Jump to content

_dan_

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by _dan_

  1. thanks a lot for your help... I'm considering getting the malwarebytes pro now... so that kind of thing don't happen again... such a pain to remove it.
  2. seems to be running ok... Adobe ARM is part of adobe reader right? so just re-download that and install?
  3. ComboFix 11-01-28.01 - Muntgamry 01/28/2011 20:16:02.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.885 [GMT -6:00] Running from: c:\users\Muntgamry\Desktop\ComboFix.exe Command switches used :: c:\users\Muntgamry\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 ))))))))))))))))))))))))))))))) . 2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Mom\AppData\Local\temp 2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Faith\AppData\Local\temp 2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Dani\AppData\Local\temp 2011-01-25 08:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48140ADE-B161-4793-AC7E-8564B3B03F71}\mpengine.dll 2011-01-24 17:44 . 2011-01-24 17:44 -------- d-----w- c:\users\Muntgamry\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE} 2011-01-24 17:34 . 2011-01-24 17:34 -------- d-----w- c:\users\Muntgamry\AppData\Local\Mozilla 2011-01-19 02:16 . 2010-09-24 20:56 303824 ----a-w- c:\windows\system32\ICF.dll 2011-01-19 02:16 . 2010-09-24 20:56 281304 ----a-w- c:\windows\sediag.exe 2011-01-19 02:16 . 2010-09-24 20:56 189952 ----a-w- c:\windows\SERecat.exe 2011-01-19 02:16 . 2010-09-24 20:56 320216 ----a-w- c:\windows\system32\seinst.dll 2011-01-19 02:16 . 2011-01-19 02:59 -------- d-----w- c:\program files\Internet Content Filter 2011-01-18 23:55 . 2011-01-18 23:55 -------- d-----w- c:\users\Muntgamry\AppData\Local\ESET 2011-01-18 23:53 . 2011-01-18 23:53 -------- d-----w- c:\program files\ESET 2011-01-18 16:22 . 2011-01-18 16:22 -------- d-----w- c:\program files\CCleaner 2011-01-04 01:46 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-04 01:46 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-26 09:58 . 2010-12-26 09:58 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin 2010-12-15 16:12 . 2010-05-16 02:44 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2010-12-15 16:12 . 2010-05-16 02:44 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-12-15 16:12 . 2010-05-16 02:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-15 16:12 . 2010-05-16 02:44 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-11-06 07:19 . 2010-11-06 07:19 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-06 07:19 . 2010-11-06 07:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-11-06 07:19 . 2010-11-06 07:19 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-11-04 05:52 . 2010-12-15 19:08 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48 . 2010-12-15 19:08 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41 . 2010-12-15 19:08 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08 . 2010-12-15 19:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41 . 2010-12-15 19:08 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40 . 2010-12-15 19:08 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40 . 2010-12-15 19:08 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39 . 2010-12-15 19:08 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34 . 2010-12-15 19:08 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34 . 2010-12-15 19:08 179712 ----a-w- c:\windows\system32\schtasks.exe . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-19 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X] "CtaMon"="CtaMon.dll" [N/A] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] "ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DRSpawner.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DRSpawner.lnk backup=c:\windows\pss\DRSpawner.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Security Scan.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk backup=c:\windows\pss\Kaspersky Security Scan.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JumiController] 2010-12-15 21:25 2266624 ----a-w- c:\program files\Jumi\jumi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-19 23:11 1242448 ----a-w- c:\program files\Steam\Steam.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-08-14 17408] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-03 1343400] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-15 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-09-24 233472] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688] S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768] . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001Core.job - c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001UA.job - c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006Core.job - c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006UA.job - c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local LSP: c:\windows\System32\icf.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Muntgamry\AppData\Roaming\Mozilla\Firefox\Profiles\351roii5.default\ FF - prefs.js: browser.startup.homepage - google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\ [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\windows\system32\taskhost.exe c:\windows\system32\sppsvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2011-01-28 20:28:55 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-29 02:28 ComboFix2.txt 2011-01-29 01:58 Pre-Run: 136,139,165,696 bytes free Post-Run: 135,829,716,992 bytes free - - End Of File - - 7AC93649DF1E487484686E9FA5F8AB47
  4. ComboFix 11-01-28.01 - Muntgamry 01/28/2011 19:33:54.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1137 [GMT -6:00] Running from: c:\users\Muntgamry\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AntiMalware Pro c:\program files\AntiMalware Pro\E_PMA.dll c:\program files\AntiMalware Pro\unins000.exe c:\program files\Search Toolbar c:\program files\whitesmoketoolbar c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml c:\program files\whitesmoketoolbar\chrome\content\lib\external.js c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html c:\program files\whitesmoketoolbar\chrome\content\preferences.xml c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul c:\program files\whitesmoketoolbar\chrome\content\vmncode.js c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png c:\program files\whitesmoketoolbar\chrome\skin\about.gif c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png c:\program files\whitesmoketoolbar\chrome\skin\blank_png c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png c:\program files\whitesmoketoolbar\chrome\skin\ca.png c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png c:\program files\whitesmoketoolbar\chrome\skin\divider.png c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png c:\program files\whitesmoketoolbar\chrome\skin\email.png c:\program files\whitesmoketoolbar\chrome\skin\email_on.png c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png c:\program files\whitesmoketoolbar\chrome\skin\facebook.png c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png c:\program files\whitesmoketoolbar\chrome\skin\france_png c:\program files\whitesmoketoolbar\chrome\skin\games.png c:\program files\whitesmoketoolbar\chrome\skin\games_png c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png c:\program files\whitesmoketoolbar\chrome\skin\grey.gif c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png c:\program files\whitesmoketoolbar\chrome\skin\images.png c:\program files\whitesmoketoolbar\chrome\skin\italy_png c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png c:\program files\whitesmoketoolbar\chrome\skin\logo.png c:\program files\whitesmoketoolbar\chrome\skin\mail.png c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png c:\program files\whitesmoketoolbar\chrome\skin\modify.png c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png c:\program files\whitesmoketoolbar\chrome\skin\music.png c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png c:\program files\whitesmoketoolbar\chrome\skin\news.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png c:\program files\whitesmoketoolbar\chrome\skin\orange.gif c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png c:\program files\whitesmoketoolbar\chrome\skin\rss.png c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif c:\program files\whitesmoketoolbar\chrome\skin\search-over.png c:\program files\whitesmoketoolbar\chrome\skin\search.png c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png c:\program files\whitesmoketoolbar\chrome\skin\settings.png c:\program files\whitesmoketoolbar\chrome\skin\shopping.png c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png c:\program files\whitesmoketoolbar\chrome\skin\skin.xml c:\program files\whitesmoketoolbar\chrome\skin\spain_png c:\program files\whitesmoketoolbar\chrome\skin\technorati.png c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png c:\program files\whitesmoketoolbar\chrome\skin\translate.png c:\program files\whitesmoketoolbar\chrome\skin\Translate_png c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png c:\program files\whitesmoketoolbar\chrome\skin\usa_png c:\program files\whitesmoketoolbar\chrome\skin\vmn.css c:\program files\whitesmoketoolbar\chrome\skin\vmn.png c:\program files\whitesmoketoolbar\chrome\skin\web.png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif c:\program files\whitesmoketoolbar\chrome\skin\youtube.png c:\program files\whitesmoketoolbar\chrome\skin\zoom.png c:\program files\whitesmoketoolbar\components\windowmediator.js c:\program files\whitesmoketoolbar\manifest.xml c:\program files\whitesmoketoolbar\toolbar.xml c:\program files\whitesmoketoolbar\uninstall.exe c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll c:\users\Muntgamry\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite c:\windows\system32\certstore.dat . ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 ))))))))))))))))))))))))))))))) . 2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Mom\AppData\Local\temp 2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Faith\AppData\Local\temp 2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Dani\AppData\Local\temp 2011-01-25 08:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48140ADE-B161-4793-AC7E-8564B3B03F71}\mpengine.dll 2011-01-24 17:44 . 2011-01-24 17:44 -------- d-----w- c:\users\Muntgamry\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE} 2011-01-24 17:34 . 2011-01-24 17:34 -------- d-----w- c:\users\Muntgamry\AppData\Local\Mozilla 2011-01-19 02:16 . 2010-09-24 20:56 303824 ----a-w- c:\windows\system32\ICF.dll 2011-01-19 02:16 . 2010-09-24 20:56 281304 ----a-w- c:\windows\sediag.exe 2011-01-19 02:16 . 2010-09-24 20:56 189952 ----a-w- c:\windows\SERecat.exe 2011-01-19 02:16 . 2010-09-24 20:56 320216 ----a-w- c:\windows\system32\seinst.dll 2011-01-19 02:16 . 2011-01-19 02:59 -------- d-----w- c:\program files\Internet Content Filter 2011-01-18 23:55 . 2011-01-18 23:55 -------- d-----w- c:\users\Muntgamry\AppData\Local\ESET 2011-01-18 23:53 . 2011-01-18 23:53 -------- d-----w- c:\program files\ESET 2011-01-18 16:22 . 2011-01-18 16:22 -------- d-----w- c:\program files\CCleaner 2011-01-04 01:46 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-04 01:46 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-26 09:58 . 2010-12-26 09:58 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin 2010-12-15 16:12 . 2010-05-16 02:44 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2010-12-15 16:12 . 2010-05-16 02:44 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-12-15 16:12 . 2010-05-16 02:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-15 16:12 . 2010-05-16 02:44 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-11-06 07:19 . 2010-11-06 07:19 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-06 07:19 . 2010-11-06 07:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-11-06 07:19 . 2010-11-06 07:19 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-11-04 05:52 . 2010-12-15 19:08 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48 . 2010-12-15 19:08 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41 . 2010-12-15 19:08 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08 . 2010-12-15 19:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41 . 2010-12-15 19:08 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40 . 2010-12-15 19:08 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40 . 2010-12-15 19:08 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39 . 2010-12-15 19:08 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34 . 2010-12-15 19:08 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34 . 2010-12-15 19:08 179712 ----a-w- c:\windows\system32\schtasks.exe . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Alienware\Alienware TactX Keyboard CI\txkbci .exe c:\program files\Alienware\Command Center\AlienwareAlienFXController .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\DAEMON Tools Lite\DTLite .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Jumi\jumi .exe c:\program files\LogMeIn\x86\LogMeInSystray .exe c:\program files\Microsoft Office\Office14\BCSSync .exe c:\program files\QuickTime\QTTask .exe c:\program files\Steam\Steam .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-19 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X] "CtaMon"="CtaMon.dll" [N/A] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184] "ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DRSpawner.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DRSpawner.lnk backup=c:\windows\pss\DRSpawner.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Security Scan.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk backup=c:\windows\pss\Kaspersky Security Scan.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] c:\program files\DAEMON Tools Lite\DTLite.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JumiController] c:\program files\Jumi\jumi.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] c:\program files\Steam\Steam.exe [N/A] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-08-14 17408] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-03 1343400] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-15 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-09-24 233472] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688] S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768] . Contents of the 'Scheduled Tasks' folder 2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001Core.job - c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001UA.job - c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006Core.job - c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006UA.job - c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local LSP: c:\windows\System32\icf.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Muntgamry\AppData\Roaming\Mozilla\Firefox\Profiles\351roii5.default\ FF - prefs.js: browser.startup.homepage - google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys AddRemove-(Anti_Malware_Pro)_is1 - c:\program files\AntiMalware Pro\unins000.exe AddRemove-Steam App 240 - c:\program files\Steam\steam.exe AddRemove-Steam App 260 - c:\program files\Steam\steam.exe AddRemove-Steam App 32370 - c:\program files\Steam\steam.exe AddRemove-Steam App 32470 - c:\program files\Steam\steam.exe AddRemove-Steam App 38730 - c:\program files\Steam\steam.exe AddRemove-Steam App 400 - c:\program files\Steam\steam.exe AddRemove-Steam App 440 - c:\program files\Steam\steam.exe AddRemove-Steam App 520 - c:\program files\Steam\steam.exe AddRemove-Steam App 550 - c:\program files\Steam\steam.exe AddRemove-Steam App 6020 - c:\program files\Steam\steam.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\ [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-01-28 19:58:31 ComboFix-quarantined-files.txt 2011-01-29 01:58 Pre-Run: 135,909,867,520 bytes free Post-Run: 136,227,753,984 bytes free - - End Of File - - A3F10881753F7C47354B76183097D557
  5. DDS (Ver_10-12-12.02) - NTFSx86 Run by Muntgamry at 19:14:30.10 on Fri 01/28/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1154 [GMT -6:00] AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Internet Content Filter\UpdateService.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Internet Content Filter\SafeEyes.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Users\Muntgamry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Muntgamry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Muntgamry\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll uRun: [Google Update] "c:\users\muntgamry\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe" dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: c:\windows\system32\icf.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\muntga~1\appdata\roaming\mozilla\firefox\profiles\351roii5.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\sony online entertainment\station launcher\npsoe.dll FF - plugin: c:\users\muntgamry\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-11-15 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-15 47640] R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2011-1-18 233472] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 17408] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-3 1343400] =============== Created Last 30 ================ 2011-01-25 22:51:39 -------- d-----w- c:\program files\whitesmoketoolbar 2011-01-25 08:30:14 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{48140ade-b161-4793-ac7e-8564b3b03f71}\mpengine.dll 2011-01-24 17:44:28 -------- d-----w- c:\users\muntga~1\appdata\roaming\{90140011-0062-0409-0000-0000000FF1CE} 2011-01-24 17:34:29 -------- d-----w- c:\users\muntga~1\appdata\local\Mozilla 2011-01-24 17:34:04 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-01-24 17:34:01 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll 2011-01-24 17:34:01 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2011-01-24 17:34:00 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll 2011-01-19 02:16:25 320216 ----a-w- c:\windows\system32\seinst.dll 2011-01-19 02:16:25 303824 ----a-w- c:\windows\system32\ICF.dll 2011-01-19 02:16:25 281304 ----a-w- c:\windows\sediag.exe 2011-01-19 02:16:25 189952 ----a-w- c:\windows\SERecat.exe 2011-01-19 02:16:24 -------- d-----w- c:\program files\Internet Content Filter 2011-01-18 23:55:27 -------- d-----w- c:\users\muntga~1\appdata\local\ESET 2011-01-18 23:53:40 -------- d-----w- c:\program files\ESET 2011-01-18 23:31:14 -------- d-----w- c:\windows\pss 2011-01-18 16:22:06 -------- d-----w- c:\program files\CCleaner 2011-01-04 01:46:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-04 01:46:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-04 00:33:24 -------- d-----w- c:\program files\Search Toolbar ==================== Find3M ==================== 2010-12-15 16:12:03 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-12-15 16:12:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-15 16:12:03 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2010-12-15 16:12:03 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-11-06 07:19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-06 07:19:54 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-11-06 07:19:54 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe ============= FINISH: 19:15:45.57 ===============
  6. Do you want me to post the DDS.txt and Attach.txt?
  7. No. There was skip, quarantine, and delete I believe.
  8. 2011/01/28 18:59:17.0462 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53 2011/01/28 18:59:17.0462 ================================================================================ 2011/01/28 18:59:17.0462 SystemInfo: 2011/01/28 18:59:17.0462 2011/01/28 18:59:17.0462 OS Version: 6.1.7600 ServicePack: 0.0 2011/01/28 18:59:17.0462 Product type: Workstation 2011/01/28 18:59:17.0462 ComputerName: MUNTGAMRY-PC 2011/01/28 18:59:17.0462 UserName: Muntgamry 2011/01/28 18:59:17.0462 Windows directory: C:\Windows 2011/01/28 18:59:17.0462 System windows directory: C:\Windows 2011/01/28 18:59:17.0462 Processor architecture: Intel x86 2011/01/28 18:59:17.0462 Number of processors: 2 2011/01/28 18:59:17.0462 Page size: 0x1000 2011/01/28 18:59:17.0462 Boot type: Normal boot 2011/01/28 18:59:17.0462 ================================================================================ 2011/01/28 18:59:20.0068 Initialize success 2011/01/28 18:59:22.0595 ================================================================================ 2011/01/28 18:59:22.0595 Scan started 2011/01/28 18:59:22.0595 Mode: Manual; 2011/01/28 18:59:22.0595 ================================================================================ 2011/01/28 18:59:23.0063 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/01/28 18:59:23.0141 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/01/28 18:59:23.0172 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/01/28 18:59:23.0203 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/01/28 18:59:23.0266 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/01/28 18:59:23.0328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/01/28 18:59:23.0406 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/01/28 18:59:23.0437 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/01/28 18:59:23.0468 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/01/28 18:59:23.0515 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/01/28 18:59:23.0546 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/01/28 18:59:23.0562 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/01/28 18:59:23.0593 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/01/28 18:59:23.0656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/01/28 18:59:23.0702 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/01/28 18:59:23.0749 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/01/28 18:59:23.0796 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/01/28 18:59:23.0843 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/01/28 18:59:23.0936 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/01/28 18:59:23.0983 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/01/28 18:59:24.0030 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/01/28 18:59:24.0061 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/01/28 18:59:24.0311 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/01/28 18:59:24.0529 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/01/28 18:59:24.0592 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/01/28 18:59:24.0670 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/01/28 18:59:24.0763 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/01/28 18:59:24.0810 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/01/28 18:59:24.0841 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/01/28 18:59:24.0872 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/01/28 18:59:24.0950 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/01/28 18:59:24.0982 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/01/28 18:59:24.0997 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/01/28 18:59:25.0060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/01/28 18:59:25.0106 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/01/28 18:59:25.0184 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/01/28 18:59:25.0216 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/01/28 18:59:25.0278 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/01/28 18:59:25.0325 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/01/28 18:59:25.0450 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/01/28 18:59:25.0481 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/01/28 18:59:25.0528 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/01/28 18:59:25.0574 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/01/28 18:59:25.0621 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/01/28 18:59:25.0668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/01/28 18:59:25.0730 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/01/28 18:59:25.0840 Ctafiltv (a48b5af8e18e4765acdec5bbb8343f84) C:\Windows\system32\drivers\Ctafiltv.sys 2011/01/28 18:59:25.0918 dc3d (4d926450ab184bf42aec1401d264acdc) C:\Windows\system32\DRIVERS\dc3d.sys 2011/01/28 18:59:25.0996 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/01/28 18:59:26.0042 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/01/28 18:59:26.0074 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/01/28 18:59:26.0143 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/01/28 18:59:26.0205 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/01/28 18:59:26.0285 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys 2011/01/28 18:59:26.0411 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/01/28 18:59:26.0556 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys 2011/01/28 18:59:26.0646 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/01/28 18:59:26.0708 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys 2011/01/28 18:59:26.0736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/01/28 18:59:26.0809 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/01/28 18:59:26.0858 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/01/28 18:59:26.0903 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/01/28 18:59:26.0961 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/01/28 18:59:27.0003 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/01/28 18:59:27.0037 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/01/28 18:59:27.0073 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/01/28 18:59:27.0156 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/01/28 18:59:27.0214 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/01/28 18:59:27.0271 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/01/28 18:59:27.0322 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/01/28 18:59:27.0382 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/01/28 18:59:27.0437 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/01/28 18:59:27.0504 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/01/28 18:59:27.0537 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/01/28 18:59:27.0564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/01/28 18:59:27.0592 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/01/28 18:59:27.0621 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/01/28 18:59:27.0655 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/01/28 18:59:27.0725 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/01/28 18:59:27.0772 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/01/28 18:59:27.0834 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/01/28 18:59:27.0866 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/01/28 18:59:27.0897 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/01/28 18:59:27.0944 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/01/28 18:59:28.0006 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/01/28 18:59:28.0037 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/01/28 18:59:28.0084 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/01/28 18:59:28.0131 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/01/28 18:59:28.0178 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/01/28 18:59:28.0209 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/01/28 18:59:28.0271 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/01/28 18:59:28.0334 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/01/28 18:59:28.0412 jumi (ee894427ac0b2b2c2c8b32cb78357dae) C:\Windows\system32\DRIVERS\jumi.sys 2011/01/28 18:59:28.0474 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/01/28 18:59:28.0521 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/01/28 18:59:28.0552 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/01/28 18:59:28.0599 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/01/28 18:59:28.0692 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/01/28 18:59:28.0817 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2011/01/28 18:59:28.0911 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys 2011/01/28 18:59:29.0004 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys 2011/01/28 18:59:29.0082 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/01/28 18:59:29.0129 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/01/28 18:59:29.0176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/01/28 18:59:29.0192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/01/28 18:59:29.0223 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/01/28 18:59:29.0270 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/01/28 18:59:29.0301 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/01/28 18:59:29.0363 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/01/28 18:59:29.0410 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/01/28 18:59:29.0457 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/01/28 18:59:29.0675 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/01/28 18:59:29.0753 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/01/28 18:59:29.0800 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/01/28 18:59:29.0831 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/01/28 18:59:29.0862 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/01/28 18:59:29.0909 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/01/28 18:59:29.0987 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/01/28 18:59:30.0018 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/01/28 18:59:30.0081 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/01/28 18:59:30.0096 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/01/28 18:59:30.0143 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/01/28 18:59:30.0174 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/01/28 18:59:30.0206 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/01/28 18:59:30.0252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/01/28 18:59:30.0268 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/01/28 18:59:30.0284 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/01/28 18:59:30.0330 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/01/28 18:59:30.0377 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/01/28 18:59:30.0393 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/01/28 18:59:30.0424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/01/28 18:59:30.0440 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/01/28 18:59:30.0486 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/01/28 18:59:30.0564 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/01/28 18:59:30.0611 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/01/28 18:59:30.0642 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/01/28 18:59:30.0674 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/01/28 18:59:30.0705 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/01/28 18:59:30.0752 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/01/28 18:59:30.0767 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/01/28 18:59:30.0814 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/01/28 18:59:30.0876 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/01/28 18:59:30.0908 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/01/28 18:59:30.0939 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/01/28 18:59:31.0001 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/01/28 18:59:31.0079 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 2011/01/28 18:59:31.0110 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/01/28 18:59:31.0173 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/01/28 18:59:31.0220 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/01/28 18:59:31.0251 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/01/28 18:59:31.0313 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/01/28 18:59:31.0438 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/01/28 18:59:31.0469 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/01/28 18:59:31.0500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/01/28 18:59:31.0547 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/01/28 18:59:31.0610 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/01/28 18:59:31.0641 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/01/28 18:59:31.0688 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/01/28 18:59:31.0719 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/01/28 18:59:31.0844 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/01/28 18:59:31.0875 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/01/28 18:59:31.0968 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/01/28 18:59:32.0046 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys 2011/01/28 18:59:32.0140 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/01/28 18:59:32.0202 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/01/28 18:59:32.0265 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/01/28 18:59:32.0327 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/01/28 18:59:32.0390 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/01/28 18:59:32.0436 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/01/28 18:59:32.0483 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/01/28 18:59:32.0546 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/01/28 18:59:32.0608 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/01/28 18:59:32.0639 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/01/28 18:59:32.0686 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/01/28 18:59:32.0748 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/01/28 18:59:32.0780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/01/28 18:59:32.0826 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/01/28 18:59:32.0873 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/01/28 18:59:32.0920 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/01/28 18:59:33.0045 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/01/28 18:59:33.0092 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/01/28 18:59:33.0138 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/01/28 18:59:33.0185 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/01/28 18:59:33.0248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/01/28 18:59:33.0341 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/01/28 18:59:33.0404 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/01/28 18:59:33.0450 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/01/28 18:59:33.0544 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/01/28 18:59:33.0575 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/01/28 18:59:33.0591 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/01/28 18:59:33.0622 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/01/28 18:59:33.0700 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys 2011/01/28 18:59:33.0778 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys 2011/01/28 18:59:33.0825 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys 2011/01/28 18:59:33.0887 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys 2011/01/28 18:59:33.0965 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/01/28 18:59:33.0996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/01/28 18:59:34.0028 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/01/28 18:59:34.0059 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/01/28 18:59:34.0106 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/01/28 18:59:34.0199 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/01/28 18:59:34.0199 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/01/28 18:59:34.0199 sptd - detected Locked file (1) 2011/01/28 18:59:34.0262 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/01/28 18:59:34.0324 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/01/28 18:59:34.0371 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/01/28 18:59:34.0464 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/01/28 18:59:34.0511 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/01/28 18:59:34.0589 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/01/28 18:59:34.0636 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/01/28 18:59:34.0854 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/01/28 18:59:34.0995 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/01/28 18:59:35.0088 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/01/28 18:59:35.0120 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/01/28 18:59:35.0151 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/01/28 18:59:35.0182 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/01/28 18:59:35.0260 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/01/28 18:59:35.0369 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/01/28 18:59:35.0400 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/01/28 18:59:35.0432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/01/28 18:59:35.0494 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/01/28 18:59:35.0572 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/01/28 18:59:35.0619 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/01/28 18:59:35.0650 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/01/28 18:59:35.0775 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2011/01/28 18:59:35.0806 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/01/28 18:59:35.0837 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/01/28 18:59:35.0884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/01/28 18:59:35.0931 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/01/28 18:59:35.0978 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/01/28 18:59:36.0009 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/01/28 18:59:36.0056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/01/28 18:59:36.0102 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/01/28 18:59:36.0134 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/01/28 18:59:36.0196 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/01/28 18:59:36.0258 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/01/28 18:59:36.0305 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/01/28 18:59:36.0336 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/01/28 18:59:36.0368 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/01/28 18:59:36.0414 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/01/28 18:59:36.0446 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/01/28 18:59:36.0477 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/01/28 18:59:36.0524 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/01/28 18:59:36.0570 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/01/28 18:59:36.0617 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/01/28 18:59:36.0664 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/01/28 18:59:36.0695 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/01/28 18:59:36.0773 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/01/28 18:59:36.0851 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/01/28 18:59:36.0867 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/28 18:59:36.0898 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/28 18:59:37.0007 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/01/28 18:59:37.0038 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/01/28 18:59:37.0116 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/01/28 18:59:37.0148 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/01/28 18:59:37.0304 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/01/28 18:59:37.0366 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/01/28 18:59:37.0475 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/01/28 18:59:37.0538 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/01/28 18:59:37.0569 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/01/28 18:59:37.0647 ================================================================================ 2011/01/28 18:59:37.0647 Scan finished 2011/01/28 18:59:37.0647 ================================================================================ 2011/01/28 18:59:37.0662 Detected object count: 1 2011/01/28 18:59:50.0782 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/01/28 18:59:50.0798 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/01/28 18:59:50.0829 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot 2011/01/28 18:59:50.0860 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/01/28 18:59:50.0860 Locked file(sptd) - User select action: Delete 2011/01/28 18:59:55.0244 Deinitialize success
  9. 2011/01/28 18:46:14.0244 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53 2011/01/28 18:46:14.0244 ================================================================================ 2011/01/28 18:46:14.0244 SystemInfo: 2011/01/28 18:46:14.0244 2011/01/28 18:46:14.0244 OS Version: 6.1.7600 ServicePack: 0.0 2011/01/28 18:46:14.0244 Product type: Workstation 2011/01/28 18:46:14.0244 ComputerName: MUNTGAMRY-PC 2011/01/28 18:46:14.0244 UserName: Muntgamry 2011/01/28 18:46:14.0244 Windows directory: C:\Windows 2011/01/28 18:46:14.0244 System windows directory: C:\Windows 2011/01/28 18:46:14.0244 Processor architecture: Intel x86 2011/01/28 18:46:14.0244 Number of processors: 2 2011/01/28 18:46:14.0244 Page size: 0x1000 2011/01/28 18:46:14.0244 Boot type: Normal boot 2011/01/28 18:46:14.0244 ================================================================================ 2011/01/28 18:46:18.0222 Initialize success 2011/01/28 18:46:20.0328 ================================================================================ 2011/01/28 18:46:20.0328 Scan started 2011/01/28 18:46:20.0328 Mode: Manual; 2011/01/28 18:46:20.0328 ================================================================================ 2011/01/28 18:46:22.0684 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/01/28 18:46:22.0762 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/01/28 18:46:22.0793 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/01/28 18:46:22.0996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/01/28 18:46:23.0090 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/01/28 18:46:23.0152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/01/28 18:46:23.0230 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/01/28 18:46:23.0308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/01/28 18:46:23.0745 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/01/28 18:46:23.0807 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/01/28 18:46:23.0854 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/01/28 18:46:23.0901 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/01/28 18:46:23.0963 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/01/28 18:46:24.0041 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/01/28 18:46:24.0104 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/01/28 18:46:24.0135 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/01/28 18:46:24.0197 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/01/28 18:46:24.0260 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/01/28 18:46:24.0369 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/01/28 18:46:24.0416 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/01/28 18:46:24.0462 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/01/28 18:46:24.0494 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/01/28 18:46:24.0681 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/01/28 18:46:24.0930 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/01/28 18:46:24.0977 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/01/28 18:46:25.0086 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/01/28 18:46:25.0164 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/01/28 18:46:25.0242 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/01/28 18:46:25.0289 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/01/28 18:46:25.0320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/01/28 18:46:25.0398 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/01/28 18:46:25.0445 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/01/28 18:46:25.0539 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/01/28 18:46:25.0601 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/01/28 18:46:25.0664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/01/28 18:46:25.0710 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/01/28 18:46:25.0835 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/01/28 18:46:25.0898 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/01/28 18:46:25.0960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/01/28 18:46:26.0069 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/01/28 18:46:26.0116 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/01/28 18:46:26.0178 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/01/28 18:46:26.0210 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/01/28 18:46:26.0241 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/01/28 18:46:26.0303 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/01/28 18:46:26.0366 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/01/28 18:46:26.0444 Ctafiltv (a48b5af8e18e4765acdec5bbb8343f84) C:\Windows\system32\drivers\Ctafiltv.sys 2011/01/28 18:46:26.0506 dc3d (4d926450ab184bf42aec1401d264acdc) C:\Windows\system32\DRIVERS\dc3d.sys 2011/01/28 18:46:26.0834 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/01/28 18:46:26.0943 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/01/28 18:46:26.0958 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/01/28 18:46:27.0052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/01/28 18:46:27.0130 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/01/28 18:46:27.0224 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys 2011/01/28 18:46:27.0395 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/01/28 18:46:27.0598 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys 2011/01/28 18:46:27.0738 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/01/28 18:46:27.0816 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys 2011/01/28 18:46:27.0894 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/01/28 18:46:28.0004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/01/28 18:46:28.0066 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/01/28 18:46:28.0128 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/01/28 18:46:28.0175 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/01/28 18:46:28.0222 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/01/28 18:46:28.0300 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/01/28 18:46:28.0378 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/01/28 18:46:28.0503 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/01/28 18:46:28.0612 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/01/28 18:46:28.0690 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/01/28 18:46:28.0784 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/01/28 18:46:28.0815 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/01/28 18:46:28.0862 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/01/28 18:46:28.0940 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/01/28 18:46:28.0986 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/01/28 18:46:29.0033 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/01/28 18:46:29.0064 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/01/28 18:46:29.0111 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/01/28 18:46:29.0142 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/01/28 18:46:29.0236 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/01/28 18:46:29.0283 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/01/28 18:46:29.0361 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/01/28 18:46:29.0470 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/01/28 18:46:29.0579 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/01/28 18:46:29.0782 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/01/28 18:46:29.0891 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/01/28 18:46:29.0938 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/01/28 18:46:30.0063 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/01/28 18:46:30.0359 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/01/28 18:46:30.0406 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/01/28 18:46:30.0656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/01/28 18:46:30.0780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/01/28 18:46:30.0812 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/01/28 18:46:30.0874 jumi (ee894427ac0b2b2c2c8b32cb78357dae) C:\Windows\system32\DRIVERS\jumi.sys 2011/01/28 18:46:30.0905 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/01/28 18:46:30.0999 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/01/28 18:46:31.0046 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/01/28 18:46:31.0108 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/01/28 18:46:31.0217 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/01/28 18:46:31.0342 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 2011/01/28 18:46:31.0420 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys 2011/01/28 18:46:31.0576 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys 2011/01/28 18:46:31.0685 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/01/28 18:46:31.0732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/01/28 18:46:31.0794 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/01/28 18:46:31.0841 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/01/28 18:46:31.0872 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/01/28 18:46:31.0966 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/01/28 18:46:32.0013 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/01/28 18:46:32.0075 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/01/28 18:46:32.0200 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/01/28 18:46:32.0294 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/01/28 18:46:32.0418 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/01/28 18:46:32.0496 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/01/28 18:46:32.0621 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/01/28 18:46:32.0668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/01/28 18:46:32.0762 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/01/28 18:46:32.0840 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/01/28 18:46:32.0871 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/01/28 18:46:32.0933 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/01/28 18:46:32.0980 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/01/28 18:46:33.0027 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/01/28 18:46:33.0120 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/01/28 18:46:33.0183 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/01/28 18:46:33.0230 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/01/28 18:46:33.0292 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/01/28 18:46:33.0370 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/01/28 18:46:33.0417 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/01/28 18:46:33.0479 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/01/28 18:46:33.0838 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/01/28 18:46:33.0994 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/01/28 18:46:34.0025 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/01/28 18:46:34.0041 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/01/28 18:46:34.0103 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/01/28 18:46:34.0181 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/01/28 18:46:34.0259 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/01/28 18:46:34.0290 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/01/28 18:46:34.0337 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/01/28 18:46:34.0368 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/01/28 18:46:34.0462 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/01/28 18:46:34.0478 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/01/28 18:46:34.0540 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/01/28 18:46:34.0634 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/01/28 18:46:34.0680 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/01/28 18:46:34.0774 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/01/28 18:46:34.0883 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/01/28 18:46:35.0070 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 2011/01/28 18:46:35.0148 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/01/28 18:46:35.0195 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/01/28 18:46:35.0226 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/01/28 18:46:35.0289 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/01/28 18:46:35.0398 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/01/28 18:46:35.0492 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/01/28 18:46:35.0570 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/01/28 18:46:35.0616 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/01/28 18:46:35.0679 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/01/28 18:46:35.0710 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/01/28 18:46:36.0178 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/01/28 18:46:36.0240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/01/28 18:46:36.0303 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/01/28 18:46:36.0474 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/01/28 18:46:36.0552 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/01/28 18:46:36.0646 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/01/28 18:46:36.0724 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys 2011/01/28 18:46:36.0818 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/01/28 18:46:36.0880 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/01/28 18:46:36.0927 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/01/28 18:46:36.0974 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/01/28 18:46:37.0020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/01/28 18:46:37.0067 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/01/28 18:46:37.0130 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/01/28 18:46:37.0192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/01/28 18:46:37.0239 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/01/28 18:46:37.0317 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/01/28 18:46:37.0364 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/01/28 18:46:37.0426 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/01/28 18:46:37.0457 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/01/28 18:46:37.0551 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/01/28 18:46:37.0598 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/01/28 18:46:37.0676 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/01/28 18:46:37.0785 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/01/28 18:46:37.0832 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/01/28 18:46:37.0894 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/01/28 18:46:37.0941 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/01/28 18:46:38.0081 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/01/28 18:46:38.0206 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/01/28 18:46:38.0253 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/01/28 18:46:38.0315 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/01/28 18:46:38.0440 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/01/28 18:46:38.0487 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/01/28 18:46:38.0518 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/01/28 18:46:38.0549 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/01/28 18:46:38.0627 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys 2011/01/28 18:46:38.0814 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys 2011/01/28 18:46:38.0877 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys 2011/01/28 18:46:38.0939 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys 2011/01/28 18:46:39.0033 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/01/28 18:46:39.0080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/01/28 18:46:39.0126 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/01/28 18:46:39.0158 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/01/28 18:46:39.0251 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/01/28 18:46:39.0485 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/01/28 18:46:39.0485 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/01/28 18:46:39.0501 sptd - detected Locked file (1) 2011/01/28 18:46:39.0657 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/01/28 18:46:39.0735 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/01/28 18:46:39.0828 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/01/28 18:46:39.0922 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/01/28 18:46:39.0984 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/01/28 18:46:40.0031 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/01/28 18:46:40.0094 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/01/28 18:46:40.0234 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/01/28 18:46:40.0328 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/01/28 18:46:40.0406 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/01/28 18:46:40.0468 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/01/28 18:46:40.0546 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/01/28 18:46:40.0562 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/01/28 18:46:40.0655 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/01/28 18:46:40.0733 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/01/28 18:46:40.0827 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/01/28 18:46:40.0905 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/01/28 18:46:40.0998 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/01/28 18:46:41.0045 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/01/28 18:46:41.0123 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/01/28 18:46:41.0264 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/01/28 18:46:41.0373 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2011/01/28 18:46:41.0420 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/01/28 18:46:41.0451 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/01/28 18:46:41.0498 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/01/28 18:46:41.0544 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/01/28 18:46:41.0591 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/01/28 18:46:41.0638 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/01/28 18:46:41.0669 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/01/28 18:46:41.0716 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/01/28 18:46:41.0763 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/01/28 18:46:41.0825 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/01/28 18:46:41.0872 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/01/28 18:46:41.0919 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/01/28 18:46:41.0997 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/01/28 18:46:42.0106 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/01/28 18:46:42.0168 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/01/28 18:46:42.0215 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/01/28 18:46:42.0278 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/01/28 18:46:42.0324 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/01/28 18:46:42.0387 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/01/28 18:46:42.0449 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/01/28 18:46:42.0527 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/01/28 18:46:42.0558 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/01/28 18:46:42.0636 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/01/28 18:46:42.0730 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/01/28 18:46:42.0933 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/28 18:46:42.0980 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/28 18:46:43.0229 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/01/28 18:46:43.0307 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/01/28 18:46:43.0401 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/01/28 18:46:43.0448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/01/28 18:46:43.0604 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/01/28 18:46:43.0713 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/01/28 18:46:43.0791 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/01/28 18:46:43.0869 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/01/28 18:46:44.0040 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/01/28 18:46:44.0118 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/28 18:46:44.0150 ================================================================================ 2011/01/28 18:46:44.0150 Scan finished 2011/01/28 18:46:44.0150 ================================================================================ 2011/01/28 18:46:44.0165 Detected object count: 2 2011/01/28 18:47:20.0435 Locked file(sptd) - User select action: Skip 2011/01/28 18:47:20.0467 \HardDisk0 - will be cured after reboot 2011/01/28 18:47:20.0467 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/28 18:47:31.0480 Deinitialize success
  10. When I try to remove WhiteSmoke from add/remove programs this pops up. One or more of the WhiteSmoke files are locked by the 'WSTrayDictMode.exe' process. Please switch to this process to close it and try again
  11. DDS (Ver_10-12-12.02) - NTFSx86 Run by Muntgamry at 17:47:17.78 on Fri 01/28/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1134 [GMT -6:00] AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Internet Content Filter\UpdateService.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Internet Content Filter\SafeEyes.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe C:\Program Files\Whitesmoke Translator\WhiteSmokeDictRegistration.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Users\Muntgamry\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll uRun: [Google Update] "c:\users\muntgamry\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe" dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: c:\windows\system32\icf.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\muntga~1\appdata\roaming\mozilla\firefox\profiles\351roii5.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\sony online entertainment\station launcher\npsoe.dll FF - plugin: c:\users\muntgamry\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-15 47640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304] S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 17408] =============== Created Last 30 ================ 2011-01-25 22:51:39 -------- d-----w- c:\program files\whitesmoketoolbar 2011-01-25 22:51:21 -------- d-----w- c:\program files\Whitesmoke Translator 2011-01-25 08:30:14 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{48140ade-b161-4793-ac7e-8564b3b03f71}\mpengine.dll 2011-01-24 17:44:28 -------- d-----w- c:\users\muntga~1\appdata\roaming\{90140011-0062-0409-0000-0000000FF1CE} 2011-01-24 17:34:29 -------- d-----w- c:\users\muntga~1\appdata\local\Mozilla 2011-01-24 17:34:04 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-01-24 17:34:01 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll 2011-01-24 17:34:01 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2011-01-24 17:34:00 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll 2011-01-19 02:16:25 320216 ----a-w- c:\windows\system32\seinst.dll 2011-01-19 02:16:25 303824 ----a-w- c:\windows\system32\ICF.dll 2011-01-19 02:16:25 281304 ----a-w- c:\windows\sediag.exe 2011-01-19 02:16:25 189952 ----a-w- c:\windows\SERecat.exe 2011-01-19 02:16:24 -------- d-----w- c:\program files\Internet Content Filter 2011-01-18 23:55:27 -------- d-----w- c:\users\muntga~1\appdata\local\ESET 2011-01-18 23:53:40 -------- d-----w- c:\program files\ESET 2011-01-18 23:31:14 -------- d-----w- c:\windows\pss 2011-01-18 16:22:06 -------- d-----w- c:\program files\CCleaner 2011-01-04 01:46:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-04 01:46:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-04 00:33:24 -------- d-----w- c:\program files\Search Toolbar ==================== Find3M ==================== 2010-12-15 16:12:03 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-12-15 16:12:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-12-15 16:12:03 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2010-12-15 16:12:03 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-11-06 07:19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-06 07:19:54 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-11-06 07:19:54 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: ST3250820AS rev.3.ADG -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864DE555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864e47b0]; MOV EAX, [0x864e482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x8324E458] -> \Device\Harddisk0\DR0[0x864C0030] 3 CLASSPNP[0x898D459E] -> ntkrnlpa!IofCallDriver[0x8324E458] -> [0x864EFCB0] \Driver\atapi[0x864C5C50] -> IRP_MJ_CREATE -> 0x864DE555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250820AS_____________________________3.ADG___#5&7935f70&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 488281248 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 17:48:34.69 =============== Attach.txt
  12. Hey, I got the Whitesmoke thing on one of my computers, and was trying to find a solution to it... after reading a couple of topics here, It seems that each computer requires a different solution based on the logs? If thats what it is, I'm sorry to bother, but I'd like some help. It seems that just running malwarebytes wont solve it... What are the steps I should follow? thanks, Dan.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.