PDA

View Full Version : Click.giftload Victim...another


Lorelai
2011-05-14, 21:57
Hey,

Hope someone on this forum can help me- I'm not the best at this kind of stuff so feel free to dumb it down for me a bit.

Have got the Click.Giftload problem that others have and maybe another. Fake security pop ups are driving me crazy, my computer has slowed to a crawl and cuts to the blue screen of death every 2 hours or so. It annoyingly changes my windows theme to classic all the time, sometimes the windows XP option disappears when I try to change it back. Windows automatic updates seems to be on, although it keeps popping up saying it's off- I am also unable to update anything myself from the windows site.

I'm using quite an old computer, Windows XP Home and use Firefox exclusively. I have AVG Free which finds nothing when I run it. Spybot can find the virus but doesn't do anything with it- it just finds it over and over again. I downloaded Malaware Bytes which found it the first time, but cut to a blue screen and I haven't been able to run it fully without this happening again. All 3 are fully updated.

Thanks in advance, I appreciate any help.........Lorelei.

Here is DSS log...

s .
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lorelei Walker at 20:36:03.21 on 14/05/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.99 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Kathryn Sharkey.THOMAS-H63N1KI6\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/firefox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IE Privacy Keeper] "c:\program files\unh solutions\ie privacy keeper\IEPrivacyKeeper.exe" -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120596427687
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://g:\resources\IntraLaunch.CAB
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\kathry~1.tho\applic~1\mozilla\firefox\profiles\sw3vmvw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-19 243152]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-3 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2011-4-1 64000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 136176]
S3 Avdieaacwch;Avdieaacwch;c:\windows\system32\drivers\rdpdr.sys [2006-1-27 196224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
.
=============== Created Last 30 ================
.
2011-05-13 23:20:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 23:19:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 21:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 01:56:12 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-07 01:56:12 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-07 01:56:12 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-07 01:56:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-07 01:56:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-07 01:56:10 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-07 01:56:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-07 01:56:09 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-01 02:28:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002
2011-04-30 18:02:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 18:02:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 17:42:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-15 01:26:35 -------- d-----w- c:\docume~1\kathry~1.tho\locals~1\applic~1\Trusteer
.
==================== Find3M ====================
.
2011-04-05 22:41:32 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-02-10 11:47:51 0 -csh--r- c:\program files\q330994.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380021A rev.3.19 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x833194F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8331f7d0]; MOV EAX, [0x8331f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8334AAB8]
3 CLASSPNP[0xF8695FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000065[0x83388F18]
5 ACPI[0xF85EC620] -> nt!IofCallDriver[0x804E37C5] -> [0x83385D98]
\Driver\atapi[0x83347328] -> IRP_MJ_CREATE -> 0x833194F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8331933B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:38:45.53 ===============
redcar92
2011-05-16, 02:38
Hello Lorelai and :snwelcome:
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

Stay with this topic until I give you the all clean post.[/b]
Lorelai
2011-05-16, 23:09
:thanks:

I appreciate any help you can give Bill...will await instructions from you.
redcar92
2011-05-17, 04:08
Greetings Lorelei,
It appears that you have a TDL3 rootkit, so please do the following first:

Please read carefully and follow these steps.

Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i1176.photobucket.com/albums/x337/redcar92/WTT/TDSSKiller/TDSSKiller1.png
If an infected file is detected, the default action will be Cure, click on Continue.

http://i1176.photobucket.com/albums/x337/redcar92/WTT/TDSSKiller/TDSSKiller2.png

If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i1176.photobucket.com/albums/x337/redcar92/WTT/TDSSKiller/TDSSKiller3.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file in your next post.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next post.



Logs to post:
TDSSKiller?????.txt
Lorelai
2011-05-18, 01:06
Ran TDSSKiller, it found something and cured it, then rebooted.

Here's the report...




