_dan_
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by _dan_
-
-
seems to be running ok...
Adobe ARM is part of adobe reader right? so just re-download that and install?
-
ComboFix 11-01-28.01 - Muntgamry 01/28/2011 20:16:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.885 [GMT -6:00]
Running from: c:\users\Muntgamry\Desktop\ComboFix.exe
Command switches used :: c:\users\Muntgamry\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.
2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Mom\AppData\Local\temp
2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Faith\AppData\Local\temp
2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-29 02:23 . 2011-01-29 02:23 -------- d-----w- c:\users\Dani\AppData\Local\temp
2011-01-25 08:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48140ADE-B161-4793-AC7E-8564B3B03F71}\mpengine.dll
2011-01-24 17:44 . 2011-01-24 17:44 -------- d-----w- c:\users\Muntgamry\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
2011-01-24 17:34 . 2011-01-24 17:34 -------- d-----w- c:\users\Muntgamry\AppData\Local\Mozilla
2011-01-19 02:16 . 2010-09-24 20:56 303824 ----a-w- c:\windows\system32\ICF.dll
2011-01-19 02:16 . 2010-09-24 20:56 281304 ----a-w- c:\windows\sediag.exe
2011-01-19 02:16 . 2010-09-24 20:56 189952 ----a-w- c:\windows\SERecat.exe
2011-01-19 02:16 . 2010-09-24 20:56 320216 ----a-w- c:\windows\system32\seinst.dll
2011-01-19 02:16 . 2011-01-19 02:59 -------- d-----w- c:\program files\Internet Content Filter
2011-01-18 23:55 . 2011-01-18 23:55 -------- d-----w- c:\users\Muntgamry\AppData\Local\ESET
2011-01-18 23:53 . 2011-01-18 23:53 -------- d-----w- c:\program files\ESET
2011-01-18 16:22 . 2011-01-18 16:22 -------- d-----w- c:\program files\CCleaner
2011-01-04 01:46 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 01:46 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-26 09:58 . 2010-12-26 09:58 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-15 16:12 . 2010-05-16 02:44 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-15 16:12 . 2010-05-16 02:44 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-15 16:12 . 2010-05-16 02:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-15 16:12 . 2010-05-16 02:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-06 07:19 . 2010-11-06 07:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 07:19 . 2010-11-06 07:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-06 07:19 . 2010-11-06 07:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-04 05:52 . 2010-12-15 19:08 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 19:08 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 19:08 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 19:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 19:08 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 19:08 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 19:08 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 19:08 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 19:08 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 19:08 179712 ----a-w- c:\windows\system32\schtasks.exe
.
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
</pre>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-19 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"CtaMon"="CtaMon.dll" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DRSpawner.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DRSpawner.lnk
backup=c:\windows\pss\DRSpawner.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
backup=c:\windows\pss\Kaspersky Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JumiController]
2010-12-15 21:25 2266624 ----a-w- c:\program files\Jumi\jumi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-19 23:11 1242448 ----a-w- c:\program files\Steam\Steam.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-08-14 17408]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-03 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-15 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-09-24 233472]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
Contents of the 'Scheduled Tasks' folder
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001Core.job
- c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001UA.job
- c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006Core.job
- c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006UA.job
- c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\System32\icf.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Muntgamry\AppData\Roaming\Mozilla\Firefox\Profiles\351roii5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-01-28 20:28:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-29 02:28
ComboFix2.txt 2011-01-29 01:58
Pre-Run: 136,139,165,696 bytes free
Post-Run: 135,829,716,992 bytes free
- - End Of File - - 7AC93649DF1E487484686E9FA5F8AB47
-
ComboFix 11-01-28.01 - Muntgamry 01/28/2011 19:33:54.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1137 [GMT -6:00]
Running from: c:\users\Muntgamry\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AntiMalware Pro
c:\program files\AntiMalware Pro\E_PMA.dll
c:\program files\AntiMalware Pro\unins000.exe
c:\program files\Search Toolbar
c:\program files\whitesmoketoolbar
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png
c:\program files\whitesmoketoolbar\chrome\skin\about.gif
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png
c:\program files\whitesmoketoolbar\chrome\skin\blank_png
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png
c:\program files\whitesmoketoolbar\chrome\skin\ca.png
c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png
c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png
c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png
c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png
c:\program files\whitesmoketoolbar\chrome\skin\divider.png
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png
c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png
c:\program files\whitesmoketoolbar\chrome\skin\email.png
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png
c:\program files\whitesmoketoolbar\chrome\skin\france_png
c:\program files\whitesmoketoolbar\chrome\skin\games.png
c:\program files\whitesmoketoolbar\chrome\skin\games_png
c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png
c:\program files\whitesmoketoolbar\chrome\skin\images.png
c:\program files\whitesmoketoolbar\chrome\skin\italy_png
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png
c:\program files\whitesmoketoolbar\chrome\skin\logo.png
c:\program files\whitesmoketoolbar\chrome\skin\mail.png
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png
c:\program files\whitesmoketoolbar\chrome\skin\modify.png
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png
c:\program files\whitesmoketoolbar\chrome\skin\music.png
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css
c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png
c:\program files\whitesmoketoolbar\chrome\skin\news.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png
c:\program files\whitesmoketoolbar\chrome\skin\rss.png
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png
c:\program files\whitesmoketoolbar\chrome\skin\search.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\whitesmoketoolbar\chrome\skin\settings.png
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml
c:\program files\whitesmoketoolbar\chrome\skin\spain_png
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png
c:\program files\whitesmoketoolbar\chrome\skin\translate.png
c:\program files\whitesmoketoolbar\chrome\skin\Translate_png
c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png
c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png
c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png
c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png
c:\program files\whitesmoketoolbar\chrome\skin\usa_png
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png
c:\program files\whitesmoketoolbar\chrome\skin\web.png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png
c:\program files\whitesmoketoolbar\components\windowmediator.js
c:\program files\whitesmoketoolbar\manifest.xml
c:\program files\whitesmoketoolbar\toolbar.xml
c:\program files\whitesmoketoolbar\uninstall.exe
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll
c:\users\Muntgamry\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite
c:\windows\system32\certstore.dat
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.
2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Mom\AppData\Local\temp
2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Faith\AppData\Local\temp
2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-29 01:45 . 2011-01-29 01:45 -------- d-----w- c:\users\Dani\AppData\Local\temp
2011-01-25 08:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48140ADE-B161-4793-AC7E-8564B3B03F71}\mpengine.dll
2011-01-24 17:44 . 2011-01-24 17:44 -------- d-----w- c:\users\Muntgamry\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
2011-01-24 17:34 . 2011-01-24 17:34 -------- d-----w- c:\users\Muntgamry\AppData\Local\Mozilla
2011-01-19 02:16 . 2010-09-24 20:56 303824 ----a-w- c:\windows\system32\ICF.dll
2011-01-19 02:16 . 2010-09-24 20:56 281304 ----a-w- c:\windows\sediag.exe
2011-01-19 02:16 . 2010-09-24 20:56 189952 ----a-w- c:\windows\SERecat.exe
2011-01-19 02:16 . 2010-09-24 20:56 320216 ----a-w- c:\windows\system32\seinst.dll
2011-01-19 02:16 . 2011-01-19 02:59 -------- d-----w- c:\program files\Internet Content Filter
2011-01-18 23:55 . 2011-01-18 23:55 -------- d-----w- c:\users\Muntgamry\AppData\Local\ESET
2011-01-18 23:53 . 2011-01-18 23:53 -------- d-----w- c:\program files\ESET
2011-01-18 16:22 . 2011-01-18 16:22 -------- d-----w- c:\program files\CCleaner
2011-01-04 01:46 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 01:46 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-26 09:58 . 2010-12-26 09:58 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-15 16:12 . 2010-05-16 02:44 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-15 16:12 . 2010-05-16 02:44 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-15 16:12 . 2010-05-16 02:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-15 16:12 . 2010-05-16 02:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-06 07:19 . 2010-11-06 07:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 07:19 . 2010-11-06 07:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-06 07:19 . 2010-11-06 07:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-04 05:52 . 2010-12-15 19:08 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 19:08 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 19:08 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 19:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 19:08 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 19:08 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 19:08 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 19:08 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 19:08 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 19:08 179712 ----a-w- c:\windows\system32\schtasks.exe
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Alienware\Alienware TactX Keyboard CI\txkbci .exe
c:\program files\Alienware\Command Center\AlienwareAlienFXController .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DAEMON Tools Lite\DTLite .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Jumi\jumi .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Microsoft Office\Office14\BCSSync .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Steam\Steam .exe
</pre>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-19 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"CtaMon"="CtaMon.dll" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DRSpawner.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DRSpawner.lnk
backup=c:\windows\pss\DRSpawner.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
backup=c:\windows\pss\Kaspersky Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\DTLite.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JumiController]
c:\program files\Jumi\jumi.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\Steam\Steam.exe [N/A]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-08-14 17408]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-03 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-15 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2010-09-24 233472]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
Contents of the 'Scheduled Tasks' folder
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001Core.job
- c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1001UA.job
- c:\users\Muntgamry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 03:33]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006Core.job
- c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23]
2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786660553-4176653562-2110547222-1006UA.job
- c:\users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-11 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\System32\icf.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Muntgamry\AppData\Roaming\Mozilla\Firefox\Profiles\351roii5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
AddRemove-(Anti_Malware_Pro)_is1 - c:\program files\AntiMalware Pro\unins000.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 260 - c:\program files\Steam\steam.exe
AddRemove-Steam App 32370 - c:\program files\Steam\steam.exe
AddRemove-Steam App 32470 - c:\program files\Steam\steam.exe
AddRemove-Steam App 38730 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Steam App 520 - c:\program files\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files\Steam\steam.exe
AddRemove-Steam App 6020 - c:\program files\Steam\steam.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,f0,d2,3a,ff,cf,4b,4d,b0,ec,3a,\
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-28 19:58:31
ComboFix-quarantined-files.txt 2011-01-29 01:58
Pre-Run: 135,909,867,520 bytes free
Post-Run: 136,227,753,984 bytes free
- - End Of File - - A3F10881753F7C47354B76183097D557
-
DDS (Ver_10-12-12.02) - NTFSx86
Run by Muntgamry at 19:14:30.10 on Fri 01/28/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1154 [GMT -6:00]
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Muntgamry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Muntgamry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Muntgamry\Desktop\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
uRun: [Google Update] "c:\users\muntgamry\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\icf.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\muntga~1\appdata\roaming\mozilla\firefox\profiles\351roii5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony online entertainment\station launcher\npsoe.dll
FF - plugin: c:\users\muntgamry\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-11-15 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-15 47640]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2011-1-18 233472]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 17408]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-3 1343400]
=============== Created Last 30 ================
2011-01-25 22:51:39 -------- d-----w- c:\program files\whitesmoketoolbar
2011-01-25 08:30:14 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{48140ade-b161-4793-ac7e-8564b3b03f71}\mpengine.dll
2011-01-24 17:44:28 -------- d-----w- c:\users\muntga~1\appdata\roaming\{90140011-0062-0409-0000-0000000FF1CE}
2011-01-24 17:34:29 -------- d-----w- c:\users\muntga~1\appdata\local\Mozilla
2011-01-24 17:34:04 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-01-24 17:34:01 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-01-24 17:34:01 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-01-24 17:34:00 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-01-19 02:16:25 320216 ----a-w- c:\windows\system32\seinst.dll
2011-01-19 02:16:25 303824 ----a-w- c:\windows\system32\ICF.dll
2011-01-19 02:16:25 281304 ----a-w- c:\windows\sediag.exe
2011-01-19 02:16:25 189952 ----a-w- c:\windows\SERecat.exe
2011-01-19 02:16:24 -------- d-----w- c:\program files\Internet Content Filter
2011-01-18 23:55:27 -------- d-----w- c:\users\muntga~1\appdata\local\ESET
2011-01-18 23:53:40 -------- d-----w- c:\program files\ESET
2011-01-18 23:31:14 -------- d-----w- c:\windows\pss
2011-01-18 16:22:06 -------- d-----w- c:\program files\CCleaner
2011-01-04 01:46:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 01:46:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 00:33:24 -------- d-----w- c:\program files\Search Toolbar
==================== Find3M ====================
2010-12-15 16:12:03 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-15 16:12:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-15 16:12:03 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-15 16:12:03 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-06 07:19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 07:19:54 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-06 07:19:54 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
============= FINISH: 19:15:45.57 ===============
-
Do you want me to post the DDS.txt and Attach.txt?
-
No. There was skip, quarantine, and delete I believe.
-
2011/01/28 18:59:17.0462 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/28 18:59:17.0462 ================================================================================
2011/01/28 18:59:17.0462 SystemInfo:
2011/01/28 18:59:17.0462
2011/01/28 18:59:17.0462 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/28 18:59:17.0462 Product type: Workstation
2011/01/28 18:59:17.0462 ComputerName: MUNTGAMRY-PC
2011/01/28 18:59:17.0462 UserName: Muntgamry
2011/01/28 18:59:17.0462 Windows directory: C:\Windows
2011/01/28 18:59:17.0462 System windows directory: C:\Windows
2011/01/28 18:59:17.0462 Processor architecture: Intel x86
2011/01/28 18:59:17.0462 Number of processors: 2
2011/01/28 18:59:17.0462 Page size: 0x1000
2011/01/28 18:59:17.0462 Boot type: Normal boot
2011/01/28 18:59:17.0462 ================================================================================
2011/01/28 18:59:20.0068 Initialize success
2011/01/28 18:59:22.0595 ================================================================================
2011/01/28 18:59:22.0595 Scan started
2011/01/28 18:59:22.0595 Mode: Manual;
2011/01/28 18:59:22.0595 ================================================================================
2011/01/28 18:59:23.0063 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/28 18:59:23.0141 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/28 18:59:23.0172 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/28 18:59:23.0203 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/28 18:59:23.0266 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/28 18:59:23.0328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/28 18:59:23.0406 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/28 18:59:23.0437 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/28 18:59:23.0468 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/28 18:59:23.0515 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/28 18:59:23.0546 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/28 18:59:23.0562 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/28 18:59:23.0593 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/28 18:59:23.0656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/28 18:59:23.0702 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/28 18:59:23.0749 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/28 18:59:23.0796 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/28 18:59:23.0843 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/28 18:59:23.0936 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/28 18:59:23.0983 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/28 18:59:24.0030 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/28 18:59:24.0061 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/28 18:59:24.0311 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/28 18:59:24.0529 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/28 18:59:24.0592 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/28 18:59:24.0670 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/28 18:59:24.0763 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/28 18:59:24.0810 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/28 18:59:24.0841 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/28 18:59:24.0872 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/28 18:59:24.0950 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/28 18:59:24.0982 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/28 18:59:24.0997 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/28 18:59:25.0060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/28 18:59:25.0106 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/28 18:59:25.0184 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/28 18:59:25.0216 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/28 18:59:25.0278 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/28 18:59:25.0325 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/28 18:59:25.0450 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/28 18:59:25.0481 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/28 18:59:25.0528 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/28 18:59:25.0574 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/28 18:59:25.0621 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/28 18:59:25.0668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/28 18:59:25.0730 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/28 18:59:25.0840 Ctafiltv (a48b5af8e18e4765acdec5bbb8343f84) C:\Windows\system32\drivers\Ctafiltv.sys
2011/01/28 18:59:25.0918 dc3d (4d926450ab184bf42aec1401d264acdc) C:\Windows\system32\DRIVERS\dc3d.sys
2011/01/28 18:59:25.0996 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/28 18:59:26.0042 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/28 18:59:26.0074 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/28 18:59:26.0143 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/28 18:59:26.0205 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/28 18:59:26.0285 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys
2011/01/28 18:59:26.0411 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/28 18:59:26.0556 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/01/28 18:59:26.0646 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/28 18:59:26.0708 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/01/28 18:59:26.0736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/28 18:59:26.0809 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/28 18:59:26.0858 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/28 18:59:26.0903 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/28 18:59:26.0961 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/28 18:59:27.0003 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/28 18:59:27.0037 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/28 18:59:27.0073 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/28 18:59:27.0156 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/28 18:59:27.0214 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/28 18:59:27.0271 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/28 18:59:27.0322 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/28 18:59:27.0382 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/28 18:59:27.0437 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/28 18:59:27.0504 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/28 18:59:27.0537 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/28 18:59:27.0564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/28 18:59:27.0592 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/28 18:59:27.0621 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/28 18:59:27.0655 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/28 18:59:27.0725 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/28 18:59:27.0772 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/28 18:59:27.0834 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/28 18:59:27.0866 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/28 18:59:27.0897 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/28 18:59:27.0944 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/28 18:59:28.0006 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/28 18:59:28.0037 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/28 18:59:28.0084 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/28 18:59:28.0131 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/28 18:59:28.0178 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/28 18:59:28.0209 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/28 18:59:28.0271 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/28 18:59:28.0334 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/28 18:59:28.0412 jumi (ee894427ac0b2b2c2c8b32cb78357dae) C:\Windows\system32\DRIVERS\jumi.sys
2011/01/28 18:59:28.0474 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/28 18:59:28.0521 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/28 18:59:28.0552 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/28 18:59:28.0599 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/28 18:59:28.0692 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/28 18:59:28.0817 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/01/28 18:59:28.0911 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/01/28 18:59:29.0004 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/01/28 18:59:29.0082 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/28 18:59:29.0129 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/28 18:59:29.0176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/28 18:59:29.0192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/28 18:59:29.0223 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/28 18:59:29.0270 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/28 18:59:29.0301 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/28 18:59:29.0363 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/28 18:59:29.0410 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/28 18:59:29.0457 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/28 18:59:29.0675 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/28 18:59:29.0753 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/28 18:59:29.0800 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/28 18:59:29.0831 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/28 18:59:29.0862 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/28 18:59:29.0909 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/28 18:59:29.0987 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/28 18:59:30.0018 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/28 18:59:30.0081 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/28 18:59:30.0096 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/28 18:59:30.0143 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/28 18:59:30.0174 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/28 18:59:30.0206 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/28 18:59:30.0252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/28 18:59:30.0268 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/28 18:59:30.0284 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/28 18:59:30.0330 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/28 18:59:30.0377 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/28 18:59:30.0393 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/28 18:59:30.0424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/28 18:59:30.0440 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/28 18:59:30.0486 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/28 18:59:30.0564 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/28 18:59:30.0611 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/28 18:59:30.0642 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/28 18:59:30.0674 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/28 18:59:30.0705 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/28 18:59:30.0752 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/28 18:59:30.0767 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/28 18:59:30.0814 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/28 18:59:30.0876 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/28 18:59:30.0908 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/28 18:59:30.0939 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/28 18:59:31.0001 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/28 18:59:31.0079 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/01/28 18:59:31.0110 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/28 18:59:31.0173 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/28 18:59:31.0220 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/28 18:59:31.0251 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/28 18:59:31.0313 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/28 18:59:31.0438 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/28 18:59:31.0469 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/28 18:59:31.0500 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/28 18:59:31.0547 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/28 18:59:31.0610 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/28 18:59:31.0641 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/28 18:59:31.0688 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/28 18:59:31.0719 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/28 18:59:31.0844 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/28 18:59:31.0875 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/28 18:59:31.0968 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/28 18:59:32.0046 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/01/28 18:59:32.0140 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/28 18:59:32.0202 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/28 18:59:32.0265 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/28 18:59:32.0327 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/28 18:59:32.0390 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/28 18:59:32.0436 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/28 18:59:32.0483 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/28 18:59:32.0546 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/28 18:59:32.0608 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/28 18:59:32.0639 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/28 18:59:32.0686 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/28 18:59:32.0748 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/28 18:59:32.0780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/28 18:59:32.0826 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/28 18:59:32.0873 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/28 18:59:32.0920 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/28 18:59:33.0045 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/28 18:59:33.0092 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/28 18:59:33.0138 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/28 18:59:33.0185 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/28 18:59:33.0248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/28 18:59:33.0341 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/28 18:59:33.0404 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/28 18:59:33.0450 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/28 18:59:33.0544 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/28 18:59:33.0575 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/28 18:59:33.0591 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/28 18:59:33.0622 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/28 18:59:33.0700 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/01/28 18:59:33.0778 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/01/28 18:59:33.0825 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/01/28 18:59:33.0887 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/01/28 18:59:33.0965 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/28 18:59:33.0996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/28 18:59:34.0028 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/28 18:59:34.0059 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/28 18:59:34.0106 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/28 18:59:34.0199 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/01/28 18:59:34.0199 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/28 18:59:34.0199 sptd - detected Locked file (1)
2011/01/28 18:59:34.0262 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/28 18:59:34.0324 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/28 18:59:34.0371 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/28 18:59:34.0464 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/28 18:59:34.0511 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/28 18:59:34.0589 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/28 18:59:34.0636 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/28 18:59:34.0854 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/28 18:59:34.0995 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/28 18:59:35.0088 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/28 18:59:35.0120 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/28 18:59:35.0151 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/28 18:59:35.0182 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/28 18:59:35.0260 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/28 18:59:35.0369 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/28 18:59:35.0400 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/28 18:59:35.0432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/28 18:59:35.0494 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/28 18:59:35.0572 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/28 18:59:35.0619 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/28 18:59:35.0650 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/28 18:59:35.0775 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/28 18:59:35.0806 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/01/28 18:59:35.0837 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/28 18:59:35.0884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/28 18:59:35.0931 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/28 18:59:35.0978 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/28 18:59:36.0009 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/28 18:59:36.0056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/28 18:59:36.0102 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/28 18:59:36.0134 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/28 18:59:36.0196 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/28 18:59:36.0258 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/28 18:59:36.0305 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/28 18:59:36.0336 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/28 18:59:36.0368 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/28 18:59:36.0414 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/28 18:59:36.0446 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/28 18:59:36.0477 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/28 18:59:36.0524 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/28 18:59:36.0570 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/28 18:59:36.0617 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/28 18:59:36.0664 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/28 18:59:36.0695 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/28 18:59:36.0773 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/01/28 18:59:36.0851 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/28 18:59:36.0867 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/28 18:59:36.0898 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/28 18:59:37.0007 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/28 18:59:37.0038 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/28 18:59:37.0116 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/28 18:59:37.0148 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/28 18:59:37.0304 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/28 18:59:37.0366 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/28 18:59:37.0475 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/28 18:59:37.0538 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/28 18:59:37.0569 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/28 18:59:37.0647 ================================================================================
2011/01/28 18:59:37.0647 Scan finished
2011/01/28 18:59:37.0647 ================================================================================
2011/01/28 18:59:37.0662 Detected object count: 1
2011/01/28 18:59:50.0782 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/01/28 18:59:50.0798 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/01/28 18:59:50.0829 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2011/01/28 18:59:50.0860 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/01/28 18:59:50.0860 Locked file(sptd) - User select action: Delete
2011/01/28 18:59:55.0244 Deinitialize success
-
2011/01/28 18:46:14.0244 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/28 18:46:14.0244 ================================================================================
2011/01/28 18:46:14.0244 SystemInfo:
2011/01/28 18:46:14.0244
2011/01/28 18:46:14.0244 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/28 18:46:14.0244 Product type: Workstation
2011/01/28 18:46:14.0244 ComputerName: MUNTGAMRY-PC
2011/01/28 18:46:14.0244 UserName: Muntgamry
2011/01/28 18:46:14.0244 Windows directory: C:\Windows
2011/01/28 18:46:14.0244 System windows directory: C:\Windows
2011/01/28 18:46:14.0244 Processor architecture: Intel x86
2011/01/28 18:46:14.0244 Number of processors: 2
2011/01/28 18:46:14.0244 Page size: 0x1000
2011/01/28 18:46:14.0244 Boot type: Normal boot
2011/01/28 18:46:14.0244 ================================================================================
2011/01/28 18:46:18.0222 Initialize success
2011/01/28 18:46:20.0328 ================================================================================
2011/01/28 18:46:20.0328 Scan started
2011/01/28 18:46:20.0328 Mode: Manual;
2011/01/28 18:46:20.0328 ================================================================================
2011/01/28 18:46:22.0684 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/28 18:46:22.0762 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/28 18:46:22.0793 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/28 18:46:22.0996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/28 18:46:23.0090 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/28 18:46:23.0152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/28 18:46:23.0230 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/28 18:46:23.0308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/28 18:46:23.0745 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/28 18:46:23.0807 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/28 18:46:23.0854 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/28 18:46:23.0901 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/28 18:46:23.0963 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/28 18:46:24.0041 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/28 18:46:24.0104 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/28 18:46:24.0135 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/28 18:46:24.0197 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/28 18:46:24.0260 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/28 18:46:24.0369 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/28 18:46:24.0416 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/28 18:46:24.0462 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/28 18:46:24.0494 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/28 18:46:24.0681 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/28 18:46:24.0930 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/28 18:46:24.0977 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/28 18:46:25.0086 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/28 18:46:25.0164 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/28 18:46:25.0242 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/28 18:46:25.0289 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/28 18:46:25.0320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/28 18:46:25.0398 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/28 18:46:25.0445 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/28 18:46:25.0539 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/28 18:46:25.0601 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/28 18:46:25.0664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/28 18:46:25.0710 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/28 18:46:25.0835 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/28 18:46:25.0898 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/28 18:46:25.0960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/28 18:46:26.0069 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/28 18:46:26.0116 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/28 18:46:26.0178 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/28 18:46:26.0210 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/28 18:46:26.0241 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/28 18:46:26.0303 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/28 18:46:26.0366 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/28 18:46:26.0444 Ctafiltv (a48b5af8e18e4765acdec5bbb8343f84) C:\Windows\system32\drivers\Ctafiltv.sys
2011/01/28 18:46:26.0506 dc3d (4d926450ab184bf42aec1401d264acdc) C:\Windows\system32\DRIVERS\dc3d.sys
2011/01/28 18:46:26.0834 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/28 18:46:26.0943 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/28 18:46:26.0958 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/28 18:46:27.0052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/28 18:46:27.0130 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/28 18:46:27.0224 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys
2011/01/28 18:46:27.0395 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/28 18:46:27.0598 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/01/28 18:46:27.0738 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/28 18:46:27.0816 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/01/28 18:46:27.0894 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/28 18:46:28.0004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/28 18:46:28.0066 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/28 18:46:28.0128 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/28 18:46:28.0175 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/28 18:46:28.0222 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/28 18:46:28.0300 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/28 18:46:28.0378 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/28 18:46:28.0503 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/28 18:46:28.0612 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/28 18:46:28.0690 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/28 18:46:28.0784 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/28 18:46:28.0815 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/28 18:46:28.0862 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/28 18:46:28.0940 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/28 18:46:28.0986 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/28 18:46:29.0033 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/28 18:46:29.0064 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/28 18:46:29.0111 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/28 18:46:29.0142 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/28 18:46:29.0236 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/28 18:46:29.0283 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/28 18:46:29.0361 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/28 18:46:29.0470 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/28 18:46:29.0579 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/28 18:46:29.0782 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/28 18:46:29.0891 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/28 18:46:29.0938 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/28 18:46:30.0063 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/28 18:46:30.0359 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/28 18:46:30.0406 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/28 18:46:30.0656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/28 18:46:30.0780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/28 18:46:30.0812 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/28 18:46:30.0874 jumi (ee894427ac0b2b2c2c8b32cb78357dae) C:\Windows\system32\DRIVERS\jumi.sys
2011/01/28 18:46:30.0905 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/28 18:46:30.0999 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/28 18:46:31.0046 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/28 18:46:31.0108 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/28 18:46:31.0217 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/28 18:46:31.0342 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/01/28 18:46:31.0420 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/01/28 18:46:31.0576 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/01/28 18:46:31.0685 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/28 18:46:31.0732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/28 18:46:31.0794 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/28 18:46:31.0841 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/28 18:46:31.0872 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/28 18:46:31.0966 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/28 18:46:32.0013 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/28 18:46:32.0075 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/28 18:46:32.0200 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/28 18:46:32.0294 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/28 18:46:32.0418 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/28 18:46:32.0496 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/28 18:46:32.0621 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/28 18:46:32.0668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/28 18:46:32.0762 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/28 18:46:32.0840 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/28 18:46:32.0871 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/28 18:46:32.0933 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/28 18:46:32.0980 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/28 18:46:33.0027 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/28 18:46:33.0120 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/28 18:46:33.0183 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/28 18:46:33.0230 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/28 18:46:33.0292 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/28 18:46:33.0370 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/28 18:46:33.0417 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/28 18:46:33.0479 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/28 18:46:33.0838 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/28 18:46:33.0994 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/28 18:46:34.0025 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/28 18:46:34.0041 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/28 18:46:34.0103 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/28 18:46:34.0181 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/28 18:46:34.0259 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/28 18:46:34.0290 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/28 18:46:34.0337 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/28 18:46:34.0368 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/28 18:46:34.0462 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/28 18:46:34.0478 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/28 18:46:34.0540 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/28 18:46:34.0634 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/28 18:46:34.0680 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/28 18:46:34.0774 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/28 18:46:34.0883 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/28 18:46:35.0070 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/01/28 18:46:35.0148 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/28 18:46:35.0195 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/28 18:46:35.0226 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/28 18:46:35.0289 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/28 18:46:35.0398 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/28 18:46:35.0492 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/28 18:46:35.0570 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/28 18:46:35.0616 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/28 18:46:35.0679 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/28 18:46:35.0710 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/28 18:46:36.0178 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/28 18:46:36.0240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/28 18:46:36.0303 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/28 18:46:36.0474 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/28 18:46:36.0552 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/28 18:46:36.0646 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/28 18:46:36.0724 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/01/28 18:46:36.0818 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/28 18:46:36.0880 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/28 18:46:36.0927 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/28 18:46:36.0974 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/28 18:46:37.0020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/28 18:46:37.0067 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/28 18:46:37.0130 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/28 18:46:37.0192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/28 18:46:37.0239 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/28 18:46:37.0317 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/28 18:46:37.0364 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/28 18:46:37.0426 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/28 18:46:37.0457 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/28 18:46:37.0551 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/28 18:46:37.0598 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/28 18:46:37.0676 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/28 18:46:37.0785 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/28 18:46:37.0832 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/28 18:46:37.0894 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/28 18:46:37.0941 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/28 18:46:38.0081 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/28 18:46:38.0206 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/28 18:46:38.0253 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/28 18:46:38.0315 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/28 18:46:38.0440 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/28 18:46:38.0487 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/28 18:46:38.0518 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/28 18:46:38.0549 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/28 18:46:38.0627 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/01/28 18:46:38.0814 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/01/28 18:46:38.0877 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/01/28 18:46:38.0939 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/01/28 18:46:39.0033 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/28 18:46:39.0080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/28 18:46:39.0126 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/28 18:46:39.0158 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/28 18:46:39.0251 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/28 18:46:39.0485 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/01/28 18:46:39.0485 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/28 18:46:39.0501 sptd - detected Locked file (1)
2011/01/28 18:46:39.0657 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/28 18:46:39.0735 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/28 18:46:39.0828 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/28 18:46:39.0922 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/28 18:46:39.0984 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/28 18:46:40.0031 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/28 18:46:40.0094 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/28 18:46:40.0234 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/28 18:46:40.0328 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/28 18:46:40.0406 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/28 18:46:40.0468 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/28 18:46:40.0546 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/28 18:46:40.0562 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/28 18:46:40.0655 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/28 18:46:40.0733 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/28 18:46:40.0827 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/28 18:46:40.0905 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/28 18:46:40.0998 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/28 18:46:41.0045 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/28 18:46:41.0123 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/28 18:46:41.0264 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/28 18:46:41.0373 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/28 18:46:41.0420 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/01/28 18:46:41.0451 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/28 18:46:41.0498 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/28 18:46:41.0544 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/28 18:46:41.0591 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/28 18:46:41.0638 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/28 18:46:41.0669 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/28 18:46:41.0716 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/28 18:46:41.0763 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/28 18:46:41.0825 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/28 18:46:41.0872 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/28 18:46:41.0919 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/28 18:46:41.0997 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/28 18:46:42.0106 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/28 18:46:42.0168 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/28 18:46:42.0215 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/28 18:46:42.0278 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/28 18:46:42.0324 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/28 18:46:42.0387 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/28 18:46:42.0449 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/28 18:46:42.0527 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/28 18:46:42.0558 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/28 18:46:42.0636 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/01/28 18:46:42.0730 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/28 18:46:42.0933 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/28 18:46:42.0980 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/28 18:46:43.0229 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/28 18:46:43.0307 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/28 18:46:43.0401 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/28 18:46:43.0448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/28 18:46:43.0604 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/28 18:46:43.0713 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/28 18:46:43.0791 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/28 18:46:43.0869 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/28 18:46:44.0040 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/28 18:46:44.0118 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/28 18:46:44.0150 ================================================================================
2011/01/28 18:46:44.0150 Scan finished
2011/01/28 18:46:44.0150 ================================================================================
2011/01/28 18:46:44.0165 Detected object count: 2
2011/01/28 18:47:20.0435 Locked file(sptd) - User select action: Skip
2011/01/28 18:47:20.0467 \HardDisk0 - will be cured after reboot
2011/01/28 18:47:20.0467 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/28 18:47:31.0480 Deinitialize success
-
When I try to remove WhiteSmoke from add/remove programs this pops up.
One or more of the WhiteSmoke files are locked by the
'WSTrayDictMode.exe' process.
Please switch to this process to close it and try again
-
DDS (Ver_10-12-12.02) - NTFSx86
Run by Muntgamry at 17:47:17.78 on Fri 01/28/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1134 [GMT -6:00]
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Whitesmoke Translator\WSTrayDictMode.exe
C:\Program Files\Whitesmoke Translator\WhiteSmokeDictRegistration.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Muntgamry\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
uRun: [Google Update] "c:\users\muntgamry\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [iCF] "c:\program files\internet content filter\SafeEyes.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke translator\WSTrayDictMode.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\icf.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\muntga~1\appdata\roaming\mozilla\firefox\profiles\351roii5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony online entertainment\station launcher\npsoe.dll
FF - plugin: c:\users\muntgamry\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-15 47640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
S3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 17408]
=============== Created Last 30 ================
2011-01-25 22:51:39 -------- d-----w- c:\program files\whitesmoketoolbar
2011-01-25 22:51:21 -------- d-----w- c:\program files\Whitesmoke Translator
2011-01-25 08:30:14 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{48140ade-b161-4793-ac7e-8564b3b03f71}\mpengine.dll
2011-01-24 17:44:28 -------- d-----w- c:\users\muntga~1\appdata\roaming\{90140011-0062-0409-0000-0000000FF1CE}
2011-01-24 17:34:29 -------- d-----w- c:\users\muntga~1\appdata\local\Mozilla
2011-01-24 17:34:04 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-01-24 17:34:01 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-01-24 17:34:01 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-01-24 17:34:00 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-01-19 02:16:25 320216 ----a-w- c:\windows\system32\seinst.dll
2011-01-19 02:16:25 303824 ----a-w- c:\windows\system32\ICF.dll
2011-01-19 02:16:25 281304 ----a-w- c:\windows\sediag.exe
2011-01-19 02:16:25 189952 ----a-w- c:\windows\SERecat.exe
2011-01-19 02:16:24 -------- d-----w- c:\program files\Internet Content Filter
2011-01-18 23:55:27 -------- d-----w- c:\users\muntga~1\appdata\local\ESET
2011-01-18 23:53:40 -------- d-----w- c:\program files\ESET
2011-01-18 23:31:14 -------- d-----w- c:\windows\pss
2011-01-18 16:22:06 -------- d-----w- c:\program files\CCleaner
2011-01-04 01:46:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 01:46:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 00:33:24 -------- d-----w- c:\program files\Search Toolbar
==================== Find3M ====================
2010-12-15 16:12:03 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-15 16:12:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-15 16:12:03 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-15 16:12:03 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-06 07:19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 07:19:54 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-06 07:19:54 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST3250820AS rev.3.ADG -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864DE555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864e47b0]; MOV EAX, [0x864e482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8324E458] -> \Device\Harddisk0\DR0[0x864C0030]
3 CLASSPNP[0x898D459E] -> ntkrnlpa!IofCallDriver[0x8324E458] -> [0x864EFCB0]
\Driver\atapi[0x864C5C50] -> IRP_MJ_CREATE -> 0x864DE555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250820AS_____________________________3.ADG___#5&7935f70&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488281248 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 17:48:34.69 ===============
-
Hey,
I got the Whitesmoke thing on one of my computers, and was trying to find a solution to it... after reading a couple of topics here, It seems that each computer requires a different solution based on the logs?
If thats what it is, I'm sorry to bother, but I'd like some help.
It seems that just running malwarebytes wont solve it...
What are the steps I should follow?
thanks,
Dan.
Whitesmoke removal
in Resolved Malware Removal Logs
Posted
thanks a lot for your help... I'm considering getting the malwarebytes pro now... so that kind of thing don't happen again... such a pain to remove it.