1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

false virus scanner- probable rootkit

Discussion in 'Virus & Other Malware Removal' started by Ryuukaze, Dec 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    Hello my name is Tom. Earlier this morning while surfing the web via firefox a false virus scanner popped up with a security alert in the taskbar. It had somehow installed itself, possibly from firefox or from my email. It said i do not currently have a firewall running and suggested installing one. I started microsoft security essentials to find it. I disconnected my internet access to keep it for calling for help. Then the false scanner popped up showing a scan in progress. (one of those that shows umpteen thousand viruses found)

    I found it and shut it down using taskmanager (wasn't smart enough to remember/make note of the program name) The program restarted, firefox crashed and I was unable to start firefox, internet explorer or google chrome. No other programs crashed that I could see. Before security essentials completed ITS scan the computer bugged out and I eventually had to reset it.



    Upon reset I found that no programs at all would run. I would only get something like the following error message :

    -The procedure entry point mswsock.migratewinsockconguration could not be found



    I searched for solutions on my ipod, but most required internet access to download Rkiller or Hijackthis. After a bit of mucking about I realized I could open pictures. So I right clicked a picture>open with> internet explorer and managed to download Rkill.exe When I ran it it killed one process and I could launch .exe files once more. I found techguy, registered and now would like help mopping up my mess if someone would be so kind.

    The computer remains sluggish (I finished typing most of this before it even showed up on screen) and has incredible difficulty booting.



    Thank you
     

    Attached Files:

  2. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    ----------------------

    Hijack this log:

    -----------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:24:28 AM, on 12/18/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\System32\ping.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 62.212.84.38 tracker.empornium.us62.212.84.38 download.empornium.us62.212.84.235 www.empornium.us forums.empornium.us empornium.us
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -b
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [P-Install] D:\Install\installerp1.exe e
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Steam] "E:\Programs\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinDrivxxx.exe] C:\WinDrivxxx.exe\WinDrivxxx.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
     