2011/05/17 23:53:24.0962 3992 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 23:53:25.0292 3992 ================================================================================
2011/05/17 23:53:25.0292 3992 SystemInfo:
2011/05/17 23:53:25.0292 3992
2011/05/17 23:53:25.0292 3992 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/17 23:53:25.0292 3992 Product type: Workstation
2011/05/17 23:53:25.0292 3992 ComputerName: H63N1KI6
2011/05/17 23:53:25.0292 3992 UserName: Lorelai Walker
2011/05/17 23:53:25.0292 3992 Windows directory: C:\WINDOWS
2011/05/17 23:53:25.0292 3992 System windows directory: C:\WINDOWS
2011/05/17 23:53:25.0292 3992 Processor architecture: Intel x86
2011/05/17 23:53:25.0292 3992 Number of processors: 1
2011/05/17 23:53:25.0292 3992 Page size: 0x1000
2011/05/17 23:53:25.0292 3992 Boot type: Normal boot
2011/05/17 23:53:25.0292 3992 ================================================================================
2011/05/17 23:53:26.0564 3992 Initialize success
2011/05/17 23:53:32.0142 1380 ================================================================================
2011/05/17 23:53:32.0142 1380 Scan started
2011/05/17 23:53:32.0142 1380 Mode: Manual;
2011/05/17 23:53:32.0142 1380 ================================================================================
2011/05/17 23:53:34.0735 1380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/17 23:53:34.0855 1380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/17 23:53:35.0126 1380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/17 23:53:35.0306 1380 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/17 23:53:35.0536 1380 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/17 23:53:36.0057 1380 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/17 23:53:36.0438 1380 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/17 23:53:36.0868 1380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/17 23:53:37.0239 1380 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/05/17 23:53:37.0469 1380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/17 23:53:37.0719 1380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/17 23:53:37.0870 1380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/17 23:53:38.0050 1380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/17 23:53:38.0300 1380 Avdieaacwch (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\drivers\rdpdr.sys
2011/05/17 23:53:38.0560 1380 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/05/17 23:53:38.0671 1380 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/05/17 23:53:38.0771 1380 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/05/17 23:53:38.0881 1380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/17 23:53:39.0131 1380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/17 23:53:39.0311 1380 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/17 23:53:39.0622 1380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/17 23:53:39.0822 1380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/17 23:53:40.0043 1380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/17 23:53:40.0633 1380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/17 23:53:40.0904 1380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/17 23:53:41.0194 1380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/17 23:53:41.0434 1380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/17 23:53:41.0605 1380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/17 23:53:41.0765 1380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/17 23:53:42.0025 1380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/17 23:53:42.0195 1380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/17 23:53:42.0436 1380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/17 23:53:42.0646 1380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/17 23:53:42.0886 1380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/17 23:53:43.0167 1380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/17 23:53:43.0347 1380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/17 23:53:43.0587 1380 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/17 23:53:43.0828 1380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/17 23:53:43.0948 1380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/17 23:53:44.0398 1380 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/17 23:53:44.0639 1380 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/17 23:53:44.0789 1380 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/17 23:53:45.0160 1380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/17 23:53:45.0480 1380 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/17 23:53:45.0680 1380 Intels51 (eb6d8e9cd813596b6d59d878337a4998) C:\WINDOWS\system32\DRIVERS\Intels51.sys
2011/05/17 23:53:46.0061 1380 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/17 23:53:46.0261 1380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/17 23:53:46.0491 1380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/17 23:53:46.0682 1380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/17 23:53:46.0792 1380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/17 23:53:47.0022 1380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/17 23:53:47.0282 1380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/17 23:53:47.0473 1380 Jukebox3 (c4d1e49a7d853a6fdfe8ec2906ae5aaa) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
2011/05/17 23:53:47.0693 1380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/17 23:53:47.0963 1380 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/17 23:53:48.0124 1380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/17 23:53:48.0184 1380 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/17 23:53:48.0464 1380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/17 23:53:48.0634 1380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/17 23:53:48.0694 1380 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/17 23:53:48.0885 1380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/17 23:53:49.0075 1380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/17 23:53:49.0235 1380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/17 23:53:49.0515 1380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/17 23:53:49.0616 1380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/17 23:53:49.0826 1380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/17 23:53:50.0016 1380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/17 23:53:50.0216 1380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/17 23:53:50.0417 1380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/17 23:53:50.0477 1380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/17 23:53:50.0737 1380 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/05/17 23:53:50.0937 1380 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/17 23:53:51.0138 1380 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/17 23:53:51.0348 1380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/17 23:53:51.0528 1380 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/17 23:53:51.0718 1380 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/17 23:53:51.0959 1380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/17 23:53:52.0079 1380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/17 23:53:52.0249 1380 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/17 23:53:52.0490 1380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/17 23:53:52.0770 1380 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/17 23:53:52.0880 1380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/17 23:53:53.0120 1380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/17 23:53:53.0441 1380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/17 23:53:53.0761 1380 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/17 23:53:54.0142 1380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/17 23:53:54.0332 1380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/17 23:53:54.0552 1380 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/17 23:53:54.0663 1380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/17 23:53:54.0903 1380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/17 23:53:55.0113 1380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/17 23:53:55.0203 1380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/17 23:53:55.0454 1380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/17 23:53:55.0634 1380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/17 23:53:55.0864 1380 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/05/17 23:53:56.0465 1380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/17 23:53:56.0645 1380 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/17 23:53:56.0916 1380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/17 23:53:57.0126 1380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/17 23:53:57.0296 1380 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/17 23:53:57.0807 1380 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/17 23:53:57.0947 1380 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/17 23:53:58.0087 1380 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/05/17 23:53:58.0227 1380 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/17 23:53:58.0348 1380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/17 23:53:58.0568 1380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/17 23:53:58.0748 1380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/17 23:53:59.0008 1380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/17 23:53:59.0219 1380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/17 23:53:59.0439 1380 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/17 23:53:59.0699 1380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/17 23:54:00.0010 1380 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/05/17 23:54:00.0270 1380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/17 23:54:00.0410 1380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/17 23:54:00.0601 1380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/17 23:54:00.0871 1380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/17 23:54:01.0131 1380 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/17 23:54:01.0352 1380 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/05/17 23:54:01.0562 1380 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/17 23:54:01.0962 1380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/17 23:54:02.0083 1380 SQTECH905C (545a8412a9349074132330ad5b30e09a) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/05/17 23:54:02.0403 1380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/17 23:54:02.0653 1380 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/17 23:54:02.0974 1380 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/17 23:54:03.0164 1380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/17 23:54:03.0374 1380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/17 23:54:03.0685 1380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/17 23:54:03.0855 1380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/17 23:54:04.0105 1380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/17 23:54:04.0296 1380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/17 23:54:04.0476 1380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/17 23:54:04.0846 1380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/17 23:54:05.0137 1380 UPATC (2345843f5a031a943176e9e4954c288d) C:\WINDOWS\system32\DRIVERS\upatc.sys
2011/05/17 23:54:05.0397 1380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/17 23:54:05.0628 1380 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/17 23:54:05.0838 1380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/17 23:54:06.0038 1380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/17 23:54:06.0178 1380 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/17 23:54:06.0359 1380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/17 23:54:06.0609 1380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/17 23:54:06.0789 1380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/17 23:54:06.0979 1380 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/05/17 23:54:07.0190 1380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/17 23:54:07.0460 1380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/17 23:54:07.0650 1380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/17 23:54:07.0911 1380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/17 23:54:08.0061 1380 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/05/17 23:54:08.0221 1380 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/05/17 23:54:08.0451 1380 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/05/17 23:54:08.0612 1380 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/05/17 23:54:08.0852 1380 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/17 23:54:09.0022 1380 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/17 23:54:09.0202 1380 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/17 23:54:09.0393 1380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/17 23:54:09.0603 1380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/17 23:54:09.0803 1380 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/17 23:54:09.0813 1380 ================================================================================
2011/05/17 23:54:09.0813 1380 Scan finished
2011/05/17 23:54:09.0813 1380 ================================================================================
2011/05/17 23:54:09.0853 1040 Detected object count: 1
2011/05/17 23:54:19.0256 1040 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/17 23:54:19.0256 1040 \HardDisk0 - ok
2011/05/17 23:54:19.0256 1040 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/17 23:54:52.0922 2668 Deinitialize success
redcar92
2011-05-18, 02:23
Greetings Lorelei,
TDSSkiller did a good job for us.:bigthumb:

***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


If you have AVG you will need to uninstall it. See this site for the removal tool. http://www.avg.com/us-en/download-tools Select the topmost listed tool.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CFRCNeeded.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CF2.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Lorelai
2011-05-18, 06:04
Should I be switching my antiviruses etc back on already- I'm not even sure if I was able to stop them all prior to running Combofix, but here's the log.

Thank-you :crowned:




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Walker\Application Data\Xeywd
c:\documents and settings\Walker\Application Data\Xeywd\zaxes.odc
c:\documents and settings\Walker\Start Menu\Programs\System Tool
c:\documents and settings\Walker\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\documents and settings\Walker\WINDOWS
c:\program files\filesubmit
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-13 23:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 21:04 . 2011-05-13 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 01:56 . 2011-05-07 01:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 01:56 . 2011-05-07 01:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 01:56 . 2011-05-07 01:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 01:56 . 2011-05-07 01:56 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 01:56 . 2011-05-07 01:56 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 01:56 . 2011-05-07 01:56 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-07 01:56 . 2011-05-07 01:56 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 13:42 . 2011-05-05 13:42 0 ----a-w- c:\documents and settings\Walker\ntuser.tmp
2011-05-01 02:28 . 2011-05-03 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\fB31002DoMfE31002
2011-04-30 18:02 . 2011-04-30 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 17:42 . 2011-04-30 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\lH31002MdBlM31002
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-22 21:54 . 2011-04-22 21:54 -------- d-----w- c:\documents and settings\Walker\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 22:41 . 2011-03-31 23:27 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-02-10 11:47 . 2004-11-10 14:30 0 -csh--r- c:\program files\q330994.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Walker\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 00:11 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Connection Manager.lnk]
backup=c:\windows\pss\PC Connection Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H63N1KI6^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-27 17:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 07:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [03/05/2011 02:19 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [01/04/2011 14:20 64000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 Avdieaacwch;Avdieaacwch;c:\windows\system32\drivers\rdpdr.sys [27/01/2006 19:53 196224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 13:00 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/firefox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://g:\resources\IntraLaunch.CAB
FF - ProfilePath - c:\documents and settings\H63N1KI6\Application Data\Mozilla\Firefox\Profiles\sw3vmvw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast,
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-ares ultra - c:\program files\Ares Ultra\Ares Ultra.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 04:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-1532298954-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F71501F-0A8F-B548-77D8-A869FAD7956B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacjlabliplkoada"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,6d,
6a,6e,6e,62,00,00
"jaiakdhnjhdicambgmhi"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,
6d,6a,6e,6e,62,00,00
"faiponchmedf"=hex:69,61,6f,6d,6a,6b,65,61,64,68,63,6c,64,6c,63,65,6b,63,00,00
.
Completion time: 2011-05-18 04:52:06
ComboFix-quarantined-files.txt 2011-05-18 03:51
ComboFix2.txt 2010-05-19 15:49
.
Pre-Run: 13,870,997,504 bytes free
Post-Run: 13,913,698,304 bytes free
.
- - End Of File - - D0BA14A172EDC7EE61B407DD267AB73A
redcar92
2011-05-20, 03:12
Greetings Lorelei,
You should switch Anti-virus off when running the Combofix program, after it completes you should switch it back on again for normal PC use. We will now use Combofix again so turn AV off until log is complete and Combofix completes.

Next

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:




File::
c:\program files\q330994.exe

Dirlook::
c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002
c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

http://i1176.photobucket.com/albums/x337/redcar92/WTT/CF/CFscript.png

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Also let me know how your PC is behaving now.
Lorelai
2011-05-20, 05:37
I'm so happy to say that my computer's problems appear to be fixed. No pop ups, changes or blue screens:laugh: So far so good.

Combofix report below- I don't think it found anything, I wasn't asked to cure or restart etc.




* Created a new restore point
.
FILE ::
"c:\program files\q330994.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-18 18:16 . 2011-05-18 18:16 -------- d-----w- c:\documents and settings\Walker\Application Data\AVG10
2011-05-18 04:28 . 2011-05-18 04:28 -------- d-----w- c:\documents and settings\H63N1KI6\Application Data\AVG10
2011-05-18 04:07 . 2011-05-18 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-13 23:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 21:04 . 2011-05-13 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-07 01:56 . 2011-05-07 01:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 01:56 . 2011-05-07 01:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 01:56 . 2011-05-07 01:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 01:56 . 2011-05-07 01:56 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 01:56 . 2011-05-07 01:56 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 01:56 . 2011-05-07 01:56 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-07 01:56 . 2011-05-07 01:56 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 13:42 . 2011-05-05 13:42 0 ----a-w- c:\documents and settings\ntuser.tmp
2011-05-01 02:28 . 2011-05-03 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\fB31002DoMfE31002
2011-04-30 18:02 . 2011-04-30 18:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 17:42 . 2011-04-30 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\lH31002MdBlM31002
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-22 21:54 . 2011-04-22 21:54 -------- d-----w- c:\documents and settings\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 22:41 . 2011-03-31 23:27 3398 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-02-10 11:47 . 2004-11-10 14:30 0 -csh--r- c:\program files\q330994.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-07 01:56 . 2011-05-07 01:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002 ----
.
2011-05-01 02:28 . 2011-05-02 01:21 192 ----a-w- c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002\fB31002DoMfE31002
.
---- Directory of c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002 ----
.
2011-04-30 17:42 . 2011-04-30 17:53 192 ----a-w- c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002\lH31002MdBlM31002
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_03.47.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-05-20 03:00 . 2011-05-20 03:00 16384 c:\windows\TEMP\Perflib_Perfdata_600.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2011-05-18 04:14 . 2011-05-18 04:14 219648 c:\windows\Installer\28dbdc.msi
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2005-07-05 21:20 . 2011-04-29 10:29 42829768 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 00:11 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Connection Manager.lnk]
backup=c:\windows\pss\PC Connection Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H63N1KI6^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-27 17:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 07:33 202016 -c--a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [03/05/2011 02:19 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [01/04/2011 14:20 64000]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 Avdieaacwch;Avdieaacwch;c:\windows\system32\drivers\rdpdr.sys [27/01/2006 19:53 196224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2010 20:49 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 13:00 14336]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 19:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/firefox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://g:\resources\IntraLaunch.CAB
FF - ProfilePath - c:\documents and settings\H63N1KI6\Application Data\Mozilla\Firefox\Profiles\sw3vmvw9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 04:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-1532298954-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F71501F-0A8F-B548-77D8-A869FAD7956B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacjlabliplkoada"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,6d,
6a,6e,6e,62,00,00
"jaiakdhnjhdicambgmhi"=hex:6b,61,63,6d,66,6d,67,66,66,62,69,69,6d,6c,65,61,6b,
6d,6a,6e,6e,62,00,00
"faiponchmedf"=hex:69,61,6f,6d,6a,6b,65,61,64,68,63,6c,64,6c,63,65,6b,63,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-20 04:24:46
ComboFix-quarantined-files.txt 2011-05-20 03:24
ComboFix2.txt 2011-05-18 03:52
ComboFix3.txt 2010-05-19 15:49
.
Pre-Run: 13,882,036,224 bytes free
Post-Run: 13,856,366,592 bytes free
.
- - End Of File - - 2C595597631D506E574BA5C71D9EB446

:rockon:
redcar92
2011-05-21, 01:45
Greetings Lorelei,
I am glad to hear that your PC is acting better, :rockon:before we finish up we need to do a couple more things.

Please go to one of the below sites to scan the following files:
jotti.org (http://virusscan.jotti.org/)
Virus Total (http://www.virustotal.com)

click on Browse, and upload the following file for analysis:

c:\docume~1\alluse~1\applic~1\fB31002DoMfE31002\fB31002DoMfE31002
c:\docume~1\alluse~1\applic~1\lH31002MdBlM31002\lH31002MdBlM31002


Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Lorelai
2011-05-21, 03:00
Hey,

Those sites found nothing:D:

Computer is still running well too- no recurrence of problems....
redcar92
2011-05-21, 03:36
Greetings Lorelei,
Excellent, I think we are on the downhill side now, :bigthumb: make sure your Anti-Virus is active now.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean


Next
I see in your logs that you have Malwarebytes installed on your system.


Double click on MalwareBytes, mbam.exe to run it.
If Malwarebytes asks to update click on yes, if you are not asked.
Click on the Update tab then click on Check for updates.
After updates finish, click on the Scanner tab. Select Perform quick scan.
Click on Scan button.
When finished copy/paste the contents of mbam.txt into your next post please.


Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes if there are any infections you will see a List of found threats.
Click Export to text file
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
If no threats are found there will be no list, this is good, just tell me that no threats were found.

Logs to post:


mbam.txt
results of ESET if infection found
Lorelai
2011-05-21, 22:33
I am the unluckiest person ever... I have another virus. Only a different one from before, it's a fake Windows XP Home Security one. Pops up in the corner of my screen every minute or so, has switched off my firewall, etc.

Spybot is the only antivirus I can get running- AVG and Malware Bytes won't start up.
Spybot is finding 30 odd Fraud.InternetSecurity2010 and 2011 entries.

This is so disheartening, how did I get this again.
redcar92
2011-05-22, 14:27
Greetings Lorelei,:eek:
I am not sure how. I realize that removing and reinstalling AVG between Conbofix runs is quite annoying but with AV disabled or uninstalled, you should only go on line to post here. You could install AVAST AV, it is easily disabled. You can find it here (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button) if you wish. If you use AVAST make sure that you do not use AVG also, only one AV per system.

Next
You should still have DDS installed on your PC.
Double click dds.scr to run the tool.
When done, two DDS.txt's will open.
Save only DDS.txt to your desktop.
Please include the contents of the following in your reply using Copy / Paste:
DDS.txt
redcar92
2011-05-27, 23:45
Hello Lorelai, are you still here.
Lorelai
2011-05-28, 00:36
Hey,

I just got my computer back today - after I posted last time things just got worse and I couldn't get on the internet at all, or run any antivirus...or anything really.

I'm sure I could have done something to fix it, but to be honest I just ran out of patience. I just decided to pay an expert to take it away for a few days and fix it without me having to get annoyed with my own attempts. Totally worth it, my computer hasn't run this beautifully for 2 years or so.

I want to thank you for the time and effort you put in to helping me, and I hope you keep up your efforts with people who are just more tech savvy than me. :thanks:

All the best,

Lorelai.
redcar92
2011-05-28, 00:41
Lorelei, Thanks for the update, I know malware removal can be very stressful and frustrating, best of luck to you.