Jump to content

Help! I think i'm Infected.


Recommended Posts

I've done some scans and combofix says

c:\windows\system32\drivers\ntfs.sys . . . is infected!!

ComboFix 11-07-27.01 - Shazia Begum 27/07/2011 13:26:04.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1918.864 [GMT 0:00]

Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\users\Shazia Begum\AppData\Roaming\update.exe

c:\windows\SNMPAPI.DLL

c:\windows\sysk32.dll

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\sinvfct.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

-- Previous Run --

.

c:\windows\system32\drivers\ntfs.sys . . . is infected!!

.

--------

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))

.

.

2011-07-27 13:38 . 2011-07-27 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-27 01:10 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD9DB66B-4306-404A-8026-C9179366F318}\mpengine.dll

2011-07-26 20:06 . 2011-07-27 13:38 -------- d-----w- c:\users\Shazia Begum\AppData\Local\temp

2011-07-26 12:58 . 2011-02-22 13:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2011-07-26 12:58 . 2011-02-22 13:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2011-07-26 12:58 . 2011-02-22 13:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2011-07-26 12:58 . 2011-07-26 12:58 -------- d-----w- c:\program files\ThreatFire

2011-07-25 19:30 . 2011-07-26 19:44 -------- d-----w- c:\program files\Macromedia

2011-07-25 19:30 . 2011-07-26 19:42 -------- d-----w- c:\program files\Common Files\Macromedia

2011-07-25 19:28 . 2011-07-26 19:34 180224 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll

2011-07-25 19:28 . 2011-07-26 19:34 266240 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll

2011-07-25 19:28 . 2011-07-26 19:34 32768 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

2011-07-25 19:28 . 2011-07-26 19:34 409600 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

2011-07-25 19:28 . 2011-07-26 19:33 172032 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

2011-07-25 19:28 . 2011-07-26 19:33 761856 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

2011-07-25 19:28 . 2011-07-26 19:33 540772 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll

2011-07-23 20:14 . 2011-07-23 20:14 -------- d-----w- c:\users\Shazia Begum\AppData\Local\uTorrent

2011-07-15 14:38 . 2011-07-15 15:22 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-06-29 15:09 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 15:09 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 15:09 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 15:09 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 15:09 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 15:09 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 15:09 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 15:09 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 15:09 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 15:09 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-26 21:43 . 2011-02-28 18:51 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-06 19:52 . 2011-06-01 09:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 19:52 . 2011-06-01 09:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:43 . 2011-05-31 10:29 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2011-06-12 12:11 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:37 . 2011-06-12 12:11 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-07-04 11:36 . 2011-06-12 12:11 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2011-06-12 12:12 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:36 . 2011-06-12 12:11 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-07-04 11:35 . 2011-06-12 12:11 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:32 . 2011-06-12 12:11 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2011-06-12 12:11 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-07-04 11:32 . 2011-06-12 12:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-25 19:45 . 2011-06-25 19:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-20 19:51 . 2008-10-29 21:24 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-24 19:14 . 2011-02-28 12:36 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 11:40 . 2011-06-12 12:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-05-04 04:52 . 2011-03-26 16:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-03 04:30 . 2011-06-14 20:40 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 02:46 . 2011-06-14 20:41 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46 . 2011-06-14 20:41 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46 . 2011-06-14 20:41 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"JAWS"="c:\program files\Freedom Scientific\JAWS\11.0\jfw.exe" [2010-05-17 4471064]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-20 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-24 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-01-22 00:12 550856 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 lqffzi;lqffzi; [x]

R0 tvelms;tvelms; [x]

R1 MpKsl192648a8;MpKsl192648a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDDC5CDA-FFB2-4C57-A683-9B69E190884F}\MpKsl192648a8.sys [x]

R1 MpKsl23d0064e;MpKsl23d0064e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5EA4505-D9B9-4350-BE00-F839A4827F60}\MpKsl23d0064e.sys [x]

R1 MpKsl3d484af3;MpKsl3d484af3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E25447-49F1-4225-AF69-2C79C0BA3FC1}\MpKsl3d484af3.sys [x]

R1 MpKsl587e0aa7;MpKsl587e0aa7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1904DD12-C1B7-4CF7-9D52-52D498439DA5}\MpKsl587e0aa7.sys [x]

R1 MpKsl8181d8e2;MpKsl8181d8e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C378A09-4C79-4371-A8F0-9274D00F6400}\MpKsl8181d8e2.sys [x]

R1 MpKsl8a3fdb26;MpKsl8a3fdb26;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B94046C-2329-4088-985E-596FC6DDCF4C}\MpKsl8a3fdb26.sys [x]

R1 MpKsl8bc0d91a;MpKsl8bc0d91a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72728B70-5781-43D7-A961-E405231B30E7}\MpKsl8bc0d91a.sys [x]

R1 MpKsl9acdf8b6;MpKsl9acdf8b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C378A09-4C79-4371-A8F0-9274D00F6400}\MpKsl9acdf8b6.sys [x]

R1 MpKsla24d1bd7;MpKsla24d1bd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F78626D1-793F-44BF-9ECC-A63FCD725361}\MpKsla24d1bd7.sys [x]

R1 MpKslb664a4c5;MpKslb664a4c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05330D2C-93C8-4EE9-A0F6-86F551A58F7C}\MpKslb664a4c5.sys [x]

R1 MpKslcb15af64;MpKslcb15af64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A48E31BD-1422-4584-911D-D72A65E3DCB3}\MpKslcb15af64.sys [x]

R1 MpKsld011fbad;MpKsld011fbad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87F03064-2D08-420A-A607-F8C56DC67A3E}\MpKsld011fbad.sys [x]

R1 MpKslda1921de;MpKslda1921de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{050C4676-9D28-4FAE-8BD4-35A0EBC10BF7}\MpKslda1921de.sys [x]

R1 MpKsleaf81cf4;MpKsleaf81cf4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8357443-6C4D-44BF-94EF-941B22905EF4}\MpKsleaf81cf4.sys [x]

R1 MpKslf3ae42e1;MpKslf3ae42e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C7DBFE3-365D-4C5E-9C6C-7688D8E2F43C}\MpKslf3ae42e1.sys [x]

R1 MpKslf6f9a9e4;MpKslf6f9a9e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FED78B-94ED-4C70-A19D-8D9AA81BAAD8}\MpKslf6f9a9e4.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-07-04 121000]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 JTVNCProxy_11.0;JTVNCProxy_11.0;c:\program files\Freedom Scientific\JAWS\11.0\JTVNCProxy.exe [2010-05-17 16152]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [2010-05-17 14880]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-04-01 23608]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-28 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-05-10 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 69392]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-24 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-24 123264]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]

S2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [2010-05-17 20512]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]

S3 fsvidmir;fsvidmir;c:\windows\system32\DRIVERS\fsvidmir.sys [2010-05-17 2944]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 33552]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CO_Mon

*Deregistered* - SymEvent

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-114935392-3903743455-1703224864-1000Core.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-114935392-3903743455-1703224864-1000UA.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c91fd6f9-e625-41ab-ba5a-fd8cd5558f1b.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-01-07 22:41]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.co.uk

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)

HKLM-Run-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-114935392-3903743455-1703224864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-114935392-3903743455-1703224864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(584)

c:\program files\ThreatFire\TFWAH.dll

.

- - - - - - - > 'lsass.exe'(648)

c:\program files\ThreatFire\TFWAH.dll

.

- - - - - - - > 'Explorer.exe'(1548)

c:\program files\ThreatFire\TfWah.dll

c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

c:\windows\system32\cscapi.dll

c:\windows\System32\gameux.dll

c:\windows\System32\pnidui.dll

c:\windows\system32\dhcpcsvc.DLL

c:\windows\system32\Wlanapi.dll

c:\windows\system32\wlanutil.dll

c:\windows\System32\SyncCenter.dll

c:\windows\System32\WSCAPI.dll

c:\windows\System32\msxml6.dll

.

Completion time: 2011-07-27 13:47:34

ComboFix-quarantined-files.txt 2011-07-27 13:47

.

Pre-Run: 190,067,863,552 bytes free

Post-Run: 189,731,205,120 bytes free

.

- - End Of File - - EB6088D22F920B40FE1C4D209E827789

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Heres the DDS Log and Malwarebytes Log.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7295

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

27/07/2011 14:04:59

mbam-log-2011-07-27 (14-04-59).txt

Scan type: Quick scan

Objects scanned: 157264

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Shazia Begum at 14:01:09 on 2011-07-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1918.906 [GMT 0:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\MicroNEXT\Common\RalinkRegistryWriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ThreatFire\TFService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\hp\KBD\KbdStub.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Freedom Scientific\JAWS\11.0\fsATProxy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.co.uk

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\bh\BabylonToolbar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [JAWS] "c:\program files\freedom scientific\jaws\11.0\jfw.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\shazia begum\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{420611A8-E7EB-4A34-9685-19BDC2E71210} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4FE0CC62-B06C-486D-AE95-1EEA89E42096} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{50C231D0-2F37-41FF-A14C-ADAAE1E55E43} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{526714CE-DD71-44DA-95BA-F8F0BC01D2E0} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{526714CE-DD71-44DA-95BA-F8F0BC01D2E0}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BC365088-A50C-4F11-81C5-F6217981F31C} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CBE71462-023F-4A61-ABFF-63A1AD2137C1} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-6-12 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-6-12 194264]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-7-26 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-7-26 69392]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-6-12 103384]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 309848]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-1-27 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-3-19 123264]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-12 54104]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-5 42184]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-7-5 121000]

R2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [2010-5-17 20512]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\micronext\common\RalinkRegistryWriter.exe [2011-2-28 75040]

R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

R3 fsvidmir;fsvidmir;c:\windows\system32\drivers\fsvidmir.sys [2010-5-17 2944]

R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-7-26 33552]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-1 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-28 136176]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-15 366640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-28 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-28 136176]

S3 JTVNCProxy_11.0;JTVNCProxy_11.0;c:\program files\freedom scientific\jaws\11.0\JTVNCProxy.exe [2010-5-17 16152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-1 22712]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PowerBrl;powerBraille System Driver;c:\windows\system32\drivers\powerbrl.sys [2010-5-17 14880]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-28 52224]

S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-5-28 23608]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-28 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-07-27 13:45:10 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-27 01:10:38 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd9db66b-4306-404a-8026-c9179366f318}\mpengine.dll

2011-07-26 20:06:50 -------- d-----w- c:\users\shazia begum\appdata\local\temp

2011-07-26 19:51:19 98816 ----a-w- c:\windows\sed.exe

2011-07-26 19:51:19 518144 ----a-w- c:\windows\SWREG.exe

2011-07-26 19:51:19 256000 ----a-w- c:\windows\PEV.exe

2011-07-26 19:51:19 208896 ----a-w- c:\windows\MBR.exe

2011-07-26 14:44:33 -------- d-----w- c:\users\shazia begum\appdata\local\{D016E4B7-4A05-4961-AE07-DE2A4A4F290D}

2011-07-26 12:58:17 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2011-07-26 12:58:17 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2011-07-26 12:58:17 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2011-07-26 12:58:16 -------- d-----w- c:\program files\ThreatFire

2011-07-25 19:30:01 -------- d-----w- c:\program files\Macromedia

2011-07-25 19:30:01 -------- d-----w- c:\program files\common files\Macromedia

2011-07-25 19:28:28 180224 ------w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll

2011-07-25 19:28:26 266240 ------w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll

2011-07-25 19:28:23 32768 ------w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll

2011-07-25 19:28:21 409600 ------w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll

2011-07-25 19:28:20 172032 ------w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll

2011-07-25 19:28:14 761856 ------w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe

2011-07-25 19:28:11 540772 ------w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll

2011-07-24 13:15:41 -------- d-----w- c:\users\shazia begum\appdata\local\{A333879D-C0F1-480A-8098-EB653CFCEDFF}

2011-07-22 14:46:25 -------- d-----w- c:\users\shazia begum\appdata\local\{A8EA9DE9-B295-4DD9-8927-358A3CC48896}

2011-07-21 19:14:05 -------- d-----w- c:\users\shazia begum\appdata\local\{C64A2844-20B1-4304-84DF-B10D516C1D57}

2011-07-20 21:21:48 -------- d-----w- c:\users\shazia begum\appdata\local\{15F30BA3-5220-43DF-B0F2-EF219C1A485B}

2011-07-19 15:53:07 -------- d-----w- c:\users\shazia begum\appdata\local\{0ADB1354-9D5B-41E1-9EBE-1C0B0ED00BB0}

2011-07-17 19:53:29 -------- d-----w- c:\users\shazia begum\appdata\local\{A9D698E4-F926-438C-B71E-2147FAB401F9}

2011-07-16 22:21:58 -------- d-----w- c:\users\shazia begum\appdata\local\{273B5E18-D82E-4E95-B125-E408E3C094E8}

2011-07-15 14:38:19 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-07-15 12:06:38 -------- d-----w- c:\users\shazia begum\appdata\local\{2C30C8D4-4ADD-4708-9BCA-D19CF084B099}

2011-07-13 19:53:18 -------- d-----w- c:\users\shazia begum\appdata\local\{16E05AC4-BA87-47F3-BB55-F4206D8C8C02}

2011-07-12 19:13:38 -------- d-----w- c:\users\shazia begum\appdata\local\{5EA32F30-7968-43D3-BB45-758BBFD1773B}

2011-07-11 18:51:37 -------- d-----w- c:\users\shazia begum\appdata\local\{0B321283-1E6D-4E27-82EE-5E2011A8542C}

2011-07-10 11:15:14 -------- d-----w- c:\users\shazia begum\appdata\local\{60B3A14F-6958-4A49-905B-932EBD6CF4B8}

2011-07-09 14:39:40 -------- d-----w- c:\users\shazia begum\appdata\local\{DD005A07-C64B-4DBB-861E-F545B455446C}

2011-07-08 19:51:10 -------- d-----w- c:\users\shazia begum\appdata\local\{B9E8F9E0-81ED-4D05-9EBE-77DF60A5793B}

2011-07-06 20:43:15 -------- d-----w- c:\users\shazia begum\appdata\local\{47372FB4-9164-4CDC-AA90-892263022403}

2011-07-05 20:39:43 -------- d-----w- c:\users\shazia begum\appdata\local\{643BFC78-AA2E-431C-8FC5-34D6329E446D}

2011-07-05 18:47:31 -------- d-----w- c:\users\shazia begum\appdata\local\{270EF223-2BA4-4B93-B17A-123AB4073610}

2011-07-04 20:58:24 -------- d-----w- c:\users\shazia begum\appdata\local\{62DCEB68-E8E4-40C6-A7ED-D16CEFB4E73F}

2011-07-03 14:49:03 -------- d-----w- c:\users\shazia begum\appdata\local\{B87708B7-79C5-46EE-A1A9-EC5FCBB72709}

2011-07-02 21:24:21 -------- d-----w- c:\users\shazia begum\appdata\local\{91330F1C-DF1F-468E-B403-A965C0ED9397}

2011-07-02 18:42:23 -------- d-----w- c:\users\shazia begum\appdata\local\{7B1F0C26-BAA0-44F8-87F2-3353B91F9CB8}

2011-07-01 20:39:43 -------- d-----w- c:\users\shazia begum\appdata\local\{22109077-36D9-468C-A102-7C9EE53FB581}

2011-06-29 20:03:33 -------- d-----w- c:\users\shazia begum\appdata\local\{49754A2C-8FE7-4D18-A052-2A8769197F08}

2011-06-29 15:09:45 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 15:09:40 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 15:09:40 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 15:09:40 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 15:09:40 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 15:09:40 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 15:09:39 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 15:09:39 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 15:09:39 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 15:09:39 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-27 20:56:08 -------- d-----w- c:\users\shazia begum\appdata\local\{045DB32F-4D96-4D81-85E6-2F714D267032}

.

==================== Find3M ====================

.

2011-07-26 21:43:09 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-06 19:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 19:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:37:33 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36:18 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-06-25 19:45:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-20 19:51:48 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe

2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-24 19:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 11:40:58 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-05-04 04:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

.

============= FINISH: 14:05:12.70 ===============

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks for helping me, Larry.

Here is the TDSS Killier Log :

2011/07/27 17:33:44.0348 5632 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/27 17:33:44.0706 5632 ================================================================================

2011/07/27 17:33:44.0706 5632 SystemInfo:

2011/07/27 17:33:44.0706 5632

2011/07/27 17:33:44.0706 5632 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/27 17:33:44.0706 5632 Product type: Workstation

2011/07/27 17:33:44.0706 5632 ComputerName: SHAZIABEGUM-PC

2011/07/27 17:33:44.0706 5632 UserName: Shazia Begum

2011/07/27 17:33:44.0706 5632 Windows directory: C:\Windows

2011/07/27 17:33:44.0706 5632 System windows directory: C:\Windows

2011/07/27 17:33:44.0706 5632 Processor architecture: Intel x86

2011/07/27 17:33:44.0706 5632 Number of processors: 2

2011/07/27 17:33:44.0706 5632 Page size: 0x1000

2011/07/27 17:33:44.0706 5632 Boot type: Normal boot

2011/07/27 17:33:44.0706 5632 ================================================================================

2011/07/27 17:33:48.0326 5632 Initialize success

2011/07/27 17:33:49.0496 6116 ================================================================================

2011/07/27 17:33:49.0496 6116 Scan started

2011/07/27 17:33:49.0496 6116 Mode: Manual;

2011/07/27 17:33:49.0496 6116 ================================================================================

2011/07/27 17:33:51.0258 6116 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/27 17:33:51.0414 6116 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/27 17:33:51.0446 6116 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/27 17:33:51.0524 6116 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/27 17:33:51.0570 6116 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/27 17:33:51.0617 6116 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/27 17:33:51.0680 6116 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/27 17:33:51.0726 6116 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/27 17:33:51.0773 6116 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/27 17:33:51.0820 6116 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/27 17:33:51.0851 6116 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/27 17:33:51.0867 6116 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/27 17:33:51.0898 6116 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/27 17:33:51.0929 6116 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/27 17:33:51.0960 6116 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/07/27 17:33:51.0992 6116 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/27 17:33:52.0023 6116 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/07/27 17:33:52.0054 6116 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/27 17:33:52.0101 6116 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/27 17:33:52.0148 6116 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/27 17:33:52.0257 6116 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys

2011/07/27 17:33:52.0350 6116 aswFW (e87019bdb5a06a096d7cec7aacd0ee40) C:\Windows\system32\drivers\aswFW.sys

2011/07/27 17:33:52.0428 6116 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys

2011/07/27 17:33:52.0506 6116 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys

2011/07/27 17:33:52.0569 6116 aswNdis2 (07ff8c2ba038764cdeb4ffd1331ad29c) C:\Windows\system32\drivers\aswNdis2.sys

2011/07/27 17:33:52.0616 6116 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys

2011/07/27 17:33:52.0694 6116 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys

2011/07/27 17:33:52.0756 6116 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys

2011/07/27 17:33:52.0772 6116 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys

2011/07/27 17:33:52.0834 6116 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/27 17:33:52.0865 6116 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/27 17:33:52.0959 6116 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/27 17:33:52.0990 6116 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/27 17:33:53.0037 6116 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/27 17:33:53.0099 6116 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/27 17:33:53.0146 6116 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/27 17:33:53.0162 6116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/27 17:33:53.0193 6116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/27 17:33:53.0240 6116 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/27 17:33:53.0271 6116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/27 17:33:53.0286 6116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/27 17:33:53.0318 6116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/27 17:33:53.0349 6116 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/27 17:33:53.0396 6116 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/27 17:33:53.0427 6116 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/07/27 17:33:53.0474 6116 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/27 17:33:53.0520 6116 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/27 17:33:53.0567 6116 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/27 17:33:53.0614 6116 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/27 17:33:53.0645 6116 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/27 17:33:53.0676 6116 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/27 17:33:53.0708 6116 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/27 17:33:53.0754 6116 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/27 17:33:53.0832 6116 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/27 17:33:53.0864 6116 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/27 17:33:53.0895 6116 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/27 17:33:53.0957 6116 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/27 17:33:54.0020 6116 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/27 17:33:54.0129 6116 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/27 17:33:54.0222 6116 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/27 17:33:54.0285 6116 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/27 17:33:54.0332 6116 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/27 17:33:54.0363 6116 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/27 17:33:54.0410 6116 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/27 17:33:54.0456 6116 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/27 17:33:54.0488 6116 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/27 17:33:54.0503 6116 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/27 17:33:54.0534 6116 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/27 17:33:54.0597 6116 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D} (eb2a3bdb50a15becbb069a81a778acec) C:\Windows\system32\fsKMgr.dll

2011/07/27 17:33:54.0628 6116 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/27 17:33:54.0675 6116 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/07/27 17:33:54.0706 6116 fsvidmir (08cf9c639510dcc20890fcd1545e3325) C:\Windows\system32\DRIVERS\fsvidmir.sys

2011/07/27 17:33:54.0737 6116 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/27 17:33:54.0768 6116 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/27 17:33:54.0815 6116 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/27 17:33:54.0878 6116 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/27 17:33:54.0909 6116 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/27 17:33:54.0956 6116 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/27 17:33:54.0971 6116 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/27 17:33:55.0002 6116 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/27 17:33:55.0049 6116 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/07/27 17:33:55.0112 6116 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/27 17:33:55.0158 6116 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/27 17:33:55.0205 6116 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/27 17:33:55.0252 6116 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/27 17:33:55.0283 6116 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/07/27 17:33:55.0346 6116 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/27 17:33:55.0455 6116 IntcAzAudAddService (c877ecc52d2279818cfb0a7dd3dcb906) C:\Windows\system32\drivers\RTKVHDA.sys

2011/07/27 17:33:55.0548 6116 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/27 17:33:55.0580 6116 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/27 17:33:55.0611 6116 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/27 17:33:55.0673 6116 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/27 17:33:55.0829 6116 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/27 17:33:55.0954 6116 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/27 17:33:56.0063 6116 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys

2011/07/27 17:33:56.0110 6116 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/27 17:33:56.0141 6116 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/27 17:33:56.0172 6116 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/27 17:33:56.0204 6116 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/27 17:33:56.0250 6116 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/27 17:33:56.0297 6116 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/27 17:33:56.0375 6116 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/27 17:33:56.0484 6116 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/27 17:33:56.0516 6116 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/27 17:33:56.0547 6116 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/27 17:33:56.0578 6116 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/27 17:33:56.0609 6116 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/27 17:33:56.0672 6116 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/07/27 17:33:56.0765 6116 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/27 17:33:56.0796 6116 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/27 17:33:56.0828 6116 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/27 17:33:56.0874 6116 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/27 17:33:56.0906 6116 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/07/27 17:33:56.0937 6116 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/27 17:33:56.0984 6116 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/27 17:33:57.0046 6116 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/27 17:33:57.0467 6116 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/27 17:33:57.0670 6116 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/27 17:33:57.0779 6116 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/27 17:33:57.0888 6116 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/27 17:33:58.0029 6116 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/27 17:33:58.0169 6116 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/27 17:33:58.0232 6116 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/27 17:33:58.0294 6116 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/27 17:33:58.0403 6116 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/27 17:33:58.0497 6116 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/27 17:33:58.0544 6116 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/27 17:33:58.0590 6116 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/27 17:33:58.0637 6116 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/27 17:33:58.0731 6116 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/27 17:33:59.0090 6116 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/27 17:33:59.0511 6116 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/27 17:34:00.0041 6116 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/27 17:34:00.0478 6116 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/27 17:34:00.0837 6116 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/27 17:34:01.0024 6116 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/27 17:34:01.0149 6116 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/27 17:34:01.0336 6116 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/27 17:34:01.0430 6116 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/27 17:34:01.0586 6116 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/27 17:34:01.0788 6116 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/27 17:34:01.0913 6116 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/27 17:34:02.0038 6116 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/27 17:34:02.0319 6116 netr28u (954e3565a7d6951af3da5b0f649e42fb) C:\Windows\system32\DRIVERS\netr28u.sys

2011/07/27 17:34:02.0428 6116 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/27 17:34:02.0568 6116 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys

2011/07/27 17:34:02.0631 6116 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys

2011/07/27 17:34:02.0693 6116 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/27 17:34:02.0740 6116 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/27 17:34:02.0990 6116 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/07/27 17:34:03.0114 6116 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/27 17:34:03.0395 6116 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

2011/07/27 17:34:03.0707 6116 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/07/27 17:34:03.0957 6116 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys

2011/07/27 17:34:04.0004 6116 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/07/27 17:34:04.0035 6116 nvrd32 (9389035c9407b3221bb788336a1adce5) C:\Windows\system32\DRIVERS\nvrd32.sys

2011/07/27 17:34:04.0066 6116 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys

2011/07/27 17:34:04.0175 6116 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/07/27 17:34:04.0222 6116 nvstor32 (f73533d47857d819e082e42ea1300e50) C:\Windows\system32\DRIVERS\nvstor32.sys

2011/07/27 17:34:04.0253 6116 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/27 17:34:04.0284 6116 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/27 17:34:04.0347 6116 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/27 17:34:04.0394 6116 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/27 17:34:04.0425 6116 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/27 17:34:04.0472 6116 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/27 17:34:04.0503 6116 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/27 17:34:04.0534 6116 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/27 17:34:04.0596 6116 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/27 17:34:04.0628 6116 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/27 17:34:04.0752 6116 PowerBrl (769e11e3d0769c934a44283c517d336c) C:\Windows\system32\Drivers\powerbrl.sys

2011/07/27 17:34:04.0784 6116 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/27 17:34:04.0815 6116 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/27 17:34:05.0002 6116 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys

2011/07/27 17:34:05.0033 6116 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/27 17:34:05.0096 6116 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/27 17:34:05.0142 6116 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/27 17:34:05.0189 6116 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/27 17:34:05.0220 6116 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/27 17:34:05.0252 6116 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/27 17:34:05.0298 6116 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/27 17:34:05.0330 6116 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/27 17:34:05.0361 6116 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/27 17:34:05.0408 6116 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/27 17:34:05.0439 6116 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/27 17:34:05.0470 6116 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/27 17:34:05.0517 6116 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/27 17:34:05.0564 6116 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/27 17:34:05.0610 6116 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/27 17:34:05.0657 6116 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/27 17:34:05.0751 6116 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/27 17:34:05.0876 6116 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/07/27 17:34:05.0891 6116 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/07/27 17:34:05.0985 6116 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/27 17:34:06.0078 6116 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/27 17:34:06.0156 6116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/27 17:34:06.0234 6116 Sentinel (8b0f8d15f970d0da916bb39a14cf2387) C:\Windows\System32\Drivers\SENTINEL.SYS

2011/07/27 17:34:06.0281 6116 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/27 17:34:06.0344 6116 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/27 17:34:06.0406 6116 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/27 17:34:06.0468 6116 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/27 17:34:06.0500 6116 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/27 17:34:06.0531 6116 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/27 17:34:06.0578 6116 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/27 17:34:06.0656 6116 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/27 17:34:06.0687 6116 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/27 17:34:06.0734 6116 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/27 17:34:06.0765 6116 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/27 17:34:06.0843 6116 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/27 17:34:06.0905 6116 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/27 17:34:06.0936 6116 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/27 17:34:06.0983 6116 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/27 17:34:07.0030 6116 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/27 17:34:07.0077 6116 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/27 17:34:07.0186 6116 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys

2011/07/27 17:34:07.0217 6116 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys

2011/07/27 17:34:07.0311 6116 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/27 17:34:07.0389 6116 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/27 17:34:07.0436 6116 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/27 17:34:07.0482 6116 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/27 17:34:07.0514 6116 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/27 17:34:07.0560 6116 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/27 17:34:07.0607 6116 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/27 17:34:07.0685 6116 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\Windows\system32\drivers\TfFsMon.sys

2011/07/27 17:34:07.0748 6116 TfNetMon (917ef522563f6047685486efa486fb3c) C:\Windows\system32\drivers\TfNetMon.sys

2011/07/27 17:34:07.0810 6116 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\Windows\system32\drivers\TfSysMon.sys

2011/07/27 17:34:07.0919 6116 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/27 17:34:07.0982 6116 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/27 17:34:08.0028 6116 TuneConvertAudio (7c2d2b593b837fd59c17ef649cda1ea6) C:\Windows\system32\drivers\TuneConvertAudio.sys

2011/07/27 17:34:08.0075 6116 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/27 17:34:08.0138 6116 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/27 17:34:08.0169 6116 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/27 17:34:08.0231 6116 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/27 17:34:08.0278 6116 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/07/27 17:34:08.0325 6116 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/27 17:34:08.0372 6116 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

2011/07/27 17:34:08.0418 6116 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/27 17:34:08.0465 6116 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/27 17:34:08.0528 6116 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/27 17:34:08.0574 6116 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/27 17:34:08.0606 6116 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/27 17:34:08.0652 6116 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/27 17:34:08.0699 6116 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/27 17:34:08.0730 6116 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys

2011/07/27 17:34:08.0762 6116 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

2011/07/27 17:34:08.0824 6116 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/27 17:34:08.0871 6116 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/27 17:34:08.0918 6116 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/27 17:34:08.0964 6116 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/27 17:34:09.0011 6116 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/27 17:34:09.0042 6116 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/27 17:34:09.0089 6116 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/27 17:34:09.0120 6116 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/27 17:34:09.0183 6116 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/27 17:34:09.0214 6116 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/27 17:34:09.0245 6116 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/27 17:34:09.0292 6116 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/27 17:34:09.0323 6116 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/27 17:34:09.0370 6116 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/27 17:34:09.0401 6116 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/27 17:34:09.0464 6116 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/27 17:34:09.0510 6116 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/27 17:34:09.0526 6116 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/27 17:34:09.0588 6116 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/27 17:34:09.0635 6116 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/27 17:34:09.0713 6116 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/27 17:34:09.0760 6116 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/27 17:34:09.0869 6116 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/27 17:34:09.0963 6116 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/27 17:34:10.0103 6116 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/27 17:34:10.0181 6116 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/27 17:34:10.0244 6116 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/27 17:34:10.0353 6116 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/27 17:34:10.0368 6116 Boot (0x1200) (f17381798261496e05b4e4f2458ef8c7) \Device\Harddisk0\DR0\Partition0

2011/07/27 17:34:10.0400 6116 Boot (0x1200) (fb661a34060666b88134048be30e0ff3) \Device\Harddisk0\DR0\Partition1

2011/07/27 17:34:10.0415 6116 ================================================================================

2011/07/27 17:34:10.0415 6116 Scan finished

2011/07/27 17:34:10.0415 6116 ================================================================================

2011/07/27 17:34:10.0431 6108 Detected object count: 0

2011/07/27 17:34:10.0431 6108 Actual detected object count: 0

2011/07/27 17:34:15.0360 5912 Deinitialize success

The ATF Cleaner freed up 158mbs space.

GooredFix Log :

GooredFix by jpshortstuff (03.07.10.1)

Log created at 17:32 on 27/07/2011 (Shazia Begum)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [16:21 20/04/2011]

-=E.O.F=-

My computer regularly gets the blue screen of death and I also get some google redirects. Since I have done this no improvements have been made, however, I am keen to carry on. Also, my Malwarebytes doesn't update.

" PROGRAM_ERROR_UPDATING(12163,0,IsInternetConnected) "

I get that error.

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    ntfs.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Here is the log :

SystemLook 04.09.10 by jpshortstuff

Log created at 17:43 on 27/07/2011 by Shazia Begum

Administrator - Elevation successful

========== filefind ==========

Searching for "ntfs.sys"

C:\Windows\ERDNT\cache\ntfs.sys --a---- 1211264 bytes [13:41 27/07/2011] [12:30 20/11/2010] 33C3093D09017CFE2E219F2472BFF6EB

C:\Windows\System32\drivers\ntfs.sys --a---- 1211264 bytes [15:09 28/02/2011] [12:30 20/11/2010] 33C3093D09017CFE2E219F2472BFF6EB

C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys --a---- 1210432 bytes [23:12 13/07/2009] [01:20 14/07/2009] 3795DCD21F740EE799FB7223234215AF

C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys --a---- 1211264 bytes [15:09 28/02/2011] [12:30 20/11/2010] 33C3093D09017CFE2E219F2472BFF6EB

-= EOF =-

Also do you think that Avast is a good antivirus? If it isn't could you recommend me one?

Link to post
Share on other sites

Print this out.

Reboot your computer and as Windows starts

Tap F8 and select Repair your computer. Then select Command Prompt.

Next type or copy / paste in the following.

Note the spaces

copy C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys c:\windows\system32\drivers\ntfs.sys

You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy and another space between the file paths.

Link to post
Share on other sites

Theres no repair your computer when I press F8.

Available things

safe mode

safe mode with networking

safe mode with command prompt

enable boot logging

enable low resolution video

last known good configuration

directory services restore mode

debugging mode

disable automatic restart on system failure

and disable driver signature enforcement, those are the only options there?

Link to post
Share on other sites

That was for Windows 7

Lets do it this way then

Open Notepad and copy/paste the entire contents of the quotebox below into Notepad:

@echo off

copy C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys c:\windows\system32\drivers\ntfs.sys

quit

Save this Notepad file as replace.bat and choose to Save as type: - All Files then close the Notepad file.

It should look like this: Clipboard01command.gif

Double-click on replace.bat to run it. A DOS window will open and close again, this is normal. Please delete the file afterwards.

Link to post
Share on other sites

Yah, I've done that.

I did find the thing you were talking about in command prompt because I am on windows 7 and it said something about win32 configuration. However, this thing worked.

I also just done a scan with Stopzilla and it showed 59 infections, mostly trojans, hijackers and rogue. I was unable to remove those because i do not have a subscription with it.

Link to post
Share on other sites

I also just done a scan with Stopzilla and it showed 59 infections, mostly trojans, hijackers and rogue. I was unable to remove those because i do not have a subscription with it.
Don't waste your money.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

I done a scan however as I told you before I am unable to update Malwarebytes from my Pc because I get some some internet error. I am also posting my reply from my Laptop now and will post the scan log tomorrow and hopefully I will be able to update Malwarebytes through the program.

Link to post
Share on other sites

If MBAM won't update, try doing this:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Hey Larry,

Which security suite do you recommend?

Besides I ran the mbam-clean tool and now updates work.

Here is the log and I will post a combofix log later on :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7307

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

28/07/2011 09:06:11

mbam-log-2011-07-28 (09-06-11).txt

Scan type: Quick scan

Objects scanned: 154909

Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I'm still getting often blue screen, my computer has gone better in speed wise from before bit it still isn't as good. However, redirects haven't been coming as much now.

Link to post
Share on other sites

Here's the latest combofix log and I have uninstalled Emisoft- Anti Malware :

ComboFix 11-07-28.01 - Shazia Begum 28/07/2011 10:27:08.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1918.853 [GMT 0:00]

Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 )))))))))))))))))))))))))))))))

.

.

2011-07-28 10:46 . 2011-07-28 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-27 20:10 . 2011-07-27 23:14 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2011-07-27 19:59 . 2011-07-27 19:59 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Adobe

2011-07-27 16:19 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-07-27 16:19 . 2011-07-27 16:21 -------- d-----w- c:\program files\Trojan Remover

2011-07-27 14:58 . 2011-07-27 14:58 -------- d-----w- c:\program files\ESET

2011-07-27 01:10 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD9DB66B-4306-404A-8026-C9179366F318}\mpengine.dll

2011-07-26 20:06 . 2011-07-28 10:47 -------- d-----w- c:\users\Shazia Begum\AppData\Local\temp

2011-07-26 12:58 . 2011-02-22 13:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2011-07-26 12:58 . 2011-02-22 13:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2011-07-26 12:58 . 2011-02-22 13:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2011-07-26 12:58 . 2011-07-26 12:58 -------- d-----w- c:\program files\ThreatFire

2011-07-25 19:30 . 2011-07-26 19:44 -------- d-----w- c:\program files\Macromedia

2011-07-25 19:30 . 2011-07-26 19:42 -------- d-----w- c:\program files\Common Files\Macromedia

2011-07-25 19:28 . 2011-07-26 19:34 180224 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll

2011-07-25 19:28 . 2011-07-26 19:34 266240 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll

2011-07-25 19:28 . 2011-07-26 19:34 32768 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

2011-07-25 19:28 . 2011-07-26 19:34 409600 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

2011-07-25 19:28 . 2011-07-26 19:33 172032 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

2011-07-25 19:28 . 2011-07-26 19:33 761856 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

2011-07-25 19:28 . 2011-07-26 19:33 540772 ------w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll

2011-07-15 14:38 . 2011-07-15 15:22 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-06-29 15:09 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-29 15:09 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 15:09 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 15:09 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 15:09 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 15:09 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 15:09 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 15:09 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 15:09 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 15:09 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-27 16:32 . 2011-02-28 18:51 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-06 19:52 . 2011-06-01 09:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 19:52 . 2011-06-01 09:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:43 . 2011-05-31 10:29 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2011-06-12 12:11 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:37 . 2011-06-12 12:11 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-07-04 11:36 . 2011-06-12 12:11 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2011-06-12 12:12 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:36 . 2011-06-12 12:11 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-07-04 11:35 . 2011-06-12 12:11 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:32 . 2011-06-12 12:11 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2011-06-12 12:11 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-07-04 11:32 . 2011-06-12 12:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-25 19:45 . 2011-06-25 19:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-20 19:51 . 2008-10-29 21:24 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-24 19:14 . 2011-02-28 12:36 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 11:40 . 2011-06-12 12:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-05-04 04:52 . 2011-03-26 16:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-03 04:30 . 2011-06-14 20:40 741376 ----a-w- c:\windows\system32\inetcomm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"JAWS"="c:\program files\Freedom Scientific\JAWS\11.0\jfw.exe" [2010-05-17 4471064]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-20 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-24 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-01-22 00:12 550856 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 lqffzi;lqffzi; [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R0 tvelms;tvelms; [x]

R1 MpKsl192648a8;MpKsl192648a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDDC5CDA-FFB2-4C57-A683-9B69E190884F}\MpKsl192648a8.sys [x]

R1 MpKsl23d0064e;MpKsl23d0064e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5EA4505-D9B9-4350-BE00-F839A4827F60}\MpKsl23d0064e.sys [x]

R1 MpKsl3d484af3;MpKsl3d484af3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E25447-49F1-4225-AF69-2C79C0BA3FC1}\MpKsl3d484af3.sys [x]

R1 MpKsl587e0aa7;MpKsl587e0aa7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1904DD12-C1B7-4CF7-9D52-52D498439DA5}\MpKsl587e0aa7.sys [x]

R1 MpKsl8181d8e2;MpKsl8181d8e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C378A09-4C79-4371-A8F0-9274D00F6400}\MpKsl8181d8e2.sys [x]

R1 MpKsl8a3fdb26;MpKsl8a3fdb26;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B94046C-2329-4088-985E-596FC6DDCF4C}\MpKsl8a3fdb26.sys [x]

R1 MpKsl8bc0d91a;MpKsl8bc0d91a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72728B70-5781-43D7-A961-E405231B30E7}\MpKsl8bc0d91a.sys [x]

R1 MpKsl9acdf8b6;MpKsl9acdf8b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C378A09-4C79-4371-A8F0-9274D00F6400}\MpKsl9acdf8b6.sys [x]

R1 MpKsla24d1bd7;MpKsla24d1bd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F78626D1-793F-44BF-9ECC-A63FCD725361}\MpKsla24d1bd7.sys [x]

R1 MpKslb664a4c5;MpKslb664a4c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05330D2C-93C8-4EE9-A0F6-86F551A58F7C}\MpKslb664a4c5.sys [x]

R1 MpKslcb15af64;MpKslcb15af64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A48E31BD-1422-4584-911D-D72A65E3DCB3}\MpKslcb15af64.sys [x]

R1 MpKsld011fbad;MpKsld011fbad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87F03064-2D08-420A-A607-F8C56DC67A3E}\MpKsld011fbad.sys [x]

R1 MpKslda1921de;MpKslda1921de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{050C4676-9D28-4FAE-8BD4-35A0EBC10BF7}\MpKslda1921de.sys [x]

R1 MpKsleaf81cf4;MpKsleaf81cf4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8357443-6C4D-44BF-94EF-941B22905EF4}\MpKsleaf81cf4.sys [x]

R1 MpKslf3ae42e1;MpKslf3ae42e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C7DBFE3-365D-4C5E-9C6C-7688D8E2F43C}\MpKslf3ae42e1.sys [x]

R1 MpKslf6f9a9e4;MpKslf6f9a9e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FED78B-94ED-4C70-A19D-8D9AA81BAAD8}\MpKslf6f9a9e4.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-07-04 121000]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 JTVNCProxy_11.0;JTVNCProxy_11.0;c:\program files\Freedom Scientific\JAWS\11.0\JTVNCProxy.exe [2010-05-17 16152]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [2010-05-17 14880]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-04-01 23608]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-28 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-05-10 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 69392]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-24 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-24 123264]

S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]

S2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [2010-05-17 20512]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]

S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]

S3 fsvidmir;fsvidmir;c:\windows\system32\DRIVERS\fsvidmir.sys [2010-05-17 2944]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 33552]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - A2INJECTIONDRIVER

*NewlyCreated* - A2UTIL

*Deregistered* - CO_Mon

*Deregistered* - SymEvent

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-114935392-3903743455-1703224864-1000Core.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-114935392-3903743455-1703224864-1000UA.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 12:30]

.

2011-07-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c91fd6f9-e625-41ab-ba5a-fd8cd5558f1b.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-01-07 22:41]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.co.uk

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-114935392-3903743455-1703224864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-114935392-3903743455-1703224864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(600)

c:\program files\ThreatFire\TFWAH.dll

.

- - - - - - - > 'lsass.exe'(608)

c:\program files\ThreatFire\TFWAH.dll

.

- - - - - - - > 'Explorer.exe'(4900)

c:\program files\ThreatFire\TfWah.dll

c:\program files\Emsisoft Anti-Malware\a2hooks32.dll

c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

c:\windows\system32\dhcpcsvc6.DLL

c:\windows\system32\dhcpcsvc.DLL

c:\windows\System32\SyncCenter.dll

c:\windows\System32\Actioncenter.dll

c:\windows\system32\Wlanapi.dll

c:\windows\system32\wlanutil.dll

c:\windows\system32\wwanapi.dll

c:\windows\System32\hgcpl.dll

c:\windows\System32\bthprops.cpl

.

Completion time: 2011-07-28 10:56:44

ComboFix-quarantined-files.txt 2011-07-28 10:56

.

Pre-Run: 189,940,084,736 bytes free

Post-Run: 189,902,647,296 bytes free

.

- - End Of File - - 0089C464BD9C8A29CCDCEA42BFFFAEF2

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Okay, I'm doing that right now and was that combofix log okay?

Also which antivirus software do you recommend?

CF log looks OK to me.

You already have Avast.

Only run one Anti-Virus at a time.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Link to post
Share on other sites

Heres the log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=c6682877945d5b4598c4290d4169477e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-28 01:48:17

# local_time=2011-07-28 01:48:17 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 127763 64323192 0 0

# compatibility_mode=8192 67108863 100 0 78093 78093 0 0

# scanned=124992

# found=0

# cleaned=0

# scan_time=4095

Also, my redirects have stopped. The only problems im experiencing now is the blue screen of death and still my pc is slow takes 15 mins to boot up now.

Link to post
Share on other sites

Uninstall Combofix before running SFC

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Next:

Lets see if this helps.

1. Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file. To do this, follow these steps:

Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

2. Type the following command, and then press ENTER:

sfc /scannow <--Note the space, it needs to be there

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.