  3. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    DDS (Ver_2011-08-26.01) - NTFSx86 DSREPAIR
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Tom Daigle at 11:24:37 on 2011-12-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.572 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\ping.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Steam] "e:\programs\steam\steam.exe" -silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WinDrivxxx.exe] c:\windrivxxx.exe\WinDrivxxx.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QveCtl2Tray] c:\program files\philips\sound agent 2\mc500cpl.exe
    mRun: [WTClient] WTClient.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [P-Install] d:\install\installerp1.exe e
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [WinDrivxxx.exe] c:\windrivxxx.exe\WinDrivxxx.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\finest~1.lnk - c:\windows\installer\{07b222f4-6640-433e-af02-007f5e2cdb9b}\MainIcon.ico
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8185 wireless lan utility\RtWLan.exe
    IE: Free YouTube Download - c:\documents and settings\tom daigle\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\tom daigle\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263522022747
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{261DC9A7-3D04-4395-8049-E425AF5048E7} : DhcpNameServer = 192.168.0.30 192.168.0.1
    TCP: Interfaces\{703E5B80-5D90-4D3F-B7B8-FC672CC13F55} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C7CE0DA3-0FE8-4E49-9CDF-E7CC0B35B6C1} : DhcpNameServer = 192.168.0.30 192.168.0.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: Btmchk - {6DFAF370-0ED5-4D10-A0DC-9C4CEFB707BA} - c:\documents and settings\tom daigle\local settings\temp\adobe\AdobeRdrPlug.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 62.212.84.38 tracker.empornium.us62.212.84.38 download.empornium.us62.212.84.235 www.empornium.us forums.empornium.us empornium.us
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\tom daigle\application data\mozilla\firefox\profiles\14o2zbj5.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\documents and settings\tom daigle\application data\mozilla\firefox\profiles\14o2zbj5.default\extensions\[email protected]\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\tom daigle\application data\mozilla\firefox\profiles\14o2zbj5.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\programs\firefox4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Read It Later: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: SkipScreen: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: tektek.org GaiaOnline Toolbar 2.1: {0df7b3bb-9581-44bb-835f-061a29ec8a46} - %profile%\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
    FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-17 64512]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl887c3eaa;MpKsl887c3eaa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl887c3eaa.sys [2011-12-18 29904]
    R1 MpKsl99c162d1;MpKsl99c162d1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl99c162d1.sys [2011-12-18 29904]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-10-1 38144]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-8 54760]
    R2 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\drivers\uacbflt.sys [2003-7-16 15104]
    R3 psa500;Sound Agent 2 for Audio Set (WDM);c:\windows\system32\drivers\psa500.sys [2010-1-16 414976]
    R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [2010-1-16 16256]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-1-14 1390976]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
    S1 MpKsl02066459;MpKsl02066459;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\mpksl02066459.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\MpKsl02066459.sys [?]
    S1 MpKsl079ff7ef;MpKsl079ff7ef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl079ff7ef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl079ff7ef.sys [?]
    S1 MpKsl080684f6;MpKsl080684f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{063d0995-a04b-4e26-886e-87e60ee6ded3}\mpksl080684f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{063d0995-a04b-4e26-886e-87e60ee6ded3}\MpKsl080684f6.sys [?]
    S1 MpKsl0d163b2e;MpKsl0d163b2e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpksl0d163b2e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKsl0d163b2e.sys [?]
    S1 MpKsl1125ad8c;MpKsl1125ad8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl1125ad8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl1125ad8c.sys [?]
    S1 MpKsl1537001d;MpKsl1537001d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\mpksl1537001d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\MpKsl1537001d.sys [?]
    S1 MpKsl160fa233;MpKsl160fa233;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\mpksl160fa233.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\MpKsl160fa233.sys [?]
    S1 MpKsl17ea2e91;MpKsl17ea2e91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpksl17ea2e91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKsl17ea2e91.sys [?]
    S1 MpKsl19bb6f32;MpKsl19bb6f32;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5162cf0c-7ceb-493e-a6bc-c720826d5333}\mpksl19bb6f32.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5162cf0c-7ceb-493e-a6bc-c720826d5333}\MpKsl19bb6f32.sys [?]
    S1 MpKsl1f520b51;MpKsl1f520b51;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\mpksl1f520b51.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\MpKsl1f520b51.sys [?]
    S1 MpKsl208ccf2b;MpKsl208ccf2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c30d9e0-2bd2-4e4d-ad47-1a45c527810e}\mpksl208ccf2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c30d9e0-2bd2-4e4d-ad47-1a45c527810e}\MpKsl208ccf2b.sys [?]
    S1 MpKsl22919809;MpKsl22919809;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9b997e2-efaa-46c6-b640-7bbbffa0eb72}\mpksl22919809.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9b997e2-efaa-46c6-b640-7bbbffa0eb72}\MpKsl22919809.sys [?]
