Jump to content

PC keeps crashing


Recommended Posts

Hello,

I'm currently running Windows 7 SP 1 but it seems to be infected pretty badly. I keep trying to run a lot of anti-spyware programs(malwarebytes, combofix, antivir personal, DDS etc...) but my computer seems to crash everytime I try to scan it, and now even when I'm not (maybe because AntiVir is running). Yesterday I was able to do a quick scan with malwarebytes but it came up empty, so I ran a full scan over-night and it had one infection (I think it was tro/downloader.JVP or something like that) but when I tried to remove it my computer froze. Also, I was using Firefox and all of a sudden 16 new tabs would popup but they were the same 3 over and over again. Eventually, whenever I tried to open it it would just be a white page with no address bar, so I reinstalled. Today, when my computer crashed Firefox disappeared (I'm guessing there was a system restore or something) and so now I'm using Internet Explorer, but that keeps opening new windows every once in a while to my homepage. Any help would be extremely appreciated, thank you.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:41:03 PM, on 6/26/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WerFault.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ooVoo\ooVoo.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ooVoo.exe] C:\program files\oovoo\oovoo.exe /minimized

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O15 - ESC Trusted Zone: http://*..webconference.com

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1290814240487

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe

O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9125 bytes

Link to post
Share on other sites

Hello Strohs7 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from here.
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.

At the boot option please press the number 1 on your keyboard to 1 Boot AntiVir Rescue System (default) and press Enter or just wait.

You will then see the graphical interface of Rescue CD loading modules and mounting devices. The default language is German, but you can change it to English anytime by clicking on the English flag on the lower-left side of the screen.

2cnti8i.gif

Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.

Then please go back to Virus scanner and click Start scanneren.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.

After you have run the Avira Rescue CD, please let me know how your system is running now. Then, we'll move on to the next step ;).

Link to post
Share on other sites

Hey, thanks for responding.

When I try to download from that link I get an error message that says "Unable to download rescuecd.exe from dl.antivir.de. Unable to open this Internet site. The requested site is either unavaiable or cannot be found. Please try again later"

Link to post
Share on other sites

OK, I was able to download it (had to save target as...) and did the scan. There were 33 warnings and 2 reports. My computer definitely is faster than it was but it's still relatively slow. Internet Explorer is also still randomly opening up new windows (I'm not sure if this is even from a virus).

Link to post
Share on other sites

I just tried to download Firefox but I got the same message as before ("unable to download..."), I guess I can't download anything. :(

Don't worry, I'm here to help :).

If you can successfully run programs now, please proceed with the following instructions:

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

Link to post
Share on other sites

Computer still is running relatively slow, same as after I booted it from the CD. Here are the logs:

TDS:

2011/06/30 18:43:45.0049 6116 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/06/30 18:43:45.0533 6116 ================================================================================

2011/06/30 18:43:45.0533 6116 SystemInfo:

2011/06/30 18:43:45.0533 6116

2011/06/30 18:43:45.0533 6116 OS Version: 6.1.7601 ServicePack: 1.0

2011/06/30 18:43:45.0533 6116 Product type: Workstation

2011/06/30 18:43:45.0533 6116 ComputerName: STEVE-PC

2011/06/30 18:43:45.0533 6116 UserName: Steve

2011/06/30 18:43:45.0533 6116 Windows directory: C:\Windows

2011/06/30 18:43:45.0533 6116 System windows directory: C:\Windows

2011/06/30 18:43:45.0533 6116 Processor architecture: Intel x86

2011/06/30 18:43:45.0533 6116 Number of processors: 2

2011/06/30 18:43:45.0533 6116 Page size: 0x1000

2011/06/30 18:43:45.0533 6116 Boot type: Normal boot

2011/06/30 18:43:45.0533 6116 ================================================================================

2011/06/30 18:43:49.0183 6116 Initialize success

2011/06/30 18:44:51.0100 4176 ================================================================================

2011/06/30 18:44:51.0100 4176 Scan started

2011/06/30 18:44:51.0100 4176 Mode: Manual;

2011/06/30 18:44:51.0100 4176 ================================================================================

2011/06/30 18:44:53.0362 4176 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/06/30 18:44:53.0471 4176 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/06/30 18:44:53.0580 4176 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/06/30 18:44:53.0690 4176 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/06/30 18:44:53.0752 4176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/06/30 18:44:53.0814 4176 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/06/30 18:44:53.0955 4176 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/06/30 18:44:54.0095 4176 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/06/30 18:44:54.0189 4176 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/06/30 18:44:54.0314 4176 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/06/30 18:44:54.0454 4176 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/06/30 18:44:54.0501 4176 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/06/30 18:44:54.0610 4176 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/06/30 18:44:54.0641 4176 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/06/30 18:44:54.0750 4176 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/06/30 18:44:54.0860 4176 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/06/30 18:44:54.0938 4176 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/06/30 18:44:55.0203 4176 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/06/30 18:44:55.0686 4176 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/06/30 18:44:55.0749 4176 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/06/30 18:44:55.0858 4176 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/30 18:44:55.0952 4176 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/06/30 18:44:56.0076 4176 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys

2011/06/30 18:44:56.0513 4176 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/06/30 18:44:56.0591 4176 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/06/30 18:44:56.0763 4176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/06/30 18:44:56.0934 4176 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/06/30 18:44:57.0137 4176 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/06/30 18:44:57.0262 4176 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/30 18:44:57.0371 4176 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/30 18:44:57.0465 4176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/06/30 18:44:57.0512 4176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/06/30 18:44:57.0621 4176 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/06/30 18:44:57.0652 4176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/30 18:44:57.0714 4176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/30 18:44:57.0761 4176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/30 18:44:57.0824 4176 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/06/30 18:44:58.0510 4176 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/30 18:44:58.0650 4176 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/06/30 18:44:58.0806 4176 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/06/30 18:44:58.0884 4176 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/06/30 18:44:59.0072 4176 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/30 18:44:59.0165 4176 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/06/30 18:44:59.0274 4176 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/06/30 18:44:59.0399 4176 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys

2011/06/30 18:44:59.0555 4176 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/30 18:44:59.0696 4176 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/06/30 18:44:59.0976 4176 cpuz133 (743c403d20a89db5ed84c874768b7119) C:\Windows\system32\drivers\cpuz133_x32.sys

2011/06/30 18:45:00.0070 4176 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/06/30 18:45:00.0398 4176 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys

2011/06/30 18:45:00.0600 4176 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/06/30 18:45:00.0710 4176 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/06/30 18:45:00.0803 4176 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/06/30 18:45:01.0100 4176 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/06/30 18:45:01.0240 4176 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys

2011/06/30 18:45:01.0302 4176 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/06/30 18:45:01.0427 4176 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/06/30 18:45:01.0505 4176 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/30 18:45:01.0833 4176 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/06/30 18:45:02.0098 4176 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/06/30 18:45:02.0176 4176 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/06/30 18:45:02.0270 4176 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/06/30 18:45:02.0379 4176 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/06/30 18:45:02.0660 4176 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/30 18:45:02.0769 4176 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/06/30 18:45:02.0816 4176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/06/30 18:45:02.0878 4176 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/30 18:45:03.0003 4176 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/06/30 18:45:03.0128 4176 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/06/30 18:45:03.0190 4176 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/30 18:45:03.0299 4176 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/30 18:45:03.0408 4176 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/06/30 18:45:03.0486 4176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/06/30 18:45:03.0674 4176 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/30 18:45:03.0767 4176 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/06/30 18:45:03.0814 4176 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/06/30 18:45:03.0892 4176 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/06/30 18:45:03.0954 4176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/06/30 18:45:04.0064 4176 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/06/30 18:45:04.0438 4176 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/06/30 18:45:04.0563 4176 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/06/30 18:45:04.0625 4176 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys

2011/06/30 18:45:04.0719 4176 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/06/30 18:45:04.0953 4176 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/06/30 18:45:05.0078 4176 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/06/30 18:45:05.0312 4176 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/30 18:45:05.0452 4176 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/06/30 18:45:05.0561 4176 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/06/30 18:45:05.0998 4176 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/06/30 18:45:06.0638 4176 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/06/30 18:45:06.0762 4176 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys

2011/06/30 18:45:06.0872 4176 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/06/30 18:45:06.0996 4176 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/30 18:45:07.0059 4176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/30 18:45:07.0199 4176 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/06/30 18:45:07.0246 4176 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/06/30 18:45:07.0480 4176 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/06/30 18:45:07.0574 4176 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/06/30 18:45:07.0667 4176 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/06/30 18:45:07.0761 4176 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/06/30 18:45:07.0901 4176 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/06/30 18:45:07.0995 4176 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/30 18:45:08.0042 4176 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/30 18:45:08.0276 4176 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/30 18:45:08.0494 4176 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/06/30 18:45:08.0541 4176 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/06/30 18:45:08.0588 4176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/06/30 18:45:08.0775 4176 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/06/30 18:45:08.0915 4176 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/06/30 18:45:09.0212 4176 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/06/30 18:45:09.0305 4176 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/06/30 18:45:09.0383 4176 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/06/30 18:45:09.0461 4176 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/06/30 18:45:09.0602 4176 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/30 18:45:09.0680 4176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/06/30 18:45:09.0882 4176 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/30 18:45:09.0976 4176 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/06/30 18:45:10.0054 4176 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/06/30 18:45:10.0116 4176 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/30 18:45:10.0226 4176 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/06/30 18:45:10.0350 4176 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/30 18:45:10.0413 4176 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/30 18:45:10.0522 4176 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/30 18:45:10.0616 4176 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/06/30 18:45:10.0709 4176 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/06/30 18:45:10.0818 4176 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/06/30 18:45:10.0928 4176 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/30 18:45:11.0021 4176 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/06/30 18:45:11.0162 4176 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/30 18:45:11.0255 4176 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/30 18:45:11.0349 4176 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/06/30 18:45:11.0442 4176 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/06/30 18:45:11.0645 4176 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/06/30 18:45:11.0723 4176 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/06/30 18:45:11.0786 4176 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/06/30 18:45:11.0895 4176 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/06/30 18:45:12.0035 4176 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/30 18:45:12.0269 4176 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/06/30 18:45:12.0472 4176 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/30 18:45:12.0550 4176 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/30 18:45:12.0644 4176 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/30 18:45:12.0737 4176 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/30 18:45:12.0831 4176 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/06/30 18:45:12.0924 4176 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/30 18:45:12.0971 4176 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/30 18:45:13.0268 4176 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/06/30 18:45:13.0455 4176 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/06/30 18:45:13.0564 4176 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/30 18:45:13.0720 4176 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/06/30 18:45:13.0814 4176 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/06/30 18:45:13.0938 4176 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/06/30 18:45:14.0048 4176 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/06/30 18:45:14.0110 4176 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/06/30 18:45:14.0266 4176 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/06/30 18:45:14.0406 4176 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/06/30 18:45:14.0531 4176 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/06/30 18:45:14.0578 4176 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/06/30 18:45:14.0656 4176 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/06/30 18:45:14.0750 4176 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/06/30 18:45:14.0843 4176 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/06/30 18:45:14.0906 4176 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/06/30 18:45:14.0999 4176 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/06/30 18:45:15.0483 4176 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/30 18:45:15.0826 4176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/06/30 18:45:16.0029 4176 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/30 18:45:16.0169 4176 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/06/30 18:45:16.0388 4176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/06/30 18:45:16.0466 4176 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/30 18:45:16.0544 4176 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/30 18:45:16.0637 4176 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/30 18:45:16.0809 4176 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/30 18:45:16.0902 4176 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/30 18:45:17.0043 4176 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/30 18:45:17.0370 4176 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/30 18:45:17.0651 4176 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/30 18:45:17.0698 4176 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/30 18:45:17.0776 4176 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/30 18:45:17.0870 4176 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/30 18:45:17.0963 4176 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/06/30 18:45:18.0057 4176 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/06/30 18:45:18.0603 4176 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/30 18:45:18.0806 4176 RSUSBSTOR (434dcf7ae4300c876aa40873e3113983) C:\Windows\system32\Drivers\RtsUStor.sys

2011/06/30 18:45:18.0915 4176 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/06/30 18:45:19.0055 4176 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/06/30 18:45:19.0133 4176 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS

2011/06/30 18:45:19.0508 4176 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/06/30 18:45:19.0679 4176 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/06/30 18:45:19.0944 4176 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/06/30 18:45:20.0038 4176 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/30 18:45:20.0303 4176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/30 18:45:20.0459 4176 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/30 18:45:20.0506 4176 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/06/30 18:45:20.0584 4176 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/06/30 18:45:20.0802 4176 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/06/30 18:45:20.0834 4176 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/06/30 18:45:20.0896 4176 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/06/30 18:45:20.0990 4176 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/30 18:45:21.0114 4176 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/06/30 18:45:21.0177 4176 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/06/30 18:45:21.0239 4176 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/06/30 18:45:21.0364 4176 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/06/30 18:45:21.0629 4176 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/06/30 18:45:21.0910 4176 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/06/30 18:45:22.0066 4176 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/30 18:45:22.0269 4176 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/30 18:45:22.0550 4176 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/06/30 18:45:22.0815 4176 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/06/30 18:45:22.0924 4176 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/06/30 18:45:23.0049 4176 SymIM (0b7e7cbe1f9dd57bc5dcdcad3f6b1b3b) C:\Windows\system32\DRIVERS\SymIMv.sys

2011/06/30 18:45:23.0158 4176 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys

2011/06/30 18:45:23.0610 4176 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/06/30 18:45:23.0766 4176 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/30 18:45:23.0844 4176 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/30 18:45:23.0954 4176 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/06/30 18:45:24.0000 4176 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/06/30 18:45:24.0188 4176 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/30 18:45:24.0250 4176 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/06/30 18:45:24.0484 4176 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/30 18:45:24.0578 4176 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/06/30 18:45:24.0718 4176 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/30 18:45:24.0968 4176 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/06/30 18:45:25.0046 4176 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/30 18:45:25.0217 4176 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/06/30 18:45:25.0311 4176 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/06/30 18:45:25.0404 4176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/06/30 18:45:25.0498 4176 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2011/06/30 18:45:25.0592 4176 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/06/30 18:45:25.0670 4176 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/30 18:45:25.0935 4176 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/06/30 18:45:25.0997 4176 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/06/30 18:45:26.0091 4176 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/30 18:45:26.0169 4176 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/30 18:45:26.0372 4176 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/06/30 18:45:26.0450 4176 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

2011/06/30 18:45:26.0512 4176 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/30 18:45:26.0559 4176 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/06/30 18:45:26.0652 4176 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/06/30 18:45:26.0746 4176 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/30 18:45:26.0886 4176 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/06/30 18:45:27.0042 4176 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/06/30 18:45:27.0152 4176 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/30 18:45:27.0230 4176 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/06/30 18:45:27.0401 4176 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/06/30 18:45:27.0510 4176 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/06/30 18:45:27.0588 4176 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/06/30 18:45:27.0666 4176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/06/30 18:45:27.0776 4176 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/06/30 18:45:28.0041 4176 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/06/30 18:45:28.0119 4176 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/06/30 18:45:28.0259 4176 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/06/30 18:45:28.0322 4176 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/06/30 18:45:28.0384 4176 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/06/30 18:45:28.0571 4176 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/06/30 18:45:28.0727 4176 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/06/30 18:45:28.0805 4176 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 18:45:28.0852 4176 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 18:45:29.0008 4176 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/06/30 18:45:29.0102 4176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/30 18:45:29.0304 4176 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/30 18:45:29.0382 4176 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/06/30 18:45:29.0460 4176 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/06/30 18:45:29.0928 4176 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/06/30 18:45:30.0053 4176 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/06/30 18:45:30.0240 4176 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/30 18:45:30.0396 4176 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/06/30 18:45:30.0552 4176 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/30 18:45:30.0693 4176 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

2011/06/30 18:45:30.0818 4176 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0

2011/06/30 18:45:30.0833 4176 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/30 18:45:30.0864 4176 Boot (0x1200) (7b567d44ae5ce22772167ab3022e4fb9) \Device\Harddisk0\DR0\Partition0

2011/06/30 18:45:30.0974 4176 Boot (0x1200) (1ce139c7ade5c35947d8254e5b45a164) \Device\Harddisk0\DR0\Partition1

2011/06/30 18:45:30.0989 4176 ================================================================================

2011/06/30 18:45:30.0989 4176 Scan finished

2011/06/30 18:45:30.0989 4176 ================================================================================

2011/06/30 18:45:31.0052 3140 Detected object count: 1

2011/06/30 18:45:31.0052 3140 Actual detected object count: 1

2011/06/30 18:46:05.0060 3140 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/30 18:46:05.0060 3140 \Device\Harddisk0\DR0 - ok

2011/06/30 18:46:05.0075 3140 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

Link to post
Share on other sites

ComboFix:

ComboFix 11-06-30.03 - Steve 06/30/2011 19:13:56.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2130 [GMT -4:00]

Running from: c:\users\Steve\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\npf.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))

.

.

2011-06-30 23:22 . 2011-06-30 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-30 22:57 . 2011-06-30 22:57 -------- d-----w- C:\found.000

2011-06-29 00:40 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 00:39 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 00:39 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 00:39 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 00:39 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 00:39 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 00:39 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 00:39 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 00:39 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 00:39 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-26 20:38 . 2011-06-28 20:39 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-26 20:38 . 2011-06-28 20:39 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-26 19:29 . 2011-06-26 19:29 -------- d-----w- c:\users\Steve\AppData\Roaming\Avira

2011-06-26 19:08 . 2011-06-26 19:08 -------- d-----w- c:\programdata\Avira

2011-06-26 19:08 . 2011-06-26 19:08 -------- d-----w- c:\program files\Avira

2011-06-26 06:50 . 2011-06-26 06:50 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-26 06:29 . 2011-06-26 06:38 -------- d-----w- C:\MGtools

2011-06-26 04:02 . 2011-06-30 23:23 -------- d-----w- c:\users\Steve\AppData\Local\temp

2011-06-25 22:21 . 2011-06-25 22:21 -------- d-----w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com

2011-06-25 22:21 . 2011-06-25 22:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-25 22:20 . 2011-06-25 22:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-25 20:59 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{222931A5-54D8-43C5-9C23-1BD52F9EDED2}\mpengine.dll

2011-06-24 02:21 . 2011-06-24 02:53 -------- d-----w- c:\users\Steve\AppData\Roaming\Systweak

2011-06-24 00:32 . 2011-06-24 00:45 -------- d-----w- c:\programdata\RegCure

2011-06-21 06:26 . 2011-06-23 23:56 -------- d-----w- c:\users\Steve\AppData\Roaming\uTorrent

2011-06-21 06:15 . 2011-06-21 06:15 -------- d-----w- c:\users\Steve\AppData\Local\Ilivid Player

2011-06-21 06:14 . 2011-06-21 06:14 -------- d-----w- c:\users\Steve\AppData\Local\PackageAware

2011-06-21 05:51 . 2011-06-21 05:51 -------- d-----w- C:\UTILS

2011-06-21 05:50 . 2011-06-21 05:50 -------- d-----w- C:\GAMES

2011-06-17 18:04 . 2011-06-17 18:04 -------- d-----w- c:\windows\system32\SPReview

2011-06-17 18:02 . 2011-06-17 18:02 -------- d-----w- c:\windows\system32\EventProviders

2011-06-09 04:08 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-06-09 04:06 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\msahci.sys

2011-06-09 04:05 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-09 04:05 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-06-09 04:05 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-09 04:05 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-06-09 04:05 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll

2011-06-09 04:05 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll

2011-06-09 04:05 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe

2011-06-09 04:04 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-06-09 04:04 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll

2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-06-04 21:24 . 2011-06-04 21:24 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-26 06:35 . 2011-06-26 06:30 46021 ----a-w- C:\MGlogs.zip

2011-06-17 18:14 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-05-31 02:21 . 2011-05-31 02:12 214 ----a-w- c:\windows\wininit.tmp

2011-05-29 13:11 . 2010-07-15 01:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-07-15 01:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 23:14 . 2010-11-26 23:07 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-12 00:27 . 2011-04-23 03:47 0 ----a-w- c:\users\Steve\AppData\Local\Cgaxerafiqejivu.bin

2011-04-22 19:14 . 2011-05-24 18:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:02 . 2011-05-12 00:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-12 00:43 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-12 03:08 123904 ----a-w- c:\windows\system32\poqexec.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"ooVoo.exe"="c:\program files\oovoo\oovoo.exe" [2011-05-18 22631608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-07-28 1537320]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2009-01-29 15:43 107176 ----a-w- c:\program files\Lexmark 2600 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 136176]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-04-28 94208]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 136176]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - eeCtrl

*Deregistered* - IDSVix86

*Deregistered* - SymEFA

*Deregistered* - SYMTDI

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 21:14]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 21:14]

.

2011-06-04 c:\windows\Tasks\HPCeeScheduleForSteve.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: webconference.com

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-30 19:27:09

ComboFix-quarantined-files.txt 2011-06-30 23:27

ComboFix2.txt 2011-06-26 04:28

.

Pre-Run: 260,176,351,232 bytes free

Post-Run: 260,435,431,424 bytes free

.

- - End Of File - - 2859448038E880C722EE1E8FA50EE9CE

Security Check:

Results of screen317's Security Check version 0.99.17

Windows 7 Service Pack 1 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

JMPProfilerCoreSetup

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java DB 10.5.3.0

Java 6 Update 20

Java 6 Update 23

Java 6 Update 7

Java SE Development Kit 6 Update 23

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.1.85.3

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Link to post
Share on other sites

Good news! TDSSKiller cleaned up the main infection.:D However, we still have some more to do ;):

---------

I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

---------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\users\Steve\AppData\Local\Cgaxerafiqejivu.bin

Reglock::

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how your system is running :).

Link to post
Share on other sites

Thats excellent news! My computer was going pretty quick for about 10 minutes then started to slow down as it was before... might just be from overheating.

New ComboFix:

ComboFix 11-06-30.03 - Steve 06/30/2011 21:50:32.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1958 [GMT -4:00]

Running from: c:\users\Steve\Desktop\ComboFix.exe

Command switches used :: c:\users\Steve\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\users\Steve\AppData\Local\Cgaxerafiqejivu.bin"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Steve\AppData\Local\Cgaxerafiqejivu.bin

.

.

((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))

.

.

2011-07-01 01:55 . 2011-07-01 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-30 22:57 . 2011-06-30 22:57 -------- d-----w- C:\found.000

2011-06-29 00:40 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 00:39 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 00:39 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 00:39 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 00:39 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 00:39 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 00:39 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 00:39 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 00:39 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 00:39 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-26 20:38 . 2011-06-28 20:39 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-26 20:38 . 2011-06-28 20:39 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-26 19:29 . 2011-06-26 19:29 -------- d-----w- c:\users\Steve\AppData\Roaming\Avira

2011-06-26 19:08 . 2011-06-26 19:08 -------- d-----w- c:\programdata\Avira

2011-06-26 19:08 . 2011-06-26 19:08 -------- d-----w- c:\program files\Avira

2011-06-26 06:50 . 2011-06-26 06:50 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-26 06:29 . 2011-06-26 06:38 -------- d-----w- C:\MGtools

2011-06-26 04:02 . 2011-07-01 01:58 -------- d-----w- c:\users\Steve\AppData\Local\temp

2011-06-25 22:21 . 2011-06-25 22:21 -------- d-----w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com

2011-06-25 22:21 . 2011-06-25 22:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-25 22:20 . 2011-06-25 22:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-24 02:21 . 2011-06-24 02:53 -------- d-----w- c:\users\Steve\AppData\Roaming\Systweak

2011-06-24 00:32 . 2011-06-24 00:45 -------- d-----w- c:\programdata\RegCure

2011-06-21 06:26 . 2011-06-23 23:56 -------- d-----w- c:\users\Steve\AppData\Roaming\uTorrent

2011-06-21 06:15 . 2011-06-21 06:15 -------- d-----w- c:\users\Steve\AppData\Local\Ilivid Player

2011-06-21 06:14 . 2011-06-21 06:14 -------- d-----w- c:\users\Steve\AppData\Local\PackageAware

2011-06-21 05:51 . 2011-06-21 05:51 -------- d-----w- C:\UTILS

2011-06-21 05:50 . 2011-06-21 05:50 -------- d-----w- C:\GAMES

2011-06-17 18:04 . 2011-06-17 18:04 -------- d-----w- c:\windows\system32\SPReview

2011-06-17 18:02 . 2011-06-17 18:02 -------- d-----w- c:\windows\system32\EventProviders

2011-06-09 04:08 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-06-09 04:06 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\msahci.sys

2011-06-09 04:05 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-09 04:05 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-06-09 04:05 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-09 04:05 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-06-09 04:05 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll

2011-06-09 04:05 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll

2011-06-09 04:05 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe

2011-06-09 04:04 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-06-09 04:04 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll

2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-06-04 21:24 . 2011-06-04 21:24 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-26 06:35 . 2011-06-26 06:30 46021 ----a-w- C:\MGlogs.zip

2011-06-17 18:14 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-07 15:55 . 2011-06-25 20:59 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{222931A5-54D8-43C5-9C23-1BD52F9EDED2}\mpengine.dll

2011-05-31 02:21 . 2011-05-31 02:12 214 ----a-w- c:\windows\wininit.tmp

2011-05-29 13:11 . 2010-07-15 01:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-07-15 01:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 23:14 . 2010-11-26 23:07 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-04-22 19:14 . 2011-05-24 18:57 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:02 . 2011-05-12 00:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-12 00:43 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-12 03:08 123904 ----a-w- c:\windows\system32\poqexec.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"ooVoo.exe"="c:\program files\oovoo\oovoo.exe" [2011-05-18 22631608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-07-28 1537320]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2009-01-29 15:43 107176 ----a-w- c:\program files\Lexmark 2600 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 136176]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-04-28 94208]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 136176]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-28 166912]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-07-28 167936]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - eeCtrl

*Deregistered* - IDSVix86

*Deregistered* - SymEFA

*Deregistered* - SYMTDI

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 21:14]

.

2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-02 21:14]

.

2011-06-04 c:\windows\Tasks\HPCeeScheduleForSteve.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: webconference.com

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4608)

c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\msiexec.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conhost.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\PEV.exe

c:\windows\ehome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Hewlett-Packard\Shared\hpqToaster.exe

c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Completion time: 2011-06-30 22:05:48 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-01 02:05

ComboFix2.txt 2011-06-30 23:27

ComboFix3.txt 2011-06-26 04:28

.

Pre-Run: 260,477,190,144 bytes free

Post-Run: 260,409,229,312 bytes free

.

- - End Of File - - DC1A968156BFA9578C0563DAB9E399AD

Link to post
Share on other sites

I'm not seeing anything really suspicious in your logs. Let's run some online scans to see if there's any malware left:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

Hey, I was able to run the first scanner but I left the second one over night and it was still at 0% in the morning. Unfortunately I won't be home until Tuesday to try again but thanks and enjoy the holiday! Here is the log from the first scanner.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=a53c59dad7aa874dbed7505e7c50a4f0

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-01 04:13:14

# local_time=2011-07-01 12:13:14 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 29653670 29653670 0 0

# compatibility_mode=1797 16775165 100 94 0 45080235 0 0

# compatibility_mode=5893 16776574 100 94 229997 61031677 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=202983

# found=3

# cleaned=3

# scan_time=6708

C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\32e44eaf-5a81fc90 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-13b8eb4d a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-2b18c3e2 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Hey, I was able to run the first scanner but I left the second one over night and it was still at 0% in the morning. Unfortunately I won't be home until Tuesday to try again but thanks and enjoy the holiday! Here is the log from the first scanner.

No worries, I understand. I hope you have a nice Independence day weekend as well! :)

Link to post
Share on other sites

Hey, I hope you enjoyed your 4th! I'm back at it with my PC and got the last scanner to work. I noticed that the computer isn't slow unless I'm using the internet (slow load times) but the scanner worked fine. Here is the log for BitDefender:

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Tue Jul 05 19:10:44 2011

Machine ID: 22287488

No infection found.

-------------------

Processes

---------

AntiVir Desktop 4024 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

AntiVir Desktop 1608 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

AntiVir Desktop 1668 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

AntiVir Desktop 1400 C:\Program Files\Avira\AntiVir Desktop\sched.exe

Apple Mobile Device Service 1636 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Application STServices 436 C:\Program Files\SMINST\BLService.exe

Bonjour 1720 C:\Program Files\Bonjour\mDNSResponder.exe

Cisco Systems VPN Client 1744 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

Device Monitor 2888 C:\Program Files\Lexmark 2500 Series\lxddmon.exe

Device Monitor Application 2856 C:\Program Files\Lexmark 2500 Series\lxddamon.exe

DivX Update 1012 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

HP Quick Launch Buttons 2980 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

HP Quick Launch Buttons 308 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

HP Quick Synchronization Service 1848 C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

HP QuickPlay 1068 C:\Program Files\HP\QuickPlay\QPService.exe

HP Support Assistant 1576 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

HP Wireless Assistant 1836 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

hpCaslNotification 3092 C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

HpqToaster Module 200 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

hpqwmiex Module 3016 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

Intel® Common User Interface 3752 C:\Windows\System32\hkcmd.exe

Intel® Common User Interface 2832 C:\Windows\System32\igfxpers.exe

iTunes 884 C:\Program Files\iPod\bin\iPodService.exe

iTunes 3352 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 3676 C:\Program Files\Common Files\Java\Java Update\jusched.exe

LightScribe 1896 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Microsoft® Windows® Operating System 3308 C:\Program Files\Windows Media Player\wmpnetwk.exe

Microsoft® Windows® Operating System 3168 C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System 3864 C:\Windows\ehome\ehmsas.exe

Microsoft® Windows® Operating System 3240 C:\Windows\explorer.exe

Microsoft® Windows® Operating System 1676 C:\Windows\System32\conhost.exe

Microsoft® Windows® Operating System 400 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 452 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 520 C:\Windows\System32\lsm.exe

Microsoft® Windows® Operating System 492 C:\Windows\System32\services.exe

Microsoft® Windows® Operating System 264 C:\Windows\System32\smss.exe

Microsoft® Windows® Operating System 1364 C:\Windows\System32\spoolsv.exe

Microsoft® Windows® Operating System 2180 C:\Windows\System32\taskhost.exe

Microsoft® Windows® Operating System 3636 C:\Windows\System32\wbem\WmiPrvSE.exe

Microsoft® Windows® Operating System 444 C:\Windows\System32\wininit.exe

Microsoft® Windows® Operating System 616 C:\Windows\System32\winlogon.exe

ooVoo 3080 C:\Program Files\ooVoo\ooVoo.exe

Printer Communication System 1936 C:\Windows\System32\lxddcoms.exe

Printer Communication System 1984 C:\Windows\System32\lxdncoms.exe

Printer Device Monitor 2308 C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

RichVideo Module 744 C:\Program Files\CyberLink\Shared files\RichVideo.exe

SoftK56 Modem Driver 1416 C:\Windows\System32\drivers\XAudio.exe

Synaptics Pointing Device Driver 1644 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Synaptics Pointing Device Driver 2972 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

Windows® Internet Explorer 2504 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5052 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5400 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Search 5224 C:\Windows\System32\SearchFilterHost.exe

Windows® Search 3444 C:\Windows\System32\SearchIndexer.exe

Windows® Search 4380 C:\Windows\System32\SearchProtocolHost.exe

(verified) Microsoft® .NET Framework 4488 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(verified) Microsoft® .NET Framework 2816 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(verified) Microsoft® Windows® Operating System 2124 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 512 C:\Windows\System32\lsass.exe

(verified) Microsoft® Windows® Operating System 672 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 760 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 836 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2732 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1492 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1872 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1824 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1256 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1220 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1164 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 936 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 904 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 4340 C:\Windows\System32\svchost.exe

Network activity

----------------

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 72.247.146.139

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 72.247.146.139

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 72.247.146.139

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 72.247.146.139

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 72.247.146.153

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 74.125.226.163

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 69.171.228.11

Process iexplore.exe (5052) connected on port 80 (HTTP) --> 66.235.142.3

Process wininit.exe (444) listens on ports: 49152 (RPC)

Process services.exe (492) listens on ports: 49158 (RPC)

Process lsass.exe (512) listens on ports: 49155 (RPC)

Process svchost.exe (760) listens on ports: 135 (RPC)

Process svchost.exe (836) listens on ports: 49153 (RPC)

Process svchost.exe (936) listens on ports: 49154 (RPC)

Process spoolsv.exe (1364) listens on ports: 49157 (RPC)

Process lxddcoms.exe (1936) listens on ports: 10004

Process lxdncoms.exe (1984) listens on ports: 10095

Process svchost.exe (2732) listens on ports: 49159 (RPC)

Process lxddamon.exe (2856) listens on ports: 38185

Process ooVoo.exe (3080) listens on ports: 443 (HTTP over SSL), 37674

Process wmpnetwk.exe (3308) listens on ports: 554 (RTSP)

Autoruns and critical files

---------------------------

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

Device Monitor C:\Program Files\Lexmark 2500 Series\lxddmon.exe

Device Monitor Application C:\Program Files\Lexmark 2500 Series\lxddamon.exe

DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe

HP Ceement C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

HP QuickPlay C:\Program Files\HP\QuickPlay\QPService.exe

HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

Intel® Common User Interface C:\Windows\System32\hkcmd.exe

Intel® Common User Interface C:\Windows\system32\igfxdev.dll

Intel® Common User Interface C:\Windows\System32\igfxpers.exe

Intel® Common User Interface C:\Windows\system32\igfxtray.exe

Internet Explorer C:\Program Files\Internet Explorer

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe

Microsoft® Windows® Operating System C:\Windows\system32\scrnsave.scr

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

ooVoo C:\Program Files\ooVoo\ooVoo.exe

Printer Device Monitor C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

StartMen Application C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

StartMen Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

StartMen Application C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Windows® Internet Explorer c:\windows\system32\webcheck.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

AOL Instant Messenger C:\Program Files\AIM\aim.exe

AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll

BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

Java Platform SE 6 U23 C:\Program Files\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

libcurl.dll C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll

libexpatw.dll C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll

Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

Move Streaming Media Player C:\Users\Steve\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll

MSN® Toolbar c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

NeuLion Adaptive Plugin C:\Users\Steve\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

The OpenSSL Toolkit C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll

The OpenSSL Toolkit C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll

TODO: <Product name> C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

TVU Web Player for FireFox C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

TVU Web Player for FireFox C:\Windows\system32\TVUAx\npTVUAx.dll

unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe

Veetle Broadcaster Plugin C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

Veetle TV Core C:\Program Files\Veetle\plugins\npVeetle.dll

Veetle TV Player C:\Program Files\Veetle\Player\npvlc.dll

Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\Windows\System32\ieframe.dll

(verified) Microsoft® Visual Studio .NET C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll

(verified) Microsoft® Visual Studio .NET C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) zlib C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll

Scan

----

MD5: cdcc816fd113084894358ce956ee5ae7 \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01.key

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 69169586efad19f53c2012ffd8fdcf45 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: 92be69a36a9504edba2cab34a32b97b3 C:\Program Files\AIM\aim.exe

MD5: c6e4eee8da73f25d6c5090ee4a0111c1 C:\Program Files\Avira\AntiVir Desktop\aecore.dll

MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files\Avira\AntiVir Desktop\aeemu.dll

MD5: 99fc44836c9faa66d3dd7f6264c2996b C:\Program Files\Avira\AntiVir Desktop\aegen.dll

MD5: 3cd3f5187353323222ca64f55ce4a43d C:\Program Files\Avira\AntiVir Desktop\aehelp.dll

MD5: 6f690e2ea52c96615cd67315c303b19a C:\Program Files\Avira\AntiVir Desktop\aeheur.dll

MD5: 790089c290444a135daeae08c3b7fa24 C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll

MD5: f88786d93f21d95623f6a7c3eb09031d C:\Program Files\Avira\AntiVir Desktop\aepack.dll

MD5: 1c2b2ae6c91aafee617f015319a6122c C:\Program Files\Avira\AntiVir Desktop\aerdl.dll

MD5: ea8d2dcbadb11928df166a5683d7b524 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll

MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files\Avira\AntiVir Desktop\aescn.dll

MD5: 669c4086a873a19f370d622ac4ef5d99 C:\Program Files\Avira\AntiVir Desktop\aescript.dll

MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files\Avira\AntiVir Desktop\aevdf.dll

MD5: 4c3eed40c3f2a9fc9956b0511d431304 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll

MD5: 5ee5c132d47ba6f331099bff1d1db539 C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL

MD5: c983e62b6fb74457d173ba93f66f6068 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

MD5: df5a3016052755c910a206058b4a1729 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

MD5: 5252bb49a0b35e1127d3771e21c7af6d C:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL

MD5: f7263b4e58e0346178cad70eac7f35e6 c:\program files\avira\antivir desktop\ccgen.dll

MD5: f05a5753c308425749b37acd39a5f760 c:\program files\avira\antivir desktop\ccgenrc.dll

MD5: 4b3a4639dd281b709162a2120b3daefc c:\program files\avira\antivir desktop\ccguard.dll

MD5: c0245ed1f48397d41632cab0afa842ce c:\program files\avira\antivir desktop\cclic.dll

MD5: 98d551a16398529f181570a001843231 c:\program files\avira\antivir desktop\ccmsg.dll

MD5: bd655a8ecaf694c48684b89c745f52fa c:\program files\avira\antivir desktop\ccupdate.dll

MD5: a93a23d1d8922fe1e625d9884c275ff5 c:\program files\avira\antivir desktop\ccupdrc.dll

MD5: a0ef10de0d455e33adffc39948660899 c:\program files\avira\antivir desktop\ccupdw.dll

MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll

MD5: 92d9eb35797530fedc07b1d75533f68e C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll

MD5: a285373eab723d7f3fcfdb70accb60a1 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll

MD5: b4837fe56d76b2e9ea90e5365cf6a2be C:\Program Files\Avira\AntiVir Desktop\sched.exe

MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa C:\Program Files\Avira\AntiVir Desktop\schedr.dll

MD5: 5f2917842d9fbb4cb11f76b0c00a1f5b C:\Program Files\Bonjour\mdnsNSP.dll

MD5: 673cf4f6bb1fbe09331b526802fbb892 C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 08d8fa119f2ad6ac0377fb667523482e C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: d47fdf1e73d17405cd9a3be24b96e699 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: cef20cb83b36ec2dbb99d38dc80fc826 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 70d7be78061126dd0c3accdb7e129017 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: ecf7a68f841e6b44fd943788146798ca C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 0debb0f383c1f71fff1a5d5f27b8b5f0 C:\Program Files\Common Files\LightScribe\LSLog.dll

MD5: e56015c72702309f87fa44ac23ba284d C:\Program Files\Common Files\LightScribe\LSSProxy.dll

MD5: abf90fc5a127f481219b873c1b8dfc1c C:\Program Files\Common Files\LightScribe\LSSrvc.exe

MD5: 805ae1f90c64758d19aaa001cf8cba12 C:\Program Files\CyberLink\Shared files\RichVideo.exe

MD5: 1c638c66c3451daeef4a0e1158e4c67a C:\Program Files\CyberLink\YouCam\MSVCP71.dll

MD5: 08b8cbe749d01ac1ee19b50a5190c3e2 C:\Program Files\CyberLink\YouCam\MSVCR71.dll

MD5: a96cf24dce0dbac3c3b80b61fb1c44a7 C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

MD5: 805a6ccebb8cc41c79b2e66f519e6be3 C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll

MD5: b4be4dae164bf1c6630f0d32fed0eca9 C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

MD5: 7636713b4f0944045ab4af7ced5245ab C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MD5: 7726c681f89f51d1d03f5dec2538da7b C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: 455b6af8235787ab6e36193fbd9bb0aa C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

MD5: be78357fb49759b79ccc01894bcfdddb C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

MD5: 7795f8cebc284a426b53f541e538695f C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

MD5: a6e2f277ce1ed178008cb858ee779b26 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\FnKyACTN.DLL

MD5: fc1bfc7d8973f2d9dc974286872dddba C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.DLL

MD5: f7cf218e5caa6fc0bb55791ad31e2b3f C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

MD5: 0825d986b41670f04b105ef1eae2f167 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL

MD5: 8cb896c573fd15ae8b13180da53e93d2 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

MD5: 017b1cdda13b2fbbd54232ba19c8c6a5 C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

MD5: 2dfb151fd34df104dac0adf070eda83c C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

MD5: 184c500cb9f69585f3fe85e1d2667cd8 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

MD5: e4e285a3766b4a57401feeaf66cb07b5 c:\program files\hp\digital imaging\bin\hpqcxs08.dll

MD5: cfb58c9a53b56892817c3519e32c4502 c:\program files\hp\digital imaging\bin\hpqddcmn.dll

MD5: ee4c7a4cf2316701ffde90f404520265 c:\program files\hp\digital imaging\bin\hpqddsvc.dll

MD5: eb4e50a3270bb4a0d66ed82686d5cfaf C:\Program Files\HP\QuickPlay\helper.dll

MD5: 68965639ba4eb003f3c56a2f3cea0f1e C:\Program Files\HP\QuickPlay\Kernel\common\CLRCEngine3.dll

MD5: f2f3ceda837827f1a14133ce8930bc59 C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\HP\QuickPlay\MFC71.DLL

MD5: 5e5208a733bbcc4571f384754a9a6746 C:\Program Files\HP\QuickPlay\QPService.exe

MD5: fdea9e3f37c4e8185ebdd231c0cc54e0 C:\Program Files\Internet Explorer\ieproxy.dll

MD5: e0583d99d78277ccf78664708aec39b8 C:\Program Files\Internet Explorer\IEShims.dll

MD5: c613e69c3b191bb02c7a191741a1d024 C:\Program Files\Internet Explorer\iexplore.exe

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 32cdedd15e2d1a557cd54552ae78ff86 C:\Program Files\iPod\bin\iPodService.exe

MD5: 3dbaa8d7c333ba7feb5ab2bf7a8ef65c C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 0cfa8e4e0557bdc93484f3b679a3f810 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: d1f235a87a3940c376001bd8a8a4aa26 C:\Program Files\iTunes\iTunesHelper.dll

MD5: 407811b64b588fe80fa2e27e783b41ea C:\Program Files\iTunes\iTunesHelper.exe

MD5: a41cfd35f3e135d92b4a29424968f07d C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 2f359693efbb3c0866ce37a9c1c94ba7 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 7559e4fda009669309e599474d852527 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 67e74163c6178aa696e2b4a726770a02 C:\Program Files\Java\jre6\bin\jp2ssv.dll

MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 82696f34a604b65b4102ca96da153ef1 C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll

MD5: 7518f8e4c72dbbda84ad0ad4c59ba4c5 C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll

MD5: c7093a310b2dd6cfb0436938711ba409 C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll

MD5: a8efd009143c7ab1731235524b54341d C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll

MD5: d5086570265c1f28114fad4e021ef12e C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll

MD5: f3e580d593d3ddf2be00536e61dddc84 C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll

MD5: 7eab207fb02a850de14a7563858b23f7 C:\Program Files\Lexmark 2500 Series\lxddamon.exe

MD5: bc1eb6910a5f1712c9a89487670836eb C:\Program Files\Lexmark 2500 Series\lxddcfg.dll

MD5: 458c4292202eb55455f991cf33f26ef6 C:\Program Files\Lexmark 2500 Series\lxdddatr.dll

MD5: 093b09407737d7d006c0c6f9da1ed46a C:\Program Files\Lexmark 2500 Series\lxddmon.exe

MD5: 8852b8d58c1066454d6055ed1409628c C:\Program Files\Lexmark 2500 Series\lxddmonr.dll

MD5: 4cb2df5a67305c45e81081c48e593f90 C:\Program Files\Lexmark 2500 Series\lxddscw.dll

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Lexmark 2500 Series\MFC71.DLL

MD5: b8ec01e783b2100f1a894cc2edb759fb C:\Program Files\Lexmark 2600 Series\lxdncaps.dll

MD5: 31c0134fa601985f9f329976a36a85fb C:\Program Files\Lexmark 2600 Series\lxdncfg.dll

MD5: 768397f3c645f6a29c1413aacc8c0981 C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll

MD5: 59c9ff05be6f3bf709d92fae2e8d7192 C:\Program Files\Lexmark 2600 Series\lxdndatr.dll

MD5: 5282fd7134ef86c8b59dc4f986845cb1 C:\Program Files\Lexmark 2600 Series\lxdnDRS.dll

MD5: a2f2112bf9abb80f4efa2e65e7b7c667 C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

MD5: b5e5f391e7c77ebef8992416ca7477da C:\Program Files\Lexmark 2600 Series\lxdnmonr.dll

MD5: 08f1204ea9d8242dde51cd5de004e465 C:\Program Files\Lexmark 2600 Series\lxdnscw.dll

MD5: 2487c45b64790fc210547919f18fac71 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

MD5: c12121b120411f2c9a457af8339ab6c6 c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

MD5: 53e65510b524db7849e6497b1631dd8c C:\Program Files\ooVoo\ooVoo.exe

MD5: 4a98fdc9bc93e663bdb1b55f847cdce1 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 66c91a227660d474dc1a8158631c0deb C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 0d362785bef9bdf5a6e1f4628d06716d C:\Program Files\SMINST\BLService.exe

MD5: 8d93e00924da8ce71889d68de258b4e3 C:\Program Files\SMINST\STWmiM.dll

MD5: 7d76d318991a81591bd8a0ae63a3907b C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: 9cacbffa01b0cb2cb36111e274adf4d1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

MD5: 866b027053f3a40bc36126d265c78e96 C:\Program Files\Veetle\Player\npvlc.dll

MD5: c50b22c8d91a76069a993a2b5197a296 C:\Program Files\Veetle\plugins\npVeetle.dll

MD5: 30740221c0ae535da3fa7228c1c5a826 C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

MD5: 3b40d3a61aa8c21b88ae57c58ab3122e C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: dcca4b04af87e52ef9eaa2190e06cbac C:\Program Files\Windows Sidebar\sidebar.exe

MD5: abe43645a327bd9e8942d2034a054b06 C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

MD5: 2288d8ecb52f6b1302f89389d36149a2 C:\Users\Steve\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll

MD5: 596ae98746cea4c2b4a54266b26b433a C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll

MD5: 2e07a92527c8ab899f5a42e1df5dc283 C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll

MD5: 41813f05f1babc907640550d1c41b456 C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll

MD5: 2f53a197cf546a7ca5e4927b42013240 C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll

MD5: 78d4896db266107319ce6ff7d5da9727 C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\m9q1ir6z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

MD5: 3a1a63cf0473bc8ab0175709d4d08fac C:\Users\Steve\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll

MD5: 8a68b7f6f17377efc0e7b12abe54a8a4 C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

MD5: af53e4cb1f5def17adfad5ccf18cc800 C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MD5: 5a7a33f7f9dfc0c0a8b8e000f4d9d898 C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MD5: 34b28f4ad92f4a75d739f7b0e06858ef C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MD5: 1d4da021b0ad837b35afb772cc7c636d C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MD5: f68caff425a9f37e498193bddc5cc652 C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MD5: 2228fa05bcc728e116663a5e11ed6301 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MD5: 5b3fa17e1cd6fbbdf41ac34daeecc256 C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MD5: 1894e5dd09347587992137f462108a50 C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MD5: 30e46d54fb2938ccf04be99f1d4fbe3d C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

MD5: fc96b10618bf4ad2b3eafd544ef06086 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MD5: 006c83751b9f17934b58085d0b7bda2c C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\Windows\Downloaded Program Files\qsax.dll

MD5: 6f678556a6fce04fc94f3435f6313705 C:\Windows\Downloaded Program Files\unagiuninst.exe

MD5: 818dbc9026fdb4a519a4b74a30a7f485 C:\Windows\ehome\ehmsas.exe

MD5: 4825d2a98fab45d4938da9196addfad4 C:\Windows\eHome\ehProxy.dll

MD5: a8c362018efc87beb013ee28f29c0863 C:\Windows\ehome\ehRecvr.exe

MD5: a7dc47dbbe3c0384ba719dc4188afa7e C:\Windows\ehome\ehTray.exe

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\explorer.exe

MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: da587bab5c4ff4233d33ab02ba821a8a C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: c521d7eb6497bb1af6afa89e322fb43c C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

MD5: f476ec40033cdb91efbe73eb99b8362d C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

MD5: 189ef45eb56724a888159c084588155d C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 1a11a757d613f8a815b8e30025522628 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

MD5: ab690cd34cf4b4e3ddf78fd4fbcf88c3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll

MD5: 2c49b175aee1d4364b91b531417fe583 C:\Windows\servicing\TrustedInstaller.exe

MD5: 9a39a2a5f443a756c568c6ed5748afe4 C:\Windows\System32\Actioncenter.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\system32\actxprxy.dll

MD5: e2318e8514abf50e3ecedab9465a90a1 C:\Windows\system32\Adobe\Director\np32dsw.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\system32\ADVAPI32.dll

MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll

MD5: fb1959012294d6ad43e5304df65e3c26 C:\Windows\System32\appinfo.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\System32\audioses.dll

MD5: ce3b4e731638d2ef62fcb419be0d39f0 c:\windows\system32\audiosrv.dll

MD5: cdd35c1ce1ebfe80c055691cdc8df443 C:\Windows\system32\authui.dll

MD5: 6e30d02aac9cac84f421622e3a2f6178 C:\Windows\System32\AxInstSV.dll

MD5: dab748ae0439955ed2fa22357533dddb C:\Windows\system32\basesrv.DLL

MD5: 67c1b58706b47eeba4e117ac197289e6 C:\Windows\system32\BatMeter.dll

MD5: 1e2bac209d184bb851e1a187d8a29136 c:\windows\system32\bfe.dll

MD5: f45ed8c4f9af862cd9992849b5203c11 C:\Windows\system32\bitsigd.dll

MD5: 0552a8684bf7566f744d5b19ff6aec6b c:\windows\system32\bitsperf.dll

MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\System32\browcli.dll

MD5: 6e11f33d14d020f58d5e02e4d67dfa19 c:\windows\system32\browser.dll

MD5: e3d5e244807ad655787fcd25477cc1bc C:\Windows\System32\bthprops.cpl

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: 319c6b309773d063541d01df8ac6f55f C:\Windows\System32\certprop.dll

MD5: 3ffaea12666e565ff51bf2fca674f543 C:\Windows\system32\CFGMGR32.dll

MD5: ae9898d5600a232cd8ae3298692162e5 C:\Windows\system32\CLUSAPI.DLL

MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe

MD5: 61062968b59b97be9568e68b4b527cb2 C:\Windows\System32\CNBLM4.DLL

MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll

MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\system32\COMDLG32.dll

MD5: 156f20e7a89573c2fd7cbc305dfc181f C:\Windows\System32\conhost.exe

MD5: 53831de9162c6c2378574b59eb786bf1 C:\Windows\system32\corpol.dll

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll

MD5: 108c2cfa5527458c096a699929ecbd80 C:\Windows\system32\credui.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\system32\CRYPT32.dll

MD5: a585bebf7d054bd9618eda0922d5484a c:\windows\system32\cryptsvc.dll

MD5: 28ca821606669bb9215ce010767720fa C:\Windows\system32\CRYPTUI.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\System32\cscapi.dll

MD5: 10de24cccd418c31107813682eb73542 C:\Windows\system32\CSRSRV.dll

MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe

MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll

MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll

MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 c:\windows\system32\dbghelp.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 c:\windows\system32\dhcpcore.dll

MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll

MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll

MD5: 33ef4861f19a0736b11314aad9ae28d0 c:\windows\system32\dnsrslvr.dll

MD5: 366ba8fb4b7bb7435e3b9eacb3843f67 C:\Windows\System32\dot3svc.dll

MD5: 8ec04ca86f1d68da9e11952eb85973d6 c:\windows\system32\dps.dll

MD5: 1b133875b8aa8ac48969bd3458afe9f5 C:\Windows\system32\drivers\1394ohci.sys

MD5: cea80c80bed809aa0da6febc04733349 C:\Windows\system32\drivers\ACPI.sys

MD5: 1efbc664abff416d1d07db115dcb264f C:\Windows\system32\drivers\acpipmi.sys

MD5: 9ebbba55060f786f0fcaa3893bfa2806 C:\Windows\system32\drivers\afd.sys

MD5: d320bf87125326f996d4904fe24300fc C:\Windows\system32\drivers\amdsata.sys

MD5: 46387fb17b086d16dea267d5be23a2f2 C:\Windows\system32\drivers\amdxata.sys

MD5: aea177f783e20150ace5383ee368da19 C:\Windows\system32\drivers\appid.sys

MD5: b01751cc563aecac09bbe36aaa21fbef C:\Windows\system32\DRIVERS\athr.sys

MD5: 1e4114685de1ffa9675e09c6a1fb3f4b C:\Windows\system32\DRIVERS\avgntflt.sys

MD5: 0f78d3dae6dedd99ae54c9491c62adf2 C:\Windows\system32\DRIVERS\avipbb.sys

MD5: 8f2da3028d5fcbd1a060a3de64cd6506 C:\Windows\system32\DRIVERS\bowser.sys

MD5: be167ed0fdb9c1fa1133953c18d5a6c9 C:\Windows\system32\drivers\cdrom.sys

MD5: cbe8c58a8579cfe5fccf809e6f114e89 C:\Windows\system32\drivers\CompositeBus.sys

MD5: 743c403d20a89db5ed84c874768b7119 C:\Windows\system32\drivers\cpuz133_x32.sys

MD5: 1c2999966f0f36aa44eaecbee70cf770 C:\Windows\system32\Drivers\CVPNDRVA.sys

MD5: f024449c97ec1e464aaffda18593db88 C:\Windows\System32\Drivers\dfsc.sys

MD5: b5e479eb83707dd698f66953e922042c C:\Windows\system32\DRIVERS\Dot4.sys

MD5: caefd09b6a6249c53a67d55a9a9fcabf C:\Windows\system32\drivers\Dot4Prt.sys

MD5: cf491ff38d62143203c065260567e2f7 C:\Windows\system32\DRIVERS\dot4usb.sys

MD5: 23f5d28378a160352ba8f817bd8c71cb C:\Windows\System32\drivers\dxgkrnl.sys

MD5: 8a73e79089b282100b9393b644cb853b C:\Windows\System32\DRIVERS\fvevol.sys

MD5: 9036377b8a6c15dc2eec53e489d159b5 C:\Windows\system32\drivers\HDAudBus.sys

MD5: 10c19f8290891af023eaec0832e1eb4d C:\Windows\system32\drivers\hidusb.sys

MD5: 35956140e686d53bf676cf0c778880fc C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

MD5: 7ac43c38ca8fd7ed0b0a4466f753e06e C:\Windows\system32\DRIVERS\HPZius12.sys

MD5: 0acd399f5db3df1b58903cf4949ab5a8 C:\Windows\system32\DRIVERS\HSX_CNXT.sys

MD5: cc267848cb3508e72762be65734e764d C:\Windows\system32\DRIVERS\HSX_DPV.sys

MD5: a2882945cc4b6e3e4e9e825590438888 C:\Windows\system32\DRIVERS\HSXHWAZL.sys

MD5: 871917b07a141bff43d76d8844d48106 C:\Windows\system32\drivers\HTTP.sys

MD5: 0c4e035c7f105f1299258c90886c64c5 C:\Windows\System32\drivers\hwpolicy.sys

MD5: 5cd5f9a5444e6cdcb0ac89bd62d8b76e C:\Windows\system32\drivers\iaStorV.sys

MD5: 8266ae06df974e5ba047b3e9e9e70b3f C:\Windows\system32\DRIVERS\igdkmd32.sys

MD5: c7e7e43cbd34d3b0a0156b51b917dfcc C:\Windows\system32\drivers\IntcHdmi.sys

MD5: 4bd7134618c1d2a27466a099062547bf C:\Windows\system32\drivers\IPMIDrv.sys

MD5: 9e3ced91863e6ee98c24794d05e27a71 C:\Windows\system32\drivers\kbdhid.sys

MD5: 412cea1aa78cc02a447f5c9e62b32ff1 C:\Windows\System32\Drivers\ksecdd.sys

MD5: 8ef48ff1c23b1ce6f96d09a45959eb20 C:\Windows\system32\DRIVERS\lgusbbus.sys

MD5: a0e24c5c2d0cff04bbd3753a72fae80b C:\Windows\system32\DRIVERS\lgusbdiag.sys

MD5: cc09a1132b1f6a8362107cc134e90d0b C:\Windows\system32\DRIVERS\lgusbmodem.sys

MD5: fc8771f45ecccfd89684e38842539b9b C:\Windows\System32\drivers\mountmgr.sys

MD5: 2d699fb6e89ce0d8da14ecc03b3edfe0 C:\Windows\system32\drivers\mpio.sys

MD5: ceb46ab7c01c9f825f8cc6babc18166a C:\Windows\system32\drivers\mrxdav.sys

MD5: 5d16c921e3671636c0eba3bbaac5fd25 C:\Windows\system32\DRIVERS\mrxsmb.sys

MD5: a70c828a93cce4c11617f6249f4d87fc C:\Windows\system32\DRIVERS\mrxsmb10.sys

MD5: b81f204d146000be76651a50670a5e9e C:\Windows\system32\DRIVERS\mrxsmb20.sys

MD5: 012c5f4e9349e711e11e0f19a8589f0a C:\Windows\system32\drivers\msahci.sys

MD5: 55055f8ad8be27a64c831322a780a228 C:\Windows\system32\drivers\msdsm.sys

MD5: cb7a9abb12b8415bce5d74994c7ba3ae C:\Windows\system32\drivers\msiscsi.sys

MD5: e7c54812a2aaf43316eb6930c1ffa108 C:\Windows\system32\drivers\ndis.sys

MD5: d8a65dafb3eb41cbb622745676fcd072 C:\Windows\system32\DRIVERS\ndisuio.sys

MD5: 38fbe267e7e6983311179230facb1017 C:\Windows\system32\DRIVERS\ndiswan.sys

MD5: 280122ddcf04b378edd1ad54d71c1e54 C:\Windows\System32\DRIVERS\netbt.sys

MD5: b3e25ee28883877076e0e1ff877d02e0 C:\Windows\system32\drivers\nvraid.sys

MD5: 4380e59a170d88c4f1022eff6719a8a4 C:\Windows\system32\drivers\nvstor.sys

MD5: bf8f6af06da75b336f07e23aef97d93b C:\Windows\System32\drivers\partmgr.sys

MD5: 673e55c3498eb970088e812ea820aa8f C:\Windows\system32\drivers\pci.sys

MD5: d528bc58a489409ba40334ebf96a311b C:\Windows\system32\DRIVERS\rdbss.sys

MD5: 23dae03f29d253ae74c44f99e515f9a1 C:\Windows\System32\DRIVERS\RDPCDD.sys

MD5: 518395321dc96fe2c9f0e96ac743b656 C:\Windows\System32\drivers\rdyboost.sys

MD5: 26a9d6227d12b9d9da5a81bb9b55d810 C:\Windows\system32\DRIVERS\Rt86win7.sys

MD5: 912c0a8c7e9b2467cf6dae1b64b72779 C:\Windows\system32\DRIVERS\Rtlh86.sys

MD5: d1fb9a678bd6c2b1129fcb09d5feb6dd C:\Windows\system32\drivers\RTSTOR.SYS

MD5: 434dcf7ae4300c876aa40873e3113983 C:\Windows\System32\Drivers\RtsUStor.sys

MD5: 05d860da1040f111503ac416ccef2bca C:\Windows\system32\drivers\sbp2port.sys

MD5: 0693b5ec673e34dc147e195779a4dcf6 C:\Windows\System32\DRIVERS\scfilter.sys

MD5: 6d4ccaedc018f1cf52866bbbaa235982 C:\Windows\system32\drivers\sffp_sd.sys

MD5: e4c2764065d66ea1d2d3ebc28fe99c46 C:\Windows\System32\DRIVERS\srv.sys

MD5: 03f0545bd8d4c77fa0ae1ceedfcc71ab C:\Windows\System32\DRIVERS\srv2.sys

MD5: be6bd660caa6f291ae06a718a4fa8abc C:\Windows\System32\DRIVERS\srvnet.sys

MD5: 0b7e7cbe1f9dd57bc5dcdcad3f6b1b3b C:\Windows\system32\DRIVERS\SymIMv.sys

MD5: 47183e3520c88fadd5b0c87d57040da5 C:\Windows\system32\DRIVERS\SynTP.sys

MD5: 24326784df8f3d5f5bbb9f878ce33c14 C:\Windows\System32\drivers\tcpip.sys

MD5: cca24162e055c3714ce5a88b100c64ed C:\Windows\System32\drivers\tcpipreg.sys

MD5: 1cb91b2bd8f6dd367dfc2ef26fd751b2 C:\Windows\system32\drivers\tdpipe.sys

MD5: 2c10395baa4847f83042813c515cc289 C:\Windows\system32\drivers\tdtcp.sys

MD5: b459575348c20e8121d6039da063c704 C:\Windows\system32\DRIVERS\tdx.sys

MD5: 04dbf4b01ea4bf25a9a3e84affac9b20 C:\Windows\system32\drivers\termdd.sys

MD5: 254bb140eee3c59d6114c1a86b636877 C:\Windows\System32\DRIVERS\tssecsrv.sys

MD5: fd1d6c73e6333be727cbcc6054247654 C:\Windows\System32\drivers\tsusbflt.sys

MD5: b2fa25d9b17a68bb93d58b0556e8c90d C:\Windows\system32\DRIVERS\tunnel.sys

MD5: ee43346c7e4b5e63e54f927babbb32ff C:\Windows\system32\DRIVERS\udfs.sys

MD5: d295bed4b898f0fd999fcfa9b32b071b C:\Windows\system32\drivers\umbus.sys

MD5: bd9c55d7023c5de374507acc7a14e2ac C:\Windows\system32\DRIVERS\usbccgp.sys

MD5: f92de757e4b7ce9c07c5e65423f3ae3b C:\Windows\system32\DRIVERS\usbehci.sys

MD5: 8dc94aec6a7e644a06135ae7506dc2e9 C:\Windows\system32\DRIVERS\usbhub.sys

MD5: e185d44fac515a18d9deddc23c2cdf44 C:\Windows\system32\drivers\usbohci.sys

MD5: f991ab9cc6b908db552166768176896a C:\Windows\system32\drivers\USBSTOR.SYS

MD5: 68df884cf41cdada664beb01daf67e3d C:\Windows\system32\DRIVERS\usbuhci.sys

MD5: 45f4e7bf43db40a6c6b4d92c76cbc3f2 C:\Windows\System32\Drivers\usbvideo.sys

MD5: 5461686cca2fda57b024547733ab42e3 C:\Windows\system32\drivers\vhdmp.sys

MD5: 4c63e00f2f4b5f86ab48a58cd990f212 C:\Windows\system32\drivers\volmgr.sys

MD5: f497f67932c6fa693d7de2780631cfe7 C:\Windows\system32\drivers\volsnap.sys

MD5: 3c3c78515f5ab448b022bdf5b8ffdd2e C:\Windows\system32\DRIVERS\wanarp.sys

MD5: a67e5f9a400f3bd1be3d80613b45f708 C:\Windows\system32\DRIVERS\WinUsb.sys

MD5: e714a1c0354636837e20ccbf00888ee7 C:\Windows\system32\drivers\WudfPf.sys

MD5: 1023ee888c9b47178c5293ed5336ab69 C:\Windows\system32\DRIVERS\WUDFRd.sys

MD5: cd5f291a1161f15896d1a4d63daff5df C:\Windows\System32\drivers\XAudio.exe

MD5: dab33cfa9dd24251aaa389ff36b64d4b C:\Windows\system32\DRIVERS\xaudio.sys

MD5: ee29fcc244c8033e2f748d863dcbf378 C:\Windows\System32\drt.dll

MD5: aa3b91b70e79bce70ad3b190789b9574 C:\Windows\System32\drttransport.dll

MD5: 497e59d9f01c6f247e72222a61835119 C:\Windows\system32\dwmcore.dll

MD5: 754afc50022c95da7c86b7020db78136 C:\Windows\system32\dwmredir.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll

MD5: addb05c93272a62606599b24730bd645 C:\Windows\system32\dxp.dll

MD5: 9a892b3439884c62b04718f0303a49e9 C:\Windows\system32\eapphost.dll

MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll

MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll

MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll

MD5: 5c3f9dba818cd93379d1a0f215270374 c:\windows\system32\ESENT.dll

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll

MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll

MD5: 674611721264013db169ec12afc9c3b6 C:\Windows\system32\fdssdp.dll

MD5: de6f4b7e62fde776f3de8e5fb5a05c48 C:\Windows\system32\fdwsd.dll

MD5: b3a5ec6b6b6673db7e87c2bcdbddc074 c:\windows\system32\fntcache.dll

MD5: d0481fb85beedd30a0884be327880f80 C:\Windows\System32\framedynos.dll

MD5: e6d90dc604f407b3b5e0fd285e46b2a0 C:\Windows\system32\FVEAPI.dll

MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\system32\fwpuclnt.dll

MD5: db603d3fd090c66f9709ef6493c26ba3 c:\windows\system32\FwRemoteSvr.DLL

MD5: 126f8331bd023178c7f0ef2f5ede16b3 C:\Windows\System32\FXSMON.DLL

MD5: 967ea5b213e9984cbe270205df37755b C:\Windows\system32\fxssvc.exe

MD5: 19bc13711ac403feb830522e4831701b C:\Windows\System32\gameux.dll

MD5: e87f5393f7d8ce2facc4dff703531392 C:\Windows\system32\GDI32.dll

MD5: e897eaf5ed6ba41e081060c9b447a673 c:\windows\system32\gpsvc.dll

MD5: 6b0450136dbca36c6722c21a746d96cb C:\Windows\System32\hccutils.DLL

MD5: c7952d0a4c43a965a1741916bb134751 C:\Windows\System32\hgcpl.dll

MD5: f059eb4c9c256f62f196eaa439e28f74 C:\Windows\system32\hgprint.dll

MD5: e2f6cc0d191361ee94fea3957653f531 C:\Windows\system32\hidphone.tsp

MD5: 3cd5bbda19a1ab4eba359e0a14fdf0f0 C:\Windows\System32\hkcmd.exe

MD5: 796b88bad57848ab2eed0fd516071608 C:\Windows\System32\hpz3l054.dll

MD5: 953d495fabf4574a97ac6644a2a427bc C:\Windows\System32\hpz3l4v2.dll

MD5: 8cd1dee212e52b9c22e66dba44991d32 c:\windows\system32\HTTPAPI.dll

MD5: 9dc23acf360aea7df55ad7a8d3fbf4e6 C:\Windows\System32\IdListen.dll

MD5: 2dfb999e4052060173ef60121931bc83 C:\Windows\System32\ieframe.dll

MD5: b54856b913ccbf23f456f87148f42920 C:\Windows\System32\iepeers.dll

MD5: 3b10ce9257f58352b555fadd898c5f12 C:\Windows\system32\iertutil.dll

MD5: 23e8af5ebd8a494d6a84333bbc21dd81 C:\Windows\system32\IEUI.dll

MD5: b0335e0e041106e15acc6d36d6d75bf5 C:\Windows\system32\igd10umd32.dll

MD5: 10ab9c9adb89816befb077e72659d029 C:\Windows\system32\igdumd32.dll

MD5: ba38c50f523dc053488ac3f9ef99aa0b C:\Windows\system32\igdumdx32.dll

MD5: fdc6bd427e353d205c1afb6065fa8175 C:\Windows\system32\igfxdev.dll

MD5: 3142195521fee436088ee8a5748de1b1 C:\Windows\System32\igfxpers.exe

MD5: 5bc881b4befcd1f005a7c1845ac63ad7 C:\Windows\system32\igfxrENU.lrc

MD5: 493164122dc72e1bf6d12f575604fbda C:\Windows\system32\igfxsrvc.dll

MD5: 1029b84ecbe4b95acb8491a3fe63d70f C:\Windows\system32\igfxtray.exe

MD5: f95622f161474511b8d80d6b093aa610 c:\windows\system32\ikeext.dll

MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\system32\imagehlp.dll

MD5: 2d11bc8b460957e62e4420373a0d8bda C:\Windows\system32\imapi2.dll

MD5: 93117349047ddb7b3ff24eb006207606 C:\Windows\system32\ImgUtil.dll

MD5: 4a8e2f20809cc161107faa94f6cf2685 C:\Windows\system32\IMM32.DLL

MD5: d27dde7e0444c7f1819f958469eb7d93 C:\Windows\System32\inetpp.dll

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL

MD5: 4d65a07b795d6674312f879d09aa7663 c:\windows\system32\iphlpsvc.dll

MD5: 53946b69ba0836bd95b03759530c81ec c:\windows\system32\ipsecsvc.dll

MD5: 494701186ccf559024b9db11760b7dbc C:\Windows\system32\jscript.dll

MD5: 2f4348dc0d06a0eba5f5c4cb435790c1 C:\Windows\system32\kerberos.DLL

MD5: 5553784d774ca845380650e010bbda2c C:\Windows\system32\kernel32.dll

MD5: aa7e805af3f7db2da9ea350423e87dfd C:\Windows\system32\KERNELBASE.dll

MD5: af75dba674e55221b7a055b0a4345f16 C:\Windows\system32\keyiso.dll

MD5: f3fb146cdbdd26fcd0cf7941c547bee4 C:\Windows\system32\kmddsp.tsp

MD5: 196b4e3f4cccc24af836ce58facbb699 C:\Windows\system32\kmsvc.dll

MD5: c140f86932b5b61f54a4d836e2d34ab2 C:\Windows\system32\ksproxy.ax

MD5: 630a31f277349109299e590856a4b004 C:\Windows\system32\kswdmcap.ax

MD5: c1585eaa67c37a05bf6f93726fafc069 c:\windows\system32\l2gpstore.dll

MD5: f2394835bb47efa3f8c0ee705af87cd8 C:\Windows\system32\l3codecp.acm

MD5: 6658f4404de03d75fe3ba09f7aba6a30 c:\windows\system32\listsvc.dll

MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll

MD5: 12c4e95f468a5fd3fbb8166e27ed4d53 C:\Windows\System32\localspl.dll

MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\system32\logoncli.dll

MD5: 7d388177ba300be55264411df6354d0d C:\Windows\system32\lsasrv.dll

MD5: 8aea9a37c1a3565a204d37c5e72ab791 C:\Windows\System32\lsm.exe

MD5: cf75575381e8f50e10b1bf0c6be42104 C:\Windows\System32\lxddcoms.exe

MD5: 499eb8f65cc51e55812135857caa6476 C:\Windows\system32\lxddiesc.dll

MD5: 9e5f104aa95528ed9a8a85a7af8507c7 C:\Windows\system32\lxddinpa.dll

MD5: 1484bb3c21b486af87897c2cea9f10af C:\Windows\System32\lxddlmpm.dll

MD5: fed81ee050a7a9c08e189405fee5b6a3 C:\Windows\system32\lxddserv.dll

MD5: 226abf4d76d39c905a035e4b5c8f2164 C:\Windows\system32\lxddusb1.dll

MD5: 9321821bdc0b98807923df8e82edc6dd C:\Windows\System32\lxdncoms.exe

MD5: 19a15034dffd042a3044455f6d89c374 C:\Windows\system32\lxdniesc.dll

MD5: eb7da1fa2a2ec9d5d6ceef7bb5a687d8 C:\Windows\system32\lxdninpa.dll

MD5: 9ca922153e68af68a20a191dbc49a6d9 C:\Windows\System32\lxdnlmpm.dll

MD5: 4e16e778982e5f5744e279e5b1cbd253 C:\Windows\system32\lxdnserv.dll

MD5: 70a7531d55b6e03ac51d63fea8fcd3d0 C:\Windows\system32\lxdnusb1.dll

MD5: 67c04ffc699b37e1b15d702d723348bb C:\Windows\system32\Macromed\Flash\Flash10p.ocx

MD5: ff6b64ef739fe6fb3ff21457e2012c89 C:\Windows\system32\Macromed\Flash\NPSWF32.dll

MD5: bfb9ee8ee977efe85d1a3105abef6dd1 C:\Windows\system32\Mcx2Svc.dll

MD5: dc6612a9ee015a36ba2a27bc9cc12537 C:\Windows\system32\MFC42.DLL

MD5: 243974ec02f7ae49e4179c54624143ab c:\windows\system32\MMDevAPI.DLL

MD5: 4eaf682e27490a3d45c0ebb6537ee6a8 C:\Windows\system32\modemui.dll

MD5: d4191efab91e00fc09257aa5ebaf503b C:\Windows\System32\MPRAPI.dll

MD5: 9835584e999d25004e1ee8e5f3e3b881 c:\windows\system32\mpssvc.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\system32\MSASN1.dll

MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll

MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL

MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll

MD5: 72d5e57f2dc55e39696df4694432b858 C:\Windows\system32\msfeeds.dll

MD5: 3a16ea01fcfaab40882db5bfee632322 C:\Windows\system32\MsftEdit.dll

MD5: f5b7c30075207a165ff2eed1ff89ab8d C:\Windows\System32\mshtml.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\System32\msi.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe

MD5: cbbd4d79eec3ef5a4adae9697944c6b9 C:\Windows\System32\msmpeg2enc.dll

MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll

MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL

MD5: 0241cb16136b9a4939ca0395768ae286 C:\Windows\system32\MSSRCH.DLL

MD5: 56ceed370508f69a1ba04939bd1badda C:\Windows\system32\MSUTB.dll

MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\Windows\system32\msv1_0.DLL

MD5: 126b75d50756fe204283d418ae1a66df C:\Windows\system32\MSVCIRT.dll

MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\system32\MSVFW32.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll

MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll

MD5: 45d9f6cd2469cdb6a640dd4bd2b01471 C:\Windows\system32\NCI.dll

MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL

MD5: 75ea62927355189876081ef863064982 c:\windows\system32\ncsi.dll

MD5: aa11a26692e0db2996caefe9ec61f61f C:\Windows\system32\ndptsp.tsp

MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL

MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll

MD5: 1ff7e4f548c7c372c804938f0d5b36ae C:\Windows\system32\netcfgx.dll

MD5: e343cabbd8d600abaf3f11625d33b3d0 C:\Windows\system32\netjoin.dll

MD5: c1809b9907adedaf16f50c894100883b C:\Windows\system32\netlogon.DLL

MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\System32\netshell.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll

MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll

MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll

MD5: 912084381d30d8b89ec4e293053f4710 c:\windows\system32\nlasvc.dll

MD5: 28caaa8b3dac4604b6871f311c6b9f49 C:\Windows\System32\NLSData0000.dll

MD5: 0bdf121ebd33da510bd82051c795e199 C:\Windows\System32\NLSData0003.dll

MD5: 6f778263deb34eda9ea7156ff3abb26b C:\Windows\System32\NLSData0007.dll

MD5: e08bd8a403e169971b499e59203b0fb8 C:\Windows\System32\NLSLexicons0003.dll

MD5: 5e09c2ab22939cb7a637b7f1c5ae7d4f C:\Windows\System32\NLSLexicons0007.dll

MD5: d2a937964199f647b1c3bc435712e5d9 c:\windows\system32\nrpsrv.DLL

MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll

MD5: ed60c95c805dbaee92c90c3ab930085a C:\Windows\SYSTEM32\ntdll.dll

MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll

MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll

MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\Windows\system32\ODBC32.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\system32\ole32.dll

MD5: 1cbaedc5448cd922dcf82283383ad68b C:\Windows\system32\OLEAUT32.dll

MD5: f748f53fe09d21d8ecbb6421e6792024 c:\windows\system32\OneX.DLL

MD5: 08df1b8c9c0754a7069e80a986373f52 C:\Windows\System32\P2P.dll

MD5: 1b0ec94520cab89a9ce1b2da405166af C:\Windows\System32\P2PCOLLAB.dll

MD5: 1372e8e8fd066002131e3d509275e697 c:\windows\system32\P2PGRAPH.dll

MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll

MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll

MD5: 3d6f22551d422f97aacb0bb927e4c846 C:\Windows\System32\pnidui.dll

MD5: e98278865e8daba21cfe5fe4be34210a C:\Windows\system32\PortableDeviceApi.dll

MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll

MD5: 03cf941d031f30272d3063e5a4d686f5 C:\Windows\System32\PrintIsolationProxy.dll

MD5: c8333f1f77a1b2e25f2202e892caf634 C:\Windows\system32\prnfldr.dll

MD5: 43ca4ccc22d52fb58e8988f0198851d0 c:\windows\system32\profsvc.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 c:\windows\system32\provsvc.dll

MD5: 02530b0b7e048dd5ac8d52daeacaeb2b C:\Windows\System32\QAgent.dll

MD5: 61d57a5d7c6d9afe10e77dae6e1b445e C:\Windows\system32\qagentRT.dll

MD5: e585445d5021971fae10393f0f1c3961 c:\windows\system32\qmgr.dll

MD5: b4d0d2f098c7a68385560df4551551ca C:\Windows\system32\quartz.dll

MD5: bd626ef05967d14c772b8096292731a3 C:\Windows\System32\QUtil.dll

MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll

MD5: 207cf171b1c6b8ae50c1fbf87363eebc C:\Windows\System32\raschap.dll

MD5: cb9e04dc05eacf5b9a36ca276d475006 c:\windows\system32\rasmans.dll

MD5: 67f9b5c7e215b48f9256757e9cc09a7b C:\Windows\system32\rasppp.dll

MD5: b2e1e4a16edd02396f451f915fa3cbfa C:\Windows\system32\rastapi.DLL

MD5: 2af094c822bd6094f14a8e85fb51d52a C:\Windows\system32\RESUTILS.DLL

MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.DLL

MD5: 6400774e903729add0a62a24a334ee56 C:\Windows\system32\RPCRT4.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll

MD5: 7660f01d3b38aca1747e397d21d790af c:\windows\system32\rpcss.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\System32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL

MD5: 245f4691314f42d4d1bc06442f0b2086 C:\Windows\system32\SAMSRV.dll

MD5: 8124944ec89d6a1815e4e53f5b96aaf4 C:\Windows\system32\scecli.DLL

MD5: 250aa41de690561af1282d598914564c C:\Windows\system32\SCESRV.dll

MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll

MD5: 135f7ac9be35ab1df727faf2e60e92f8 C:\Windows\system32\schannel.DLL

MD5: a04bb13f8a72f8b6e8b4071723e4e336 c:\windows\system32\schedsvc.dll

MD5: b83f08ce1bdd80c69e7bdaffc4c070c9 C:\Windows\system32\scrnsave.scr

MD5: 08236c4bce5edd0a0318a438af28e0f7 C:\Windows\System32\SDRSVC.dll

MD5: a6cd6b3f71e13e2e45b727fb8a47ea87 C:\Windows\System32\SearchFilterHost.exe

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\System32\SearchIndexer.exe

MD5: e1ac89f6c5252057e6062843e36a6701 C:\Windows\System32\SearchProtocolHost.exe

MD5: a8ce0c7f1d37e0b8082608a148b6b976 C:\Windows\system32\secur32.dll

MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\system32\SETUPAPI.dll

MD5: f14a9b1778376d0b1788e402ac1f831a C:\Windows\System32\shacct.dll

MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll

MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\system32\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\system32\SHLWAPI.dll

MD5: 414da952a35bf5d50192e28263b40577 c:\windows\system32\shsvcs.dll

MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe

MD5: 2cfa4569350b7f84f815e9ec34e85766 C:\Windows\system32\SndVolSSO.DLL

MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll

MD5: deb8a241d5671f7d4188f86e2aeb6960 C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe

MD5: 4a0b6533f035d74729942ee1d19c35c5 C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

MD5: c00cc74fc1d7b3f4cb3f7bedd3482447 C:\Windows\system32\spool\PRTPROCS\W32X86\CNBPP4.DLL

MD5: 307499e92bfe4ae04b4d716bace8ba7a C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpp054.dll

MD5: 1b557a1718b7af07fc35f0d29530089c C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpp4v2.dll

MD5: 331d2fb4319df34a233f73ac63f47bc8 C:\Windows\system32\spool\PRTPROCS\W32X86\lxdddrpp.dll

MD5: 4cb572b4717b28d647f3da0c49896e7d C:\Windows\system32\spool\PRTPROCS\W32X86\lxdndrpp.dll

MD5: cd72c6406ba561bed6d42cb145e55307 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll

MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL

MD5: 866a43013535dc8587c258e43579c764 C:\Windows\System32\spoolsv.exe

MD5: cf87a1de791347e75b98885214ced2b8 C:\Windows\system32\sppsvc.exe

MD5: b0180b20b065d89232a78a40fe56eaa6 C:\Windows\system32\sppuinotify.dll

MD5: ce292c4c10b8db6070f262ea2733f0dc c:\windows\system32\sqmapi.dll

MD5: 674b0c0f6a448eb185caab9c51d44032 C:\Windows\System32\srchadmin.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll

MD5: d64af876d53eca3668bb97b51b4e70ab c:\windows\system32\srvsvc.dll

MD5: 89e783711af91af09e1ef30ef3107446 C:\Windows\system32\SSCORE.DLL

MD5: 331534632d1da3377440493848e4a70e C:\Windows\system32\SspiCli.dll

MD5: 4902ecf2a155a51f6ff7c013b7e212cd C:\Windows\system32\SspiSrv.dll

MD5: 912649a1b3f9e6acb3899fbdaba2ed5f C:\Windows\system32\stobject.dll

MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL

MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL

MD5: 2ddea2c345da5bc589efd398f220db0e C:\Windows\System32\SyncCenter.dll

MD5: 18db2dc3b147985cfffbc08ff1f026a7 C:\Windows\system32\SynCOM.dll

MD5: 3ae2cbcee209c5f78a7b4417c5db129d C:\Windows\system32\SynTPAPI.dll

MD5: 36650d618ca34c9d357dfd3d89b2c56f c:\windows\system32\sysmain.dll

MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll

MD5: 763fecdc3d30c815fe72dd57936c6cd1 C:\Windows\System32\TabSvc.dll

MD5: 613bf4820361543956909043a265c6ac c:\windows\system32\tapisrv.dll

MD5: 1c3e8371377e988b683797a132effe1b C:\Windows\system32\taskcomp.dll

MD5: 7fa8ba5a780e4757964ac9d4238302b9 C:\Windows\System32\taskhost.exe

MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\system32\taskschd.dll

MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll

MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll

MD5: 382c804c92811be57829d8e550a900e2 C:\Windows\System32\termsrv.dll

MD5: 672d7c5080acb003343006405da2e621 C:\Windows\system32\thumbcache.dll

MD5: 83c9840cf87a0ca55526327801716d27 C:\Windows\system32\timedate.cpl

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll

MD5: d29e45078cf4020ce0aac82ec652d1ea C:\Windows\system32\tspkg.DLL

MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll

MD5: 230ea9abbc3432cde388f4891e76e867 C:\Windows\system32\udhisapi.dll

MD5: d33e95c0a2754061233b58dc41f8094c C:\Windows\system32\umb.dll

MD5: ec7bc28d207da09e79b3e9faf8b232ca c:\windows\system32\umpnpmgr.dll

MD5: f87d30e72e03d579a5199ccb3831d6ea c:\windows\system32\umpo.dll

MD5: 377f0c1ddbfa6a43cb7e7568bc0eced0 C:\Windows\system32\unimdm.tsp

MD5: 53ca6bf58658815fcb472205291dd953 C:\Windows\system32\unimdmat.dll

MD5: e675de8cf57d8814218733b3dae896d7 C:\Windows\system32\uniplat.dll

MD5: 954ea9b34f155c844b11f4047a8f6f89 C:\Windows\system32\upnp.dll

MD5: 1973a8ac903115b3b60e1a53c1b014e6 C:\Windows\system32\urlmon.dll

MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll

MD5: f1dd3acaee5e6b4bbc69bc6df75cef66 C:\Windows\system32\USER32.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\system32\USP10.dll

MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll

MD5: 370349f79315d4db86cd992cacefee61 C:\Windows\system32\van.dll

MD5: c3cd30495687c2a2f66a65ca6fd89be9 C:\Windows\System32\vds.exe

MD5: 53d33a868216eb9f42809069e192dc1e C:\Windows\system32\vpnapi.dll

MD5: 80b562b5b59ed850c328dd75f964f3d8 C:\Windows\system32\vpnike.dll

MD5: 13337a3fb17f2242487fd45488ed0485 C:\Windows\system32\VSSAPI.DLL

MD5: 209a3b1901b83aeb8527ed211cce9e4c C:\Windows\system32\vssvc.exe

MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\FastProx.dll

MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll

MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll

MD5: 585eb475e7af55c9065256e8ffb751a1 C:\Windows\system32\wbem\wbemcore.dll

MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll

MD5: 701c9eb15e1e23d22f7c7184c0506673 C:\Windows\system32\wbem\wmidcprv.dll

MD5: c6b0509aa89f656247694e2d6abf7255 C:\Windows\system32\wbem\wmiprov.dll

MD5: 3cde2911462fec80064a409c07710c06 C:\Windows\system32\wbem\wmiprvsd.dll

MD5: 4fb491ac8d46aaf22ba8bc5c73dabef7 C:\Windows\System32\wbem\WmiPrvSE.exe

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

MD5: 691e3285e53dca558e1a84667f13e15a C:\Windows\system32\wbengine.exe

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll

MD5: f0016853fa3f38f55fd868ff74c0359b C:\Windows\system32\wdiasqmmodule.dll

MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv

MD5: a399514d3b28c9a3453a486bbaaff1c7 c:\windows\system32\WDSCORE.dll

MD5: a4ee3d80e31d5a3ca8ebe6a67a06cec0 c:\windows\system32\webcheck.dll

MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll

MD5: 02c61d8ad469417f5508225c75de3236 C:\Windows\system32\webio.dll

MD5: db846eeca70ee9d2e2ff31147c57b0f4 C:\Windows\system32\webservices.dll

MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll

MD5: 1869bd251211fb6275067372a45682d6 C:\Windows\System32\werconcpl.dll

MD5: 241e015dd809cfb23242f890b1fc575b c:\windows\system32\wevtsvc.dll

MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll

MD5: e2d56ae1d40e3725084054cd8e9cfbb1 C:\Windows\system32\wiarpc.dll

MD5: e1fb3706030fb4578a0d72c2fc3689e4 c:\windows\system32\wiaservc.dll

MD5: 536e06b5a05c6e39c8748e3941fb083d C:\Windows\System32\win32spl.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll

MD5: 2ca020eacdc6ddb2bea89fea02c90945 C:\Windows\system32\WININET.dll

MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe

MD5: 6d13e1406f50c66e2a95d97f22c47560 C:\Windows\System32\winlogon.exe

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll

MD5: 81c0fa250ef6dc1c6b3fa2bce81d6c2e C:\Windows\system32\WinSATAPI.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f c:\windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV

MD5: a9f564f254e9ddde120a7135767ec24b C:\Windows\system32\winsrv.DLL

MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll

MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\system32\WINTRUST.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll

MD5: 58405e4f68ba8e4057c6e914f326aba2 c:\windows\system32\wkssvc.dll

MD5: 3c9035085141162416a0dd34dbf3f3c1 c:\windows\system32\WLANMSM.DLL

MD5: 20c06a50dfc097e134bc6fa8444ca9bc c:\windows\system32\WLANSEC.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\system32\WLDAP32.dll

MD5: 749f9795f01c35eebe100a87d82b9681 c:\windows\system32\wlgpclnt.dll

MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll

MD5: 5cf15474ffdb5005e54958df6edd97ab C:\Windows\system32\wmdrmdev.dll

MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll

MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll

MD5: 7b97346ce563b74bbcc120fc83e5a6d9 C:\Windows\system32\wmpmde.dll

MD5: 3f2b83695e5bf11930c16af50e991f96 C:\Windows\System32\wmpps.dll

MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll

MD5: aa53356d60af47eacc85bc617a4f3f66 C:\Windows\system32\wpdbusenum.dll

MD5: 181f69bc9c406b7fb5c0ade8031630ac C:\Windows\system32\wpdshext.dll

MD5: 735263da17bf5baf9ccd483843bf9d5a C:\Windows\system32\wpdshserviceobj.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\WS2_32.dll

MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\System32\WSCAPI.dll

MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl

MD5: 73f6c5223f7e9b5780dd4a6c30fcf569 C:\Windows\system32\wsdapi.dll

MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll

MD5: 81f08948a0f1475894c99d4d19a158a8 C:\Windows\System32\wshqos.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll

MD5: 6357e2b68753a1f5cf4a68a25c4fd14a C:\Windows\System32\wsnmp32.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll

MD5: 7d4dc95a1f5e0818e74a399960569ea1 C:\Windows\system32\wuapi.dll

MD5: 3026418a50c5b4761befa632cedb7406 c:\windows\system32\wuaueng.dll

MD5: 9fbcfd7e88a7ace0e94456504895dd7f c:\windows\system32\WUDFPlatform.dll

MD5: 8d1e1e529a2c9e9b6a85b55a345f7629 c:\windows\system32\wudfsvc.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MD5: f073d260f7f74471cd6ec71d527a25f1 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.17514_none_83801b5eed6392d9\gdiplus.dll

MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.05 MB sent, 2.43 KB recvd

Scanned 1105 files and modules - 57 seconds

==============================================================================

Link to post
Share on other sites

Your logs appear to be clean! :D

Hey, I hope you enjoyed your 4th!

Thank you, I did :). I hope yours was enjoyable as well!

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again ;) :

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

---------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

---------

Please let me know how the updates went, as failed updates may indicate additional malware :).

Link to post
Share on other sites

Glad to hear the updates went well! :D

I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;) :

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.