NDIS - ok

20:03:34.0562 2112 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

20:03:34.0687 2112 ndiscm - ok

20:03:34.0750 2112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:03:34.0859 2112 NdisIP - ok

20:03:34.0953 2112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:03:35.0000 2112 NdisTapi - ok

20:03:35.0062 2112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:03:35.0187 2112 Ndisuio - ok

20:03:35.0187 2112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:03:35.0296 2112 NdisWan - ok

20:03:35.0359 2112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:03:35.0437 2112 NDProxy - ok

20:03:35.0484 2112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:03:35.0578 2112 NetBIOS - ok

20:03:35.0609 2112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:03:35.0718 2112 NetBT - ok

20:03:35.0765 2112 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

20:03:35.0859 2112 NetDDE - ok

20:03:35.0875 2112 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

20:03:35.0968 2112 NetDDEdsdm - ok

20:03:36.0000 2112 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:03:36.0109 2112 Netlogon - ok

20:03:36.0156 2112 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

20:03:36.0265 2112 Netman - ok

20:03:37.0109 2112 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:03:37.0125 2112 NetTcpPortSharing - ok

20:03:37.0156 2112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:03:37.0265 2112 NIC1394 - ok

20:03:37.0328 2112 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

20:03:37.0375 2112 Nla - ok

20:03:37.0421 2112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:03:37.0531 2112 Npfs - ok

20:03:37.0578 2112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:03:37.0750 2112 Ntfs - ok

20:03:37.0796 2112 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:03:37.0890 2112 NtLmSsp - ok

20:03:37.0968 2112 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

20:03:38.0093 2112 NtmsSvc - ok

20:03:38.0140 2112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:03:38.0250 2112 Null - ok

20:03:38.0312 2112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:03:38.0437 2112 NwlnkFlt - ok

20:03:38.0468 2112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:03:38.0593 2112 NwlnkFwd - ok

20:03:38.0625 2112 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

20:03:38.0734 2112 NwlnkIpx - ok

20:03:38.0750 2112 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

20:03:38.0859 2112 NwlnkNb - ok

20:03:38.0890 2112 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

20:03:39.0000 2112 NwlnkSpx - ok

20:03:39.0062 2112 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll

20:03:39.0187 2112 NwSapAgent - ok

20:03:39.0234 2112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:03:39.0343 2112 ohci1394 - ok

20:03:39.0453 2112 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:03:39.0453 2112 ose - ok

20:03:39.0484 2112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

20:03:39.0593 2112 Parport - ok

20:03:39.0609 2112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:03:39.0718 2112 PartMgr - ok

20:03:39.0781 2112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:03:39.0875 2112 ParVdm - ok

20:03:39.0937 2112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:03:40.0031 2112 PCI - ok

20:03:40.0046 2112 PCIDump - ok

20:03:40.0078 2112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:03:40.0218 2112 PCIIde - ok

20:03:40.0250 2112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:03:40.0359 2112 Pcmcia - ok

20:03:40.0359 2112 PDCOMP - ok

20:03:40.0375 2112 PDFRAME - ok

20:03:40.0390 2112 PDRELI - ok

20:03:40.0406 2112 PDRFRAME - ok

20:03:40.0421 2112 perc2 - ok

20:03:40.0437 2112 perc2hib - ok

20:03:40.0515 2112 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:03:40.0562 2112 PlugPlay - ok

20:03:40.0578 2112 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:03:40.0687 2112 PolicyAgent - ok

20:03:40.0718 2112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:03:40.0828 2112 PptpMiniport - ok

20:03:40.0843 2112 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:03:40.0937 2112 ProtectedStorage - ok

20:03:40.0953 2112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:03:41.0093 2112 PSched - ok

20:03:41.0140 2112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:03:41.0265 2112 Ptilink - ok

20:03:41.0265 2112 ql1080 - ok

20:03:41.0281 2112 Ql10wnt - ok

20:03:41.0296 2112 ql12160 - ok

20:03:41.0312 2112 ql1240 - ok

20:03:41.0328 2112 ql1280 - ok

20:03:41.0359 2112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:03:41.0468 2112 RasAcd - ok