    S1 MpKsl261032d1;MpKsl261032d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820343b9-f22f-47aa-bd0c-839b1ac45446}\mpksl261032d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820343b9-f22f-47aa-bd0c-839b1ac45446}\MpKsl261032d1.sys [?]
    S1 MpKsl286386b0;MpKsl286386b0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl286386b0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl286386b0.sys [?]
    S1 MpKsl2a3e0155;MpKsl2a3e0155;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl2a3e0155.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl2a3e0155.sys [?]
    S1 MpKsl2ad2e169;MpKsl2ad2e169;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpksl2ad2e169.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKsl2ad2e169.sys [?]
    S1 MpKsl2cb92887;MpKsl2cb92887;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec323388-0095-4ad0-bdaa-cd8f23013759}\mpksl2cb92887.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec323388-0095-4ad0-bdaa-cd8f23013759}\MpKsl2cb92887.sys [?]
    S1 MpKsl2cf64bcc;MpKsl2cf64bcc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl2cf64bcc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl2cf64bcc.sys [?]
    S1 MpKsl2cff8af8;MpKsl2cff8af8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\mpksl2cff8af8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\MpKsl2cff8af8.sys [?]
    S1 MpKsl2f6fb540;MpKsl2f6fb540;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\mpksl2f6fb540.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\MpKsl2f6fb540.sys [?]
    S1 MpKsl31c0f7ab;MpKsl31c0f7ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl31c0f7ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl31c0f7ab.sys [?]
    S1 MpKsl31ef50ce;MpKsl31ef50ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1e20fe5-3224-4960-95d7-474a8e07a0f1}\mpksl31ef50ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1e20fe5-3224-4960-95d7-474a8e07a0f1}\MpKsl31ef50ce.sys [?]
    S1 MpKsl33bd5282;MpKsl33bd5282;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\mpksl33bd5282.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\MpKsl33bd5282.sys [?]
    S1 MpKsl38e7fe98;MpKsl38e7fe98;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl38e7fe98.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl38e7fe98.sys [?]
    S1 MpKsl40c1ed45;MpKsl40c1ed45;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\mpksl40c1ed45.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\MpKsl40c1ed45.sys [?]
    S1 MpKsl41f20227;MpKsl41f20227;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df55624-bb03-47df-9263-22d26559f0a2}\mpksl41f20227.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df55624-bb03-47df-9263-22d26559f0a2}\MpKsl41f20227.sys [?]
    S1 MpKsl45aeb636;MpKsl45aeb636;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\mpksl45aeb636.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\MpKsl45aeb636.sys [?]
    S1 MpKsl47477c29;MpKsl47477c29;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\mpksl47477c29.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\MpKsl47477c29.sys [?]
    S1 MpKsl49b8e9b3;MpKsl49b8e9b3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpksl49b8e9b3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKsl49b8e9b3.sys [?]
    S1 MpKsl49cdc09b;MpKsl49cdc09b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl49cdc09b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl49cdc09b.sys [?]
    S1 MpKsl4a0acef6;MpKsl4a0acef6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl4a0acef6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl4a0acef6.sys [?]
    S1 MpKsl4b1fa8e4;MpKsl4b1fa8e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c30f494-d3e7-4050-a2d1-e2bf29653f55}\mpksl4b1fa8e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c30f494-d3e7-4050-a2d1-e2bf29653f55}\MpKsl4b1fa8e4.sys [?]
    S1 MpKsl4b825923;MpKsl4b825923;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl4b825923.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl4b825923.sys [?]
    S1 MpKsl50cc7d85;MpKsl50cc7d85;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\mpksl50cc7d85.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\MpKsl50cc7d85.sys [?]
    S1 MpKsl52b41502;MpKsl52b41502;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\mpksl52b41502.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\MpKsl52b41502.sys [?]
    S1 MpKsl535556f6;MpKsl535556f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl535556f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl535556f6.sys [?]
    S1 MpKsl54d346a1;MpKsl54d346a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71a30bc2-590f-4240-b83f-fbd9ac9ac18b}\mpksl54d346a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71a30bc2-590f-4240-b83f-fbd9ac9ac18b}\MpKsl54d346a1.sys [?]
    S1 MpKsl5ae2aefd;MpKsl5ae2aefd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpksl5ae2aefd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKsl5ae2aefd.sys [?]
    S1 MpKsl5af027a4;MpKsl5af027a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\mpksl5af027a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\MpKsl5af027a4.sys [?]
    S1 MpKsl5c7e3a46;MpKsl5c7e3a46;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\mpksl5c7e3a46.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\MpKsl5c7e3a46.sys [?]
    S1 MpKsl6119ad5c;MpKsl6119ad5c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0be688db-88bd-4650-8a29-3321185b0b87}\mpksl6119ad5c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0be688db-88bd-4650-8a29-3321185b0b87}\MpKsl6119ad5c.sys [?]
    S1 MpKsl64e028cc;MpKsl64e028cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\mpksl64e028cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\MpKsl64e028cc.sys [?]
    S1 MpKsl6548a3ab;MpKsl6548a3ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl6548a3ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl6548a3ab.sys [?]
    S1 MpKsl67cc8f84;MpKsl67cc8f84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df6e819f-d471-41ad-816a-8e3272012c8c}\mpksl67cc8f84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df6e819f-d471-41ad-816a-8e3272012c8c}\MpKsl67cc8f84.sys [?]
    S1 MpKsl7025a4f8;MpