Jump to content

Believe to be AV Guard trojan, COLLEGE STUDENT NEEDING COMPUTER, please help!


Recommended Posts

Hi,

So my backstory, went to a site a few monthes ago which gave me the virus Microsoft Security 2009 or something which would not let me run MBAM and other anti-virus programs, looked online how to fix it and fixed it with rkil and MBAM, went back to the site(it was one of my daily sites) assuming they would fix the security issues, got the same virus again, fixed it again. Went back to the site a week ago thinking they must of patched this security failure, got a new virus I believe was called AV guard, which did the same things as the old virus but a lot more serious. MBAM catches the trojan but it comes right back, when I run rkill it gives me this

Rkill was run on 10/12/2011 at 0:00:53.

Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

\\.\globalroot\systemroot\svchost.exe

Rkill completed on 10/12/2011 at 0:01:05.

Anyways here are the needed files/attachments, please help! I need my computer for college as there are assigments I can only complete on my laptop.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7926

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

10/12/2011 12:17:05 AM

mbam-log-2011-10-12 (00-17-05).txt

Scan type: Quick scan

Objects scanned: 183893

Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.6748993883334226.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_14

Run by Chris at 0:10:47 on 2011-10-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.1640 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

C:\Program Files (x86)\AVG\AVG8\avgrsa.exe

C:\Program Files (x86)\AVG\AVG8\avgnsa.exe

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RAVCpl64.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Windows\BisonCam\DeLay.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\AIM6\aim6.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

C:\Program Files (x86)\Hotkey\Hotkey.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AIM6\aolsoftware.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\iPod\bin\iPodService.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

uRun: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{E5689B90-48A3-41C2-BCFC-5E8AE29ABFAC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\140707C65602E4564777F627B602169343234636 : DhcpNameServer = 132.239.0.252 128.54.16.2

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\2375942554038393 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\255435E45445D2634584D214054535 : DhcpNameServer = 132.239.0.252 128.54.16.2

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\E616867686 : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

LSA: Notification Packages = scecli psqlpwd

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AIM Toolbar Loader - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com

FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]

R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

.

=============== Created Last 30 ================

.

2011-10-08 19:28:41 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-10-08 19:25:00 20480 ----a-w- C:\Windows\svchost.exe

2011-10-07 02:53:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\cpm5aQJ6d

2011-10-07 02:53:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\Laym

2011-10-07 02:53:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\Ezus

2011-10-07 02:50:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\Poxawy

2011-10-07 02:40:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\LIIIBrrzPNyA1v

2011-10-07 02:40:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\VDDD22onF4pm

2011-10-07 02:40:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\TRRZZqhYYXkU

2011-10-07 02:36:12 -------- d-----we C:\Windows\system64

2011-10-05 06:29:19 -------- d-----w- C:\CSE105

2011-09-26 22:56:04 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-22 06:56:48 -------- d-----w- C:\9dcdab233d8e898400c4a06f2611

.

==================== Find3M ====================

.

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\vntg.exe

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\pvgs.exe

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\iode.exe

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\csvj.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\pbdf.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\oynj.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\kiwg.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\dfib.exe

2011-07-29 06:10:41 0 ----a-w- C:\ProgramData\vmkx.exe

2011-07-29 06:10:41 0 ----a-w- C:\ProgramData\cuqn.exe

2011-07-29 06:10:40 0 ----a-w- C:\ProgramData\njku.exe

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 0:14:01.00 ===============

Thanks for any help in advance!

Chris

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Oh wow here I am waiting for somebody to help me for 2 days now, and didn't even realize you responded so quickly! My apoligizes for the late response.

Just a heads up...I always run rkill when my computer starts up just to try to prevent anything worse happening....should i not do this? Will it affect the logs of your other tests? Let me know if thats the case and I'll redo all my scans and stop running rkill at startup.

Heres MBAM logfile

alwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7949

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

10/14/2011 4:34:49 PM

mbam-log-2011-10-14 (16-34-49).txt

Scan type: Quick scan

Objects scanned: 183570

Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I tried disabling AVG but somehow when combofix ran it still detected it...however I went ahead with combofix anyways, heres the log:

ComboFix 11-10-14.04 - Chris 10/14/2011 16:51:33.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2485 [GMT -7:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Chris\AppData\Local\asgo.exe

c:\users\Chris\AppData\Local\dmqt.exe

c:\users\Chris\AppData\Local\kesa.exe

c:\users\Chris\AppData\Local\nkvy.exe

c:\users\Chris\AppData\Local\oodm.exe

c:\users\Chris\AppData\Local\prxh.exe

c:\users\Chris\AppData\Local\rjhw.exe

c:\users\Chris\AppData\Local\sbwh.exe

c:\users\Chris\AppData\Local\urvi.exe

c:\users\Chris\AppData\Local\vxlv.exe

c:\users\Chris\AppData\Local\wlte.exe

c:\users\Chris\AppData\Local\xxcj.exe

c:\users\Chris\AppData\Roaming\Ezus

c:\users\Chris\AppData\Roaming\Ezus\izusi.tmp

c:\windows\svchost.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))

.

.

2011-10-14 23:57 . 2011-10-14 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-08 19:28 . 2011-10-08 19:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-10-08 19:25 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2011-10-07 02:53 . 2011-10-07 02:53 -------- d-----w- c:\users\Chris\AppData\Roaming\cpm5aQJ6d

2011-10-07 02:53 . 2011-10-07 05:45 -------- d-----w- c:\users\Chris\AppData\Roaming\Laym

2011-10-07 02:50 . 2011-10-07 02:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Poxawy

2011-10-07 02:40 . 2011-10-07 02:40 -------- d-----w- c:\users\Chris\AppData\Roaming\LIIIBrrzPNyA1v

2011-10-07 02:40 . 2011-10-07 05:45 -------- d-----w- c:\users\Chris\AppData\Roaming\VDDD22onF4pm

2011-10-07 02:40 . 2011-10-07 02:40 -------- d-----w- c:\users\Chris\AppData\Roaming\TRRZZqhYYXkU

2011-10-07 02:36 . 2011-10-07 02:36 -------- d-----we c:\windows\system64

2011-10-05 06:29 . 2011-10-05 09:50 -------- d-----w- C:\CSE105

2011-09-26 22:56 . 2011-09-26 22:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-22 06:56 . 2011-09-22 06:56 -------- d-----w- C:\9dcdab233d8e898400c4a06f2611

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-04 05:39 . 2011-08-04 05:39 0 ----a-w- c:\programdata\vntg.exe

2011-08-04 05:39 . 2011-08-04 05:39 0 ----a-w- c:\programdata\pvgs.exe

2011-08-04 05:39 . 2011-08-04 05:39 0 ----a-w- c:\programdata\iode.exe

2011-08-04 05:39 . 2011-08-04 05:39 0 ----a-w- c:\programdata\csvj.exe

2011-08-01 01:51 . 2011-08-01 01:51 0 ----a-w- c:\programdata\pbdf.exe

2011-08-01 01:51 . 2011-08-01 01:51 0 ----a-w- c:\programdata\oynj.exe

2011-08-01 01:51 . 2011-08-01 01:51 0 ----a-w- c:\programdata\kiwg.exe

2011-08-01 01:51 . 2011-08-01 01:51 0 ----a-w- c:\programdata\dfib.exe

2011-07-29 06:10 . 2011-07-29 06:10 0 ----a-w- c:\programdata\vmkx.exe

2011-07-29 06:10 . 2011-07-29 06:10 0 ----a-w- c:\programdata\cuqn.exe

2011-07-29 06:10 . 2011-07-29 06:10 0 ----a-w- c:\programdata\njku.exe

2011-07-22 05:22 . 2011-08-10 22:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 04:54 . 2011-08-10 22:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-07-09 49968]

"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-03 1242448]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2010-02-13 5933912]

"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-01-16 103720]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-07-16 148888]

"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2010-07-21 2048352]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2009-11-15 158752]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2009-7-3 2453504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 B-Service;B-Service;c:\users\Chris\AppData\Roaming\Mikogo\B-Service.exe [2010-08-29 185640]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]

S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]

S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]

S2 avg8wd;AVG Free8 WatchDog;c:\program files (x86)\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2008-05-13 36864]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-375297656-1331952649-3683755917-1000Core.job

- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 02:45]

.

2011-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-375297656-1331952649-3683755917-1000UA.job

- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 02:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2008-07-04 10:06 4845832 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2008-07-04 10:06 4845832 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]

"RtHDVCpl"="RAVCpl64.exe" [2008-06-13 6342688]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 833536]

"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-12 53248]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 16299552]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-04 70408]

"combofix"="c:\combofix\CF2369.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com

FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2011-10-14 17:06:45 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-15 00:06

.

Pre-Run: 210,931,326,976 bytes free

Post-Run: 210,384,850,944 bytes free

.

- - End Of File - - 0EBBF924F0099D5E399F222091BFE07F

Here's the DDS, and attach.txt attached

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_14

Run by Chris at 17:19:33 on 2011-10-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2115 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

C:\Program Files (x86)\AVG\AVG8\avgrsa.exe

C:\Program Files (x86)\AVG\AVG8\avgnsa.exe

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RAVCpl64.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Windows\BisonCam\DeLay.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\AIM6\aim6.exe

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

C:\Program Files (x86)\Hotkey\Hotkey.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AIM6\aolsoftware.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

uRun: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{E5689B90-48A3-41C2-BCFC-5E8AE29ABFAC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\140707C65602E4564777F627B602169343234636 : DhcpNameServer = 132.239.0.252 128.54.16.2

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\2375942554038393 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\255435E45445D2634584D214054535 : DhcpNameServer = 132.239.0.252 128.54.16.2

TCP: Interfaces\{F9E3BE0A-B7C8-4515-ACF4-0B6E2EF0B36D}\E616867686 : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AIM Toolbar Loader - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q3x6cyli.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Simple Dyyno Launcher: NPDyyno@dyyno.com - %profile%\extensions\NPDyyno@dyyno.com

FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]

R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]

R2 avg8wd;AVG Free8 WatchDog;C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe [2009-7-15 297752]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2009-7-3 36864]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 B-Service;B-Service;C:\Users\Chris\AppData\Roaming\Mikogo\B-Service.exe [2010-8-29 185640]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-10-15 00:16:24 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-14 23:49:26 98816 ----a-w- C:\Windows\sed.exe

2011-10-14 23:49:26 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-14 23:49:26 256000 ----a-w- C:\Windows\PEV.exe

2011-10-14 23:49:26 208896 ----a-w- C:\Windows\MBR.exe

2011-10-08 19:28:41 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-10-08 19:25:00 20480 ------w- C:\Windows\svchost.exe

2011-10-07 02:53:10 -------- d-----w- C:\Users\Chris\AppData\Roaming\cpm5aQJ6d

2011-10-07 02:53:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\Laym

2011-10-07 02:50:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\Poxawy

2011-10-07 02:40:35 -------- d-----w- C:\Users\Chris\AppData\Roaming\LIIIBrrzPNyA1v

2011-10-07 02:40:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\VDDD22onF4pm

2011-10-07 02:40:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\TRRZZqhYYXkU

2011-10-07 02:36:12 -------- d-----we C:\Windows\system64

2011-10-05 06:29:19 -------- d-----w- C:\CSE105

2011-09-26 22:56:04 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-22 06:56:48 -------- d-----w- C:\9dcdab233d8e898400c4a06f2611

.

==================== Find3M ====================

.

2011-10-12 18:11:37 59 ----a-w- C:\Windows\wpd99.drv

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\vntg.exe

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\pvgs.exe

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\iode.exe

2011-08-04 05:39:00 0 ----a-w- C:\ProgramData\csvj.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\pbdf.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\oynj.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\kiwg.exe

2011-08-01 01:51:02 0 ----a-w- C:\ProgramData\dfib.exe

2011-07-29 06:10:41 0 ----a-w- C:\ProgramData\vmkx.exe

2011-07-29 06:10:41 0 ----a-w- C:\ProgramData\cuqn.exe

2011-07-29 06:10:40 0 ----a-w- C:\ProgramData\njku.exe

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 17:22:35.60 ===============

Attach2.zip

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi and thanks for the reply again!

Heres the TDSS log

20:07:56.0172 4492 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

20:07:56.0812 4492 ============================================================

20:07:56.0812 4492 Current date / time: 2011/10/18 20:07:56.0812

20:07:56.0812 4492 SystemInfo:

20:07:56.0812 4492

20:07:56.0812 4492 OS Version: 6.1.7601 ServicePack: 1.0

20:07:56.0812 4492 Product type: Workstation

20:07:56.0812 4492 ComputerName: CHRIS-PC

20:07:56.0812 4492 UserName: Chris

20:07:56.0813 4492 Windows directory: C:\Windows

20:07:56.0813 4492 System windows directory: C:\Windows

20:07:56.0813 4492 Running under WOW64

20:07:56.0813 4492 Processor architecture: Intel x64

20:07:56.0813 4492 Number of processors: 2

20:07:56.0813 4492 Page size: 0x1000

20:07:56.0813 4492 Boot type: Normal boot

20:07:56.0813 4492 ============================================================

20:07:58.0666 4492 Initialize success

20:08:09.0906 5116 ============================================================

20:08:09.0906 5116 Scan started

20:08:09.0906 5116 Mode: Manual;

20:08:09.0906 5116 ============================================================

20:08:11.0843 5116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:08:11.0860 5116 1394ohci - ok

20:08:11.0936 5116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:08:11.0966 5116 ACPI - ok

20:08:12.0099 5116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:08:12.0109 5116 AcpiPmi - ok

20:08:12.0308 5116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:08:12.0346 5116 adp94xx - ok

20:08:12.0593 5116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:08:12.0637 5116 adpahci - ok

20:08:12.0767 5116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:08:12.0770 5116 adpu320 - ok

20:08:12.0984 5116 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

20:08:12.0992 5116 AFD - ok

20:08:13.0130 5116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:08:13.0134 5116 agp440 - ok

20:08:13.0329 5116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:08:13.0333 5116 aliide - ok

20:08:13.0466 5116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:08:13.0469 5116 amdide - ok

20:08:13.0636 5116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:08:13.0641 5116 AmdK8 - ok

20:08:13.0707 5116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:08:13.0711 5116 AmdPPM - ok

20:08:13.0931 5116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:08:13.0951 5116 amdsata - ok

20:08:14.0107 5116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:08:14.0112 5116 amdsbs - ok

20:08:14.0178 5116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:08:14.0178 5116 amdxata - ok

20:08:14.0384 5116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:08:14.0387 5116 AppID - ok

20:08:14.0720 5116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:08:14.0775 5116 arc - ok

20:08:14.0847 5116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:08:14.0900 5116 arcsas - ok

20:08:15.0095 5116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:08:15.0102 5116 AsyncMac - ok

20:08:15.0282 5116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:08:15.0285 5116 atapi - ok

20:08:15.0683 5116 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys

20:08:15.0685 5116 AvgLdx64 - ok

20:08:15.0869 5116 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys

20:08:15.0870 5116 AvgMfx64 - ok

20:08:16.0122 5116 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys

20:08:16.0123 5116 AvgTdiA - ok

20:08:16.0560 5116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:08:16.0651 5116 b06bdrv - ok

20:08:16.0858 5116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:08:16.0862 5116 b57nd60a - ok

20:08:16.0969 5116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:08:16.0975 5116 Beep - ok

20:08:17.0094 5116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:08:17.0097 5116 blbdrive - ok

20:08:17.0300 5116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:08:17.0304 5116 bowser - ok

20:08:17.0419 5116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:08:17.0422 5116 BrFiltLo - ok

20:08:17.0497 5116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:08:17.0500 5116 BrFiltUp - ok

20:08:17.0618 5116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:08:17.0652 5116 Brserid - ok

20:08:17.0699 5116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:08:17.0703 5116 BrSerWdm - ok

20:08:17.0837 5116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:08:17.0840 5116 BrUsbMdm - ok

20:08:18.0058 5116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:08:18.0063 5116 BrUsbSer - ok

20:08:18.0179 5116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:08:18.0182 5116 BTHMODEM - ok

20:08:18.0607 5116 Cam5607 (77c023d7e2b52f83f3d9363993e94c1d) C:\Windows\system32\Drivers\BisonC07.sys

20:08:18.0612 5116 Cam5607 - ok

20:08:18.0677 5116 catchme - ok

20:08:18.0733 5116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:08:18.0737 5116 cdfs - ok

20:08:18.0856 5116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

20:08:18.0862 5116 cdrom - ok

20:08:19.0048 5116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:08:19.0050 5116 circlass - ok

20:08:19.0164 5116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:08:19.0172 5116 CLFS - ok

20:08:19.0423 5116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:08:19.0427 5116 CmBatt - ok

20:08:19.0534 5116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:08:19.0538 5116 cmdide - ok

20:08:19.0650 5116 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

20:08:19.0674 5116 CNG - ok

20:08:19.0810 5116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:08:19.0811 5116 Compbatt - ok

20:08:19.0907 5116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:08:19.0914 5116 CompositeBus - ok

20:08:20.0017 5116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:08:20.0024 5116 crcdisk - ok

20:08:20.0267 5116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:08:20.0281 5116 DfsC - ok

20:08:20.0311 5116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:08:20.0312 5116 discache - ok

20:08:20.0385 5116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:08:20.0387 5116 Disk - ok

20:08:20.0535 5116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:08:20.0538 5116 drmkaud - ok

20:08:20.0673 5116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:08:20.0678 5116 DXGKrnl - ok

20:08:20.0761 5116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:08:20.0855 5116 ebdrv - ok

20:08:20.0998 5116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:08:21.0039 5116 elxstor - ok

20:08:21.0121 5116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:08:21.0123 5116 ErrDev - ok

20:08:21.0231 5116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:08:21.0234 5116 exfat - ok

20:08:21.0309 5116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:08:21.0313 5116 fastfat - ok

20:08:21.0455 5116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:08:21.0458 5116 fdc - ok

20:08:21.0635 5116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:08:21.0638 5116 FileInfo - ok

20:08:21.0744 5116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:08:21.0746 5116 Filetrace - ok

20:08:21.0809 5116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:08:21.0813 5116 flpydisk - ok

20:08:21.0986 5116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:08:21.0994 5116 FltMgr - ok

20:08:22.0117 5116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:08:22.0121 5116 FsDepends - ok

20:08:22.0216 5116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:08:22.0217 5116 Fs_Rec - ok

20:08:22.0439 5116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:08:22.0443 5116 fvevol - ok

20:08:22.0619 5116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:08:22.0623 5116 gagp30kx - ok

20:08:22.0802 5116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:08:22.0802 5116 GEARAspiWDM - ok

20:08:22.0942 5116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:08:22.0945 5116 hcw85cir - ok

20:08:23.0188 5116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:08:23.0191 5116 HDAudBus - ok

20:08:23.0422 5116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:08:23.0426 5116 HidBatt - ok

20:08:23.0725 5116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:08:23.0727 5116 HidBth - ok

20:08:23.0891 5116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:08:23.0898 5116 HidIr - ok

20:08:24.0124 5116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:08:24.0126 5116 HidUsb - ok

20:08:24.0264 5116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:08:24.0267 5116 HpSAMD - ok

20:08:24.0592 5116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:08:24.0626 5116 HTTP - ok

20:08:24.0741 5116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:08:24.0742 5116 hwpolicy - ok

20:08:24.0895 5116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:08:24.0898 5116 i8042prt - ok

20:08:25.0254 5116 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys

20:08:25.0257 5116 iaStor - ok

20:08:25.0459 5116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:08:25.0488 5116 iaStorV - ok

20:08:25.0598 5116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:08:25.0602 5116 iirsp - ok

20:08:26.0066 5116 IntcAzAudAddService (259ce97101024c2d2d80def9a7ff96e6) C:\Windows\system32\drivers\RTKVHD64.sys

20:08:26.0074 5116 IntcAzAudAddService - ok

20:08:26.0151 5116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:08:26.0154 5116 intelide - ok

20:08:26.0213 5116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:08:26.0213 5116 intelppm - ok

20:08:26.0347 5116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:08:26.0350 5116 IpFilterDriver - ok

20:08:26.0436 5116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:08:26.0439 5116 IPMIDRV - ok

20:08:26.0616 5116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:08:26.0620 5116 IPNAT - ok

20:08:26.0807 5116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:08:26.0810 5116 IRENUM - ok

20:08:26.0869 5116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:08:26.0873 5116 isapnp - ok

20:08:27.0125 5116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:08:27.0177 5116 iScsiPrt - ok

20:08:27.0266 5116 JMCR (c4c054b795fcba9e070d1425dd07a4e4) C:\Windows\system32\DRIVERS\jmcr.sys

20:08:27.0267 5116 JMCR - ok

20:08:27.0338 5116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:08:27.0338 5116 kbdclass - ok

20:08:27.0392 5116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:08:27.0394 5116 kbdhid - ok

20:08:27.0545 5116 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

20:08:27.0551 5116 KSecDD - ok

20:08:27.0631 5116 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

20:08:27.0634 5116 KSecPkg - ok

20:08:27.0736 5116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:08:27.0740 5116 ksthunk - ok

20:08:27.0943 5116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:08:27.0947 5116 lltdio - ok

20:08:28.0041 5116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:08:28.0045 5116 LSI_FC - ok

20:08:28.0081 5116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:08:28.0085 5116 LSI_SAS - ok

20:08:28.0162 5116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:08:28.0168 5116 LSI_SAS2 - ok

20:08:28.0256 5116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:08:28.0259 5116 LSI_SCSI - ok

20:08:28.0485 5116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:08:28.0488 5116 luafv - ok

20:08:28.0671 5116 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

20:08:28.0671 5116 LVPr2M64 - ok

20:08:28.0722 5116 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

20:08:28.0722 5116 LVPr2Mon - ok

20:08:28.0954 5116 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

20:08:29.0004 5116 LVRS64 - ok

20:08:30.0051 5116 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

20:08:30.0187 5116 LVUVC64 - ok

20:08:30.0421 5116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:08:30.0423 5116 megasas - ok

20:08:30.0678 5116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:08:30.0744 5116 MegaSR - ok

20:08:31.0161 5116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:08:31.0161 5116 Modem - ok

20:08:31.0280 5116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:08:31.0281 5116 monitor - ok

20:08:31.0617 5116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:08:31.0634 5116 mouclass - ok

20:08:31.0747 5116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:08:31.0750 5116 mouhid - ok

20:08:31.0846 5116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:08:31.0849 5116 mountmgr - ok

20:08:31.0971 5116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:08:31.0975 5116 mpio - ok

20:08:32.0251 5116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:08:32.0253 5116 mpsdrv - ok

20:08:32.0400 5116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:08:32.0403 5116 MRxDAV - ok

20:08:32.0476 5116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:08:32.0480 5116 mrxsmb - ok

20:08:32.0614 5116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:08:32.0714 5116 mrxsmb10 - ok

20:08:32.0817 5116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:08:32.0848 5116 mrxsmb20 - ok

20:08:33.0131 5116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:08:33.0135 5116 msahci - ok

20:08:33.0498 5116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:08:33.0500 5116 msdsm - ok

20:08:33.0906 5116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:08:33.0910 5116 Msfs - ok

20:08:34.0087 5116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:08:34.0120 5116 mshidkmdf - ok

20:08:34.0361 5116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:08:34.0363 5116 msisadrv - ok

20:08:34.0517 5116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:08:34.0521 5116 MSKSSRV - ok

20:08:34.0689 5116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:08:34.0703 5116 MSPCLOCK - ok

20:08:34.0910 5116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:08:34.0923 5116 MSPQM - ok

20:08:35.0235 5116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:08:35.0253 5116 MsRPC - ok

20:08:35.0506 5116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:08:35.0656 5116 mssmbios - ok

20:08:35.0816 5116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:08:35.0820 5116 MSTEE - ok

20:08:35.0978 5116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:08:35.0980 5116 MTConfig - ok

20:08:36.0141 5116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:08:36.0142 5116 Mup - ok

20:08:36.0359 5116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:08:36.0375 5116 NativeWifiP - ok

20:08:36.0812 5116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:08:36.0880 5116 NDIS - ok

20:08:37.0110 5116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:08:37.0113 5116 NdisCap - ok

20:08:37.0299 5116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:08:37.0302 5116 NdisTapi - ok

20:08:37.0573 5116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:08:37.0577 5116 Ndisuio - ok

20:08:37.0793 5116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:08:37.0797 5116 NdisWan - ok

20:08:38.0074 5116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:08:38.0077 5116 NDProxy - ok

20:08:38.0376 5116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:08:38.0379 5116 NetBIOS - ok

20:08:38.0529 5116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:08:38.0535 5116 NetBT - ok

20:08:38.0779 5116 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

20:08:38.0938 5116 netw5v64 - ok

20:08:38.0987 5116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:08:38.0991 5116 nfrd960 - ok

20:08:39.0134 5116 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys

20:08:39.0137 5116 NPF - ok

20:08:39.0175 5116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:08:39.0178 5116 Npfs - ok

20:08:39.0227 5116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:08:39.0228 5116 nsiproxy - ok

20:08:39.0797 5116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:08:39.0905 5116 Ntfs - ok

20:08:39.0977 5116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:08:39.0980 5116 Null - ok

20:08:40.0844 5116 nvlddmkm (fd8cd0e7a3045ee6e4c3a3694cdf7f39) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:08:40.0900 5116 nvlddmkm - ok

20:08:41.0417 5116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:08:41.0422 5116 nvraid - ok

20:08:41.0768 5116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:08:41.0826 5116 nvstor - ok

20:08:42.0006 5116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:08:42.0010 5116 nv_agp - ok

20:08:42.0243 5116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:08:42.0248 5116 ohci1394 - ok

20:08:42.0587 5116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:08:42.0592 5116 Parport - ok

20:08:42.0849 5116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:08:42.0851 5116 partmgr - ok

20:08:43.0126 5116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:08:43.0176 5116 pci - ok

20:08:43.0286 5116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:08:43.0289 5116 pciide - ok

20:08:43.0369 5116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:08:43.0403 5116 pcmcia - ok

20:08:43.0443 5116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:08:43.0444 5116 pcw - ok

20:08:43.0632 5116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:08:43.0706 5116 PEAUTH - ok

20:08:43.0902 5116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:08:43.0905 5116 PptpMiniport - ok

20:08:43.0969 5116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:08:43.0973 5116 Processor - ok

20:08:44.0128 5116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:08:44.0131 5116 Psched - ok

20:08:44.0416 5116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:08:44.0478 5116 ql2300 - ok

20:08:44.0605 5116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:08:44.0609 5116 ql40xx - ok

20:08:44.0710 5116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:08:44.0714 5116 QWAVEdrv - ok

20:08:44.0833 5116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:08:44.0837 5116 RasAcd - ok

20:08:44.0988 5116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:08:44.0990 5116 RasAgileVpn - ok

20:08:45.0236 5116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:08:45.0239 5116 Rasl2tp - ok

20:08:45.0629 5116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:08:45.0632 5116 RasPppoe - ok

20:08:45.0818 5116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:08:45.0824 5116 RasSstp - ok

20:08:46.0270 5116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:08:46.0345 5116 rdbss - ok

20:08:46.0531 5116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:08:46.0535 5116 rdpbus - ok

20:08:46.0743 5116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:08:46.0744 5116 RDPCDD - ok

20:08:47.0004 5116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:08:47.0006 5116 RDPENCDD - ok

20:08:47.0262 5116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:08:47.0263 5116 RDPREFMP - ok

20:08:47.0775 5116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

20:08:47.0792 5116 RDPWD - ok

20:08:48.0070 5116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:08:48.0075 5116 rdyboost - ok

20:08:48.0328 5116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:08:48.0331 5116 rspndr - ok

20:08:48.0580 5116 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:08:48.0586 5116 RTL8167 - ok

20:08:48.0757 5116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:08:48.0762 5116 sbp2port - ok

20:08:48.0997 5116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:08:49.0003 5116 scfilter - ok

20:08:49.0137 5116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:08:49.0140 5116 secdrv - ok

20:08:49.0483 5116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:08:49.0633 5116 Serenum - ok

20:08:50.0122 5116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:08:50.0130 5116 Serial - ok

20:08:50.0329 5116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:08:50.0336 5116 sermouse - ok

20:08:50.0457 5116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:08:50.0460 5116 sffdisk - ok

20:08:50.0533 5116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:08:50.0537 5116 sffp_mmc - ok

20:08:50.0596 5116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:08:50.0602 5116 sffp_sd - ok

20:08:50.0860 5116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:08:50.0864 5116 sfloppy - ok

20:08:51.0165 5116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:08:51.0171 5116 SiSRaid2 - ok

20:08:51.0509 5116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:08:51.0526 5116 SiSRaid4 - ok

20:08:51.0733 5116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:08:51.0737 5116 Smb - ok

20:08:52.0139 5116 smserial (5f1767b8281eeea159d8a37e33eb04ae) C:\Windows\system32\DRIVERS\smserial.sys

20:08:52.0186 5116 smserial - ok

20:08:52.0366 5116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:08:52.0367 5116 spldr - ok

20:08:52.0599 5116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:08:52.0715 5116 srv - ok

20:08:52.0853 5116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:08:52.0944 5116 srv2 - ok

20:08:53.0031 5116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:08:53.0048 5116 srvnet - ok

20:08:53.0227 5116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:08:53.0232 5116 stexstor - ok

20:08:53.0553 5116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:08:53.0555 5116 swenum - ok

20:08:53.0890 5116 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys

20:08:53.0895 5116 SynTP - ok

20:08:54.0464 5116 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

20:08:54.0570 5116 Tcpip - ok

20:08:54.0772 5116 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

20:08:54.0793 5116 TCPIP6 - ok

20:08:55.0183 5116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:08:55.0187 5116 tcpipreg - ok

20:08:55.0526 5116 TcUsb (03f3b34e066b6983dc6cade1d41f0e2c) C:\Windows\system32\Drivers\tcusb.sys

20:08:55.0527 5116 TcUsb - ok

20:08:55.0738 5116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:08:55.0746 5116 TDPIPE - ok

20:08:55.0829 5116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

20:08:55.0835 5116 TDTCP - ok

20:08:56.0020 5116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:08:56.0026 5116 tdx - ok

20:08:56.0102 5116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:08:56.0104 5116 TermDD - ok

20:08:56.0275 5116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:08:56.0280 5116 tssecsrv - ok

20:08:56.0458 5116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:08:56.0465 5116 TsUsbFlt - ok

20:08:56.0882 5116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:08:56.0887 5116 tunnel - ok

20:08:57.0088 5116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:08:57.0094 5116 uagp35 - ok

20:08:57.0304 5116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:08:57.0343 5116 udfs - ok

20:08:57.0746 5116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:08:57.0777 5116 uliagpkx - ok

20:08:58.0179 5116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:08:58.0182 5116 umbus - ok

20:08:58.0503 5116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:08:58.0545 5116 UmPass - ok

20:08:58.0978 5116 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

20:08:58.0995 5116 USBAAPL64 - ok

20:08:59.0542 5116 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

20:08:59.0568 5116 usbaudio - ok

20:08:59.0927 5116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:08:59.0931 5116 usbccgp - ok

20:09:00.0347 5116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:09:00.0355 5116 usbcir - ok

20:09:00.0725 5116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:09:00.0728 5116 usbehci - ok

20:09:01.0029 5116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:09:01.0138 5116 usbhub - ok

20:09:01.0405 5116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:09:01.0410 5116 usbohci - ok

20:09:01.0581 5116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:09:01.0584 5116 usbprint - ok

20:09:01.0692 5116 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:09:01.0696 5116 usbscan - ok

20:09:01.0831 5116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

20:09:01.0834 5116 USBSTOR - ok

20:09:01.0908 5116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

20:09:01.0909 5116 usbuhci - ok

20:09:02.0115 5116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:09:02.0116 5116 vdrvroot - ok

20:09:02.0187 5116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:09:02.0192 5116 vga - ok

20:09:02.0336 5116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:09:02.0340 5116 VgaSave - ok

20:09:02.0506 5116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:09:02.0509 5116 vhdmp - ok

20:09:02.0584 5116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:09:02.0587 5116 viaide - ok

20:09:02.0672 5116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:09:02.0675 5116 volmgr - ok

20:09:02.0985 5116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:09:03.0036 5116 volmgrx - ok

20:09:03.0812 5116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:09:03.0827 5116 volsnap - ok

20:09:04.0199 5116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:09:04.0203 5116 vsmraid - ok

20:09:04.0591 5116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:09:04.0596 5116 vwifibus - ok

20:09:04.0744 5116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:09:04.0750 5116 WacomPen - ok

20:09:04.0882 5116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:09:04.0887 5116 WANARP - ok

20:09:04.0896 5116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:09:04.0897 5116 Wanarpv6 - ok

20:09:05.0115 5116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:09:05.0123 5116 Wd - ok

20:09:05.0281 5116 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

20:09:05.0289 5116 WDC_SAM - ok

20:09:05.0560 5116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:09:05.0617 5116 Wdf01000 - ok

20:09:05.0769 5116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:09:05.0772 5116 WfpLwf - ok

20:09:05.0792 5116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:09:05.0794 5116 WIMMount - ok

20:09:05.0995 5116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:09:06.0000 5116 WinUsb - ok

20:09:06.0180 5116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:09:06.0182 5116 WmiAcpi - ok

20:09:06.0275 5116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:09:06.0283 5116 ws2ifsl - ok

20:09:06.0472 5116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:09:06.0496 5116 WudfPf - ok

20:09:06.0759 5116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:09:06.0809 5116 WUDFRd - ok

20:09:06.0895 5116 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0

20:09:06.0899 5116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

20:09:06.0899 5116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

20:09:06.0946 5116 Boot (0x1200) (6bd77fb06da1935928181df0aca4dc87) \Device\Harddisk0\DR0\Partition0

20:09:06.0950 5116 \Device\Harddisk0\DR0\Partition0 - ok

20:09:06.0952 5116 ============================================================

20:09:06.0952 5116 Scan finished

20:09:06.0952 5116 ============================================================

20:09:06.0973 3152 Detected object count: 1

20:09:06.0973 3152 Actual detected object count: 1

20:09:24.0834 3152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

20:09:24.0834 3152 \Device\Harddisk0\DR0 - ok

20:09:24.0835 3152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

20:09:28.0456 2596 Deinitialize success

Link to post
Share on other sites

Just to ask...in my C: drive there is a lot of suspicious stuff that I have no clue of where it came from. Things like $INPLACE.~TR, $WINDOWS.~Q, 9dcdab233d8e898400c4a06f2611, Boot, MSOCache. All of which are locked folders that I can't even get far into. The $WINDOWS.~Q>DATA> has folders my C: drive also has, namely Program Files, Program Files(x86), ProgramData, Users, Windows, however folders such as Program Files only has some of the programs my real Program Files in C: does, and when I open those program's folders, the stuff inside missing a lot of things its suppose to have (ex. it has Warcraft III, but going inside the folder, it only has one file pickup.listchecker)

Is this cause for concern? Cause i don't ever remember making folders like this intentionally or unintenionally. Also is my computer safe enough to use light internet use (such as to turn things in) and to type my homework assignments on Microsoft Word?

thanks for your help!

Link to post
Share on other sites

  • Staff

Hi,

Again my apologies for the delay. Somehow I missed your topic.

Are you currently experiencing any symptoms of infection? Have you ever reinstalled Windows on this computer?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Maybe im not doing it right but I didnt see a checkbox for the Terms and Agreements for ESET, cause my .txt looks very short lol. Also I had some questions in my above replys you didn't really answer so could you take a look at them again, especially things on rkill(should i not use it when i turn on my computer everytime?) and combofix(i tried to disable my AVG but somehow combofix still recognized it).

The ESET scanner caught 4 trojan things in my Spybot-Search and Destroy folder I believe, but the log doesnt say much

But here are the logs i got

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 8.5

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 14

Out of date Java installed!

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Adobe Reader X (10.0.1) Adobe Reader Out of Date!

Mozilla Firefox (3.6.23) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

``````````End of Log````````````

There aren't many symptoms persay, but I know I still have some type of virus/rootkit/malware on my computer, as everytime i run a anti-malware program it catches them, and also when i try to connect to my schools internet, it will block me and say that my computer has known bot-controlling things.

thanks again, i really appreciate your help

Link to post
Share on other sites

  • Staff

Hi,

Please list your questions clearly and succinctly in bullet form and I will do my best to answer them.

Post a log from an anti-malware program detecting malware.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 14

Adobe Flash Player ( 10.3.183.10)

Adobe Reader X (10.0.1)

Mozilla Firefox (3.6.23)

Restart your computer.

Get the latest version of Java, Adobe Reader, Adobe Flash Player, and Firefox.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Thanks for the response again,

Heres some questions

-Before i would run rkill right when my computer booted up just to try and slow/stop the malicious background programs...would this have affected any of your tests?

-Also when I ran combofix, even though disabling my AVG by the diretions, I believe combofix still recognized it was there....is this a problem?

-In my C: drive there is a lot of suspicious stuff that I have no clue of where it came from. Things like $INPLACE.~TR, $WINDOWS.~Q, 9dcdab233d8e898400c4a06f2611, Boot, MSOCache. All of which are locked folders that I can't even get far into. The $WINDOWS.~Q>DATA> has folders my C: drive also has, namely Program Files, Program Files(x86), ProgramData, Users, Windows, however folders such as Program Files only has some of the programs my real Program Files in C: does, and when I open those program's folders, the stuff inside missing a lot of things its suppose to have (ex. it has Warcraft III, but going inside the folder, it only has one file pickup.listchecker)

Is this cause for concern? Cause i don't ever remember making folders like this intentionally or unintenionally. Also is my computer safe enough to use light internet use (such as to turn things in) and to type my homework assignments on Microsoft Word?

-Also when I click on the download now links for adobe reader and flash, nothing happens(only thing that happens is my unchecked box for installing mcfee being checked again...meaning it refreshes the page?)

-I ran an updated quickscan on MBAM and it found nothing, and I also ran a updated Spybot-S&D and it found only a tracking cookie.

Thanks

Link to post
Share on other sites

  • Staff

Hi,

-Before i would run rkill right when my computer booted up just to try and slow/stop the malicious background programs...would this have affected any of your tests?
It shouldn't have affected anything, no.
-Also when I ran combofix, even though disabling my AVG by the diretions, I believe combofix still recognized it was there....is this a problem?
Not a problem.
-In my C: drive there is a lot of suspicious stuff that I have no clue of where it came from. Things like $INPLACE.~TR, $WINDOWS.~Q, 9dcdab233d8e898400c4a06f2611, Boot, MSOCache. All of which are locked folders that I can't even get far into. The $WINDOWS.~Q>DATA> has folders my C: drive also has, namely Program Files, Program Files(x86), ProgramData, Users, Windows, however folders such as Program Files only has some of the programs my real Program Files in C: does, and when I open those program's folders, the stuff inside missing a lot of things its suppose to have (ex. it has Warcraft III, but going inside the folder, it only has one file pickup.listchecker)
That just means you upgraded from Vista to 7 without formatting the hard drive. See here:

http://www.howtogeek.com/howto/6685/what-are-the-inplace.tr-and-windows.q-folders-and-can-i-delete-them/

Is this cause for concern? Cause i don't ever remember making folders like this intentionally or unintenionally. Also is my computer safe enough to use light internet use (such as to turn things in) and to type my homework assignments on Microsoft Word?
Yes, it should be safe to resume working on this computer.
-Also when I click on the download now links for adobe reader and flash, nothing happens(only thing that happens is my unchecked box for installing mcfee being checked again...meaning it refreshes the page?)
Does it happen for Internet Explorer and Firefox?
Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.