20:03:41.0515 2112 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

20:03:41.0609 2112 RasAuto - ok

20:03:41.0640 2112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:03:41.0734 2112 Rasl2tp - ok

20:03:41.0781 2112 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

20:03:41.0890 2112 RasMan - ok

20:03:41.0906 2112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:03:42.0031 2112 RasPppoe - ok

20:03:42.0046 2112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:03:42.0171 2112 Raspti - ok

20:03:42.0203 2112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:03:42.0296 2112 Rdbss - ok

20:03:42.0312 2112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:03:42.0421 2112 RDPCDD - ok

20:03:42.0500 2112 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

20:03:42.0546 2112 RDPWD - ok

20:03:42.0593 2112 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

20:03:42.0703 2112 RDSessMgr - ok

20:03:42.0734 2112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:03:42.0828 2112 redbook - ok

20:03:42.0968 2112 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

20:03:43.0000 2112 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

20:03:43.0000 2112 RegSrvc - detected UnsignedFile.Multi.Generic (1)

20:03:43.0046 2112 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

20:03:43.0171 2112 RemoteAccess - ok

20:03:43.0234 2112 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

20:03:43.0296 2112 rimmptsk - ok

20:03:43.0312 2112 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

20:03:43.0375 2112 rimsptsk - ok

20:03:43.0406 2112 RimUsb - ok

20:03:43.0468 2112 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

20:03:43.0562 2112 RimVSerPort - ok

20:03:43.0593 2112 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

20:03:43.0609 2112 rismxdp - ok

20:03:43.0656 2112 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

20:03:43.0781 2112 ROOTMODEM - ok

20:03:43.0828 2112 RoxLiveShare9 - ok

20:03:43.0875 2112 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

20:03:44.0000 2112 RpcLocator - ok

20:03:44.0062 2112 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

20:03:44.0125 2112 RpcSs - ok

20:03:44.0203 2112 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

20:03:44.0312 2112 RSVP - ok

20:03:44.0421 2112 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

20:03:44.0515 2112 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

20:03:44.0515 2112 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

20:03:44.0546 2112 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys

20:03:44.0546 2112 s24trans ( UnsignedFile.Multi.Generic ) - warning

20:03:44.0546 2112 s24trans - detected UnsignedFile.Multi.Generic (1)

20:03:44.0593 2112 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:03:44.0687 2112 SamSs - ok

20:03:44.0734 2112 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

20:03:44.0859 2112 SCardSvr - ok

20:03:44.0921 2112 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

20:03:45.0031 2112 Schedule - ok

20:03:45.0062 2112 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

20:03:45.0156 2112 sdbus - ok

20:03:45.0203 2112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:03:45.0328 2112 Secdrv - ok

20:03:45.0359 2112 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

20:03:45.0468 2112 seclogon - ok

20:03:45.0500 2112 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

20:03:45.0593 2112 SENS - ok

20:03:45.0625 2112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

20:03:45.0734 2112 Serial - ok

20:03:45.0781 2112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:03:45.0890 2112 Sfloppy - ok

20:03:45.0953 2112 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

20:03:46.0062 2112 SharedAccess - ok

20:03:46.0109 2112 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:03:46.0109 2112 ShellHWDetection - ok

20:03:46.0125 2112 Simbad - ok

20:03:46.0171 2112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:03:46.0296 2112 SLIP - ok

20:03:46.0359 2112 SMNDIS5 - ok

20:03:46.0375 2112 Sparrow - ok

20:03:46.0390 2112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:03:46.0500 2112 splitter - ok

20:03:46.0546 2112 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:03:46.0625 2112 Spooler - ok

20:03:46.0656 2112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:03:46.0765 2112 sr - ok

20:03:46.0812 2112 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

20:03:46.0906 2112 srservice - ok

20:03:46.0968 2112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:03:47.0046 2112 Srv - ok

20:03:47.0093 2112 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

20:03:47.0203 2112 SSDPSRV - ok

20:03:47.0296 2112 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

20:03:47.0437 2112 STHDA - ok

20:03:47.0484 2112 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

20:03:47.0609 2112 stisvc - ok

20:03:47.0671 2112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:03:47.0765 2112 streamip - ok

20:03:47.0796 2112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:03:47.0906 2112 swenum - ok

20:03:47.0953 2112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:03:48.0062 2112 swmidi - ok

20:03:48.0078 2112 SwPrv - ok

20:03:48.0093 2112 symc810 - ok

20:03:48.0109 2112 symc8xx - ok

20:03:48.0125 2112 sym_hi - ok

20:03:48.0140 2112 sym_u3 - ok

20:03:48.0187 2112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:03:48.0296 2112 sysaudio - ok

20:03:48.0390 2112 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

20:03:48.0500 2112 SysmonLog - ok

20:03:48.0546 2112 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

20:03:48.0656 2112 TapiSrv - ok

20:03:48.0703 2112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:03:48.0750 2112 Tcpip - ok

20:03:48.0843 2112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:03:48.0953 2112 TDPIPE - ok

20:03:48.0984 2112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:03:49.0093 2112 TDTCP - ok

20:03:49.0140 2112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:03:49.0234 2112 TermDD - ok

20:03:49.0281 2112 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

20:03:49.0375 2112 TermService - ok

20:03:49.0437 2112 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:03:49.0453 2112 Themes - ok

20:03:49.0453 2112 TosIde - ok

20:03:49.0484 2112 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

20:03:49.0593 2112 TrkWks - ok

20:03:49.0625 2112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:03:49.0734 2112 Udfs - ok

20:03:49.0750 2112 ultra - ok

20:03:49.0781 2112 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe

20:03:49.0828 2112 UMWdf - ok

20:03:49.0906 2112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:03:50.0031 2112 Update - ok

20:03:50.0078 2112 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

20:03:50.0187 2112 upnphost - ok

20:03:50.0218 2112 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

20:03:50.0312 2112 UPS - ok

20:03:50.0390 2112 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:03:50.0406 2112 USBAAPL - ok

20:03:50.0453 2112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:03:50.0578 2112 usbaudio - ok

20:03:50.0625 2112 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

20:03:50.0734 2112 usbbus - ok

20:03:50.0765 2112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:03:50.0875 2112 usbccgp - ok

20:03:50.0906 2112 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

20:03:50.0937 2112 UsbDiag - ok

20:03:50.0984 2112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:03:51.0109 2112 usbehci - ok

20:03:51.0156 2112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:03:51.0265 2112 usbhub - ok

20:03:51.0296 2112 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

20:03:51.0296 2112 USBModem - ok

20:03:51.0343 2112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:03:51.0468 2112 usbprint - ok

20:03:51.0484 2112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:03:51.0593 2112 usbscan - ok

20:03:51.0656 2112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:03:51.0765 2112 USBSTOR - ok

20:03:51.0796 2112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:03:51.0890 2112 usbuhci - ok

20:03:51.0953 2112 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:03:52.0062 2112 usbvideo - ok

20:03:52.0093 2112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:03:52.0203 2112 VgaSave - ok

20:03:52.0218 2112 ViaIde - ok

20:03:52.0265 2112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:03:52.0359 2112 VolSnap - ok

20:03:52.0421 2112 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

20:03:52.0546 2112 VSS - ok

20:03:52.0578 2112 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

20:03:52.0703 2112 W32Time - ok

20:03:52.0734 2112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:03:52.0828 2112 Wanarp - ok

20:03:52.0843 2112 WDICA - ok

20:03:52.0890 2112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:03:52.0984 2112 wdmaud - ok

20:03:53.0031 2112 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

20:03:53.0156 2112 WebClient - ok

20:03:53.0265 2112 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:03:53.0375 2112 winmgmt - ok

20:03:53.0546 2112 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

20:03:53.0562 2112 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning

20:03:53.0562 2112 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)

20:03:53.0578 2112 wltrysvc - ok

20:03:53.0640 2112 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll

20:03:53.0671 2112 WmdmPmSN - ok

20:03:53.0734 2112 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:03:53.0828 2112 WmiAcpi - ok

20:03:53.0906 2112 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:03:54.0015 2112 WmiApSrv - ok

20:03:54.0046 2112 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

20:03:54.0078 2112 WpdUsb - ok

20:03:54.0140 2112 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:03:54.0265 2112 WS2IFSL - ok

20:03:54.0312 2112 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

20:03:54.0453 2112 wscsvc - ok

20:03:54.0515 2112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:03:54.0593 2112 WSTCODEC - ok

20:03:54.0656 2112 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

20:03:54.0750 2112 wuauserv - ok

20:03:54.0812 2112 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:03:54.0859 2112 WudfPf - ok

20:03:54.0921 2112 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:03:54.0953 2112 WudfRd - ok

20:03:55.0000 2112 WudfSvc (db5bf5aab72b1b99b5331231d09ebb26) C:\WINDOWS\System32\WUDFSvc.dll

20:03:55.0031 2112 WudfSvc - ok

20:03:55.0093 2112 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

20:03:55.0218 2112 WZCSVC - ok

20:03:55.0375 2112 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

20:03:55.0500 2112 xmlprov - ok

20:03:55.0531 2112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:03:55.0859 2112 \Device\Harddisk0\DR0 - ok

20:03:55.0875 2112 Boot (0x1200) (766637c154896451eaace5df5584fefe) \Device\Harddisk0\DR0\Partition0

20:03:55.0875 2112 \Device\Harddisk0\DR0\Partition0 - ok

20:03:55.0875 2112 ============================================================

20:03:55.0875 2112 Scan finished

20:03:55.0875 2112 ============================================================

20:03:55.0984 3988 Detected object count: 9

20:03:55.0984 3988 Actual detected object count: 9

20:06:37.0265 3988 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0265 3988 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0265 3988 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0265 3988 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0265 3988 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0265 3988 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0265 3988 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0265 3988 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0265 3988 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0265 3988 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0265 3988 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0265 3988 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0281 3988 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0281 3988 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0281 3988 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0281 3988 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:06:37.0281 3988 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user

20:06:37.0281 3988 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:08:28.0156 2148 Deinitialize success

MrCharlie · April 23, 2012

Last one......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

jeanbean · April 23, 2012

Ok. I will paste the log below. Unfortunately, I accidentally downloaded something called "download manager" and "PC Speed Maximizer". Were they supposed to install with the combofix?

Here is the log...

ComboFix 12-04-22.02 - Tasha Jacobs 04/22/2012 20:55:07.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.131 [GMT -4:00]

Running from: c:\documents and settings\Tasha Jacobs\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\program files\Internet Explorer\SETBB.tmp

c:\program files\Internet Explorer\SETBC.tmp

c:\program files\Internet Explorer\SETBE.tmp

c:\program files\Luxor 2

c:\program files\Luxor 2\3rdparty.gvf

c:\program files\Luxor 2\activation_info.xml

c:\program files\Luxor 2\assets\splashscreen.jpg

c:\program files\Luxor 2\bfgstate.xml

c:\program files\Luxor 2\data.mjz

c:\program files\Luxor 2\DSETUP.dll

c:\program files\Luxor 2\engine.dll

c:\program files\Luxor 2\file.dll

c:\program files\Luxor 2\fmodex.dll

c:\program files\Luxor 2\gfx.dll

c:\program files\Luxor 2\gfx_dd7.dll

c:\program files\Luxor 2\gfx_dx8.dll

c:\program files\Luxor 2\img_jpg.dll

c:\program files\Luxor 2\img_png.dll

c:\program files\Luxor 2\img_tga.dll

c:\program files\Luxor 2\LaunchGame.bfg

c:\program files\Luxor 2\locale\english.mjz

c:\program files\Luxor 2\logger.dll

c:\program files\Luxor 2\Luxor 2.exe

c:\program files\Luxor 2\pics\175x150.swf

c:\program files\Luxor 2\pics\60x40.jpg

c:\program files\Luxor 2\pics\80x80.jpg

c:\program files\Luxor 2\pics\feature.jpg

c:\program files\Luxor 2\platform.dll

c:\program files\Luxor 2\Read_Me.html

c:\program files\Luxor 2\snd3d.dll

c:\program files\Luxor 2\snd3d_fmod.dll

c:\program files\Luxor 2\thread.dll

c:\program files\Luxor 2\Uninstall.exe

c:\program files\Luxor 2\UnlockGame.bfg

c:\program files\Luxor 2\wxrgvcj.exe

C:\Setup.exe

c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK

c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK

c:\windows\system32\SETC8.tmp

c:\windows\system32\SETC9.tmp

c:\windows\system32\SETCB.tmp

c:\windows\system32\SETCC.tmp

c:\windows\system32\SETCD.tmp

c:\windows\system32\SETCE.tmp

c:\windows\system32\SETCF.tmp

c:\windows\system32\SETD1.tmp

c:\windows\system32\SETD3.tmp

c:\windows\system32\SETD4.tmp

c:\windows\system32\SETD5.tmp

c:\windows\system32\SETD8.tmp

c:\windows\system32\SETD9.tmp

c:\windows\system32\SETDC.tmp

c:\windows\system32\SETDD.tmp

c:\windows\system32\SETDF.tmp

c:\windows\system32\SETE2.tmp

c:\windows\system32\SETE3.tmp

c:\windows\system32\SETE4.tmp

c:\windows\system32\SETE5.tmp

c:\windows\system32\SETE6.tmp

c:\windows\system32\SETE7.tmp

c:\windows\system32\SETEB.tmp

c:\windows\system32\SETEC.tmp

c:\windows\system32\SETED.tmp

c:\windows\system32\SETEE.tmp

c:\windows\system32\SETEF.tmp

c:\windows\system32\SETF0.tmp

c:\windows\system32\SETF1.tmp

c:\windows\system32\SETF2.tmp

c:\windows\system32\SETF3.tmp

c:\windows\system32\SETF4.tmp

c:\windows\system32\SETF5.tmp

c:\windows\system32\SETF7.tmp

c:\windows\system32\SETF8.tmp

c:\windows\system32\SETF9.tmp

c:\windows\system32\SETFA.tmp

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

2012-04-23 01:00 . 2012-04-23 01:00 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\PC Speed Maximizer

2012-04-23 00:40 . 2012-04-23 01:04 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\Free Download Manager

2012-04-23 00:40 . 2012-04-23 00:40 -------- d-----w- c:\program files\PC Speed Maximizer

2012-04-23 00:40 . 2012-04-23 00:40 -------- d-----w- c:\program files\Free Download Manager

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\I Want This

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\program files\I Want This

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\blekkotb_soc

2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\program files\blekkotb_soc

2012-04-23 00:35 . 2012-04-23 00:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-22 20:30 . 2012-04-22 20:30 32072 ----a-w- c:\windows\system32\drivers\48230029.sys

2012-04-22 12:30 . 2012-04-22 12:30 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-22 11:40 . 2012-04-22 11:41 -------- d-----w- c:\documents and settings\Administrator

2012-04-22 10:58 . 2012-04-22 12:46 515330 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-04-20 21:50 . 2012-04-20 21:50 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\StreamTorrent

2012-04-20 21:50 . 2012-04-20 21:50 -------- d-----w- c:\program files\StreamTorrent 1.0

2012-04-05 18:01 . 2012-04-05 18:01 -------- d-----w- c:\program files\v-Grabber

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2011-07-22 11:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-03-17 12:13 . 2011-10-15 11:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]

2012-03-14 19:42 85288 ----a-w- c:\program files\blekkotb_soc\blekkotb_019X.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288]

.

[HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-9-19 541976]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/22/2011 7:34 AM 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/22/2011 7:34 AM 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/22/2012 8:35 PM 40776]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/22/2012 8:30 AM 32072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 48758298

*NewlyCreated* - 70615840

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - 48758298

*Deregistered* - 70615840

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]

.

2012-04-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 16:19]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&tbp=homepage

uInternet Settings,ProxyServer = www.msn.com:80

uInternet Settings,ProxyOverride = <local>;*.local

IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor=

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-PC Speed Maximizer - c:\program files\PC Speed Maximizer\SPMStarter.exe

HKCU-Run-SPMTray - c:\program files\PC Speed Maximizer\SPMTray.exe

AddRemove-BFG-Luxor 2 - c:\program files\Luxor 2\Uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-22 21:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(680)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2012-04-22 21:10:36

ComboFix-quarantined-files.txt 2012-04-23 01:10

.

Pre-Run: 44,077,273,088 bytes free

Post-Run: 45,798,854,656 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8C096B8ECFD99186F8948CFA0C2E179D

MrCharlie · April 23, 2012

BTW: The TDSSKiller scan was clean...just some unsigned files.

-------------------------------------------

c:\program files\Luxor 2<---what was this program and did you install it?

Ok. I will paste the log below. Unfortunately, I accidentally downloaded something called "download manager" and "PC Speed Maximizer". Were they supposed to install with the combofix?

How did you do that?

See if you can uninstall from control panels add/remove programs:

PC Speed Maximizer

Free Download Manager

I Want This <-----what is this, was downloaded and installed at same time as the other two

These too! all new!!

c:\documents and settings\Tasha Jacobs\Application Data\PC Speed Maximizer
c:\documents and settings\Tasha Jacobs\Application Data\Free Download Manager
c:\program files\PC Speed Maximizer
c:\program files\Free Download Manager
c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\I Want This
c:\program files\I Want This
c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\Tasha Jacobs\Application Data\blekkotb_soc
c:\program files\blekkotb_soc

-------------------------------------

StreamTorrent<---using P2P programs like this is one reason you got infected and will continue to!

Let me know what you want to do with them, I suggest we uninstall or delete them all.

MrC

jeanbean · April 23, 2012

Why did they download? Don't know. I clicked on ComboFix, was redirected to the download page and after the wizard finished the download manager program opened. ??? I hit the back button on my browser to confirm that the download was for combofix and that is what the page said. I clicked a second time and then the correct program downloaded.

I have uninstalled and deleted them. The stream torrent program was from my hubby, who streams hockey games. The luxor program is a game, not sure why it's on there, we don't use this computer for anything other than email, pandora and the occasional hockey game.

Thank you again for all of your help!!!!!

Jeannine

jeanbean · April 23, 2012

Ugh.... not sure if this is related, but now my speakers don't work. It says the driver is not installed and when I use the wizard to find one, it says error code 10.

MrCharlie · April 23, 2012

ComboFix creates a restore point just before it runs, please use it to restore things.

We'll manually delete some of those bad files.

MrC

jeanbean · April 23, 2012

Ok, that worked. I didn't see any of the "bad" files go back on, just the Torrent program, which I uninstalled again. Speakers are working.

You have been such a great help!!! Only other question is that I found two "shortcuts" to the program smart HDD. One was in the start menu, under programs. Deleted it. The other was a quick start icon on my tool bar, deleted it too. They did not return after I rebooted. Is there anything else I should do?

Jeannine

MrCharlie · April 23, 2012

Yes........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

jeanbean · April 23, 2012

otl file...

OTL logfile created on: 4/23/2012 8:03:23 AM - Run 1

OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Tasha Jacobs\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 106.23 Mb Available Physical Memory | 10.48% Memory free

2.38 Gb Paging File | 1.65 Gb Available in Paging File | 69.22% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.48 Gb Total Space | 42.45 Gb Free Space | 59.39% Space Free | Partition Type: NTFS

Computer Name: SCHOOL-929EE6B6 | User Name: Tasha Jacobs | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 08:01:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/17 08:13:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/10 14:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

PRC - [2007/02/21 15:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/02/21 15:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007/02/21 15:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/17 08:13:31 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/12/02 12:57:07 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll

MOD - [2008/10/24 22:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll

MOD - [2008/10/24 22:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

MOD - [2007/02/21 15:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2007/02/21 15:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TASHAJ~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/04/22 20:35:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/04/22 08:30:50 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2008/10/24 22:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2007/05/10 14:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/02/21 15:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/11/15 04:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/14 23:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/14 21:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2004/09/29 16:36:29 | 000,015,360 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)

DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&tbp=homepage

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/TOOLBARNAMESPACE/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&q={searchTerms}

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.msn.com:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"

FF - prefs.js..browser.search.selectedEngine: "Blekko"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153

FF - prefs.js..extensions.enabledItems: GameTapPlayer@gametap.com:4.4.0.8

FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor="

FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/22 18:18:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/22 18:18:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks [2009/10/02 18:41:45 | 000,000,000 | ---D | M]

[2009/01/08 23:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Extensions

[2012/04/23 07:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions

[2012/02/03 11:22:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/03/22 13:06:03 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/04/08 23:02:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}(2)

[2009/04/08 23:00:20 | 000,000,000 | ---D | M] ("Upromise TurboSaver") -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\FFToolbar@upromise(2)

[2011/08/06 15:51:14 | 000,000,000 | ---D | M] (GameTap) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\GameTapPlayer@gametap.com

[2009/04/09 19:55:00 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\searchplugins\google-scholar.xml

[2012/04/23 07:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/10/02 18:41:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOVE NETWORKS

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8RBFRWZU.DEFAULT\EXTENSIONS\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8RBFRWZU.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM

[2012/03/17 08:13:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/04/22 20:39:30 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

[2011/11/10 18:40:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/22 21:06:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCA1C17E-D9C5-41BC-AA1A-26B4C59602F6}: DhcpNameServer = 24.89.0.22 24.89.0.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CA31D2-61BB-4F45-8967-BFF155A0C9FD}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/01/07 23:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 08:02:03 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe

[2012/04/23 07:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel

[2012/04/23 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Start Menu\Programs\vGrabber

[2012/04/23 07:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber

[2012/04/23 07:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/04/23 07:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Desktop\Unused Desktop Shortcuts

[2012/04/23 07:18:13 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/04/23 07:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/04/23 06:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Desktop\Anti-Virus Programs

[2012/04/23 06:00:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/04/22 21:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Application Data\InstallShield

[2012/04/22 21:10:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/04/22 20:52:54 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/22 20:43:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/22 20:43:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/22 20:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/22 20:43:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/22 20:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/22 20:43:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/22 20:42:42 | 004,472,002 | R--- | C] (Swearware) -- C:\Documents and Settings\Tasha Jacobs\Desktop\ComboFix.exe

[2012/04/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager

[2012/04/22 20:37:22 | 000,340,296 | ---- | C] (AirInstaller Inc.) -- C:\Documents and Settings\Tasha Jacobs\Desktop\setup.exe

[2012/04/22 20:35:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/04/22 20:01:57 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tasha Jacobs\Desktop\tdsskiller.exe

[2012/04/22 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/22 16:51:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tasha Jacobs\Recent

[2012/04/22 08:49:06 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Tasha Jacobs\Desktop\unhide.exe

[2012/04/22 07:32:35 | 010,062,736 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tasha Jacobs\Desktop\mbam-consumer.exe

[2012/04/20 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Application Data\StreamTorrent

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/23 08:01:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe

[2012/04/23 07:25:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/23 07:10:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/22 21:06:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/22 20:53:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/04/22 20:42:45 | 004,472,002 | R--- | M] (Swearware) -- C:\Documents and Settings\Tasha Jacobs\Desktop\ComboFix.exe

[2012/04/22 20:37:18 | 000,340,296 | ---- | M] (AirInstaller Inc.) -- C:\Documents and Settings\Tasha Jacobs\Desktop\setup.exe

[2012/04/22 20:35:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/04/22 20:02:28 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tasha Jacobs\Desktop\tdsskiller.exe

[2012/04/22 18:45:20 | 001,280,512 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\RogueKiller.exe

[2012/04/22 18:29:08 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/04/22 18:26:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/04/22 18:03:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/22 16:52:55 | 000,002,427 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2012/04/22 16:50:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/04/22 16:30:59 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys

[2012/04/22 12:44:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\mbam.context.scan

[2012/04/22 11:38:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/04/22 08:30:50 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/04/22 08:02:32 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Tasha Jacobs\Desktop\unhide.exe

[2012/04/22 07:32:49 | 010,062,736 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tasha Jacobs\Desktop\mbam-consumer.exe

[2012/04/21 17:50:23 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/21 17:50:23 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/16 14:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/04/12 17:04:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/04/05 14:01:37 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\vGrabber.lnk

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 21:01:58 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012/04/22 20:53:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/04/22 20:52:56 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/04/22 20:43:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/22 20:43:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/22 20:43:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/22 20:43:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/22 20:43:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/22 18:45:22 | 001,280,512 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\RogueKiller.exe

[2012/04/22 18:26:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/04/22 18:26:16 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/04/22 18:03:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/22 16:30:59 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys

[2012/04/22 12:44:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\mbam.context.scan

[2012/04/22 08:30:50 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/04/22 08:28:51 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/04/22 08:28:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/04/22 08:28:51 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/04/22 08:28:51 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/04/22 08:28:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/04/22 08:28:51 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2012/04/22 08:28:51 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/04/22 08:28:50 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[2012/04/22 08:28:50 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2012/04/22 08:28:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2012/04/22 08:28:47 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk

[2012/04/05 14:01:36 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\vGrabber.lnk

[2012/02/16 14:00:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/06/08 23:55:30 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2010/12/23 13:34:32 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/17 12:12:24 | 000,067,328 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/03 15:36:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2012/04/23 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2009/03/24 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2011/06/23 10:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO

[2009/01/12 01:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2012/04/23 07:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX

[2010/03/19 07:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2011/08/07 19:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2009/02/17 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/09/19 21:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA

[2010/03/25 06:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2010/10/28 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/26 19:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/01/11 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

[2009/04/08 22:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\DMCache

[2009/02/23 13:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\DriverCure

[2010/04/18 13:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook

[2009/04/17 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\GetRightToGo

[2012/04/22 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\go

[2009/04/08 23:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\IDM

[2009/01/11 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\iolo

[2009/02/17 18:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\SecondLife

[2009/09/25 20:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Smith Micro

[2012/04/20 17:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\StreamTorrent

[2009/02/14 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Template

[2010/02/26 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Uniblue

[2009/04/08 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\uTorrent

========== Purity Check ==========

< End of report >

Extras File...

OTL Extras logfile created on: 4/23/2012 8:03:23 AM - Run 1

OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Tasha Jacobs\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 106.23 Mb Available Physical Memory | 10.48% Memory free

2.38 Gb Paging File | 1.65 Gb Available in Paging File | 69.22% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.48 Gb Total Space | 42.45 Gb Free Space | 59.39% Space Free | Partition Type: NTFS

Computer Name: SCHOOL-929EE6B6 | User Name: Tasha Jacobs | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{966A491F-8970-44E0-AC4E-9C845D9013EC}" = Microsoft DirectX 9.0 SDK Update (August 2005)

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5

"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Aloha TriPeaks" = Aloha TriPeaks

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Google Updater" = Google Updater

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"LimeWire" = LimeWire 5.2.13

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"MSNINST" = MSN

"NVIDIA Drivers" = NVIDIA Drivers

"ProInst" = Intel® PROSet/Wireless Software

"vGrabber" = vGrabber

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

MrCharlie · April 23, 2012

I don't see any anti-virus on the system??

You can always install Microsoft Security Essentials:

http://windows.micro...rity-essentials

--------------------

Did you run unhide.exe and are all your folders and shortcuts visible?

----------------------

There's one suspicious file showing:

C:\WINDOWS\System32\drivers\48230029.sys

Can you locate it and then upload it to VirusTotal for a free scan.

Let me know the results > just copy back the url

You may have to enable hidden files to see it:

http://www.howtogeek...-folders-in-xp/

http://www.virustotal.com/

Let me know, MrC

jeanbean · April 23, 2012

Yes, I did the unhide program and I can see all my files.

Here is the result of the scan... https://www.virustotal.com/file/461bc4f8e0696fab82f742e364acc0050a63a27e7987687355fe74288741b940/analysis/1335192090/

I only have Malwatebytes pro installed on this computer. I will also install the security essentials.

MrCharlie · April 23, 2012

OK, you're all set to go

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

LDTate · April 24, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

smart HDD virus infection, malwarebytes PRO not removing it

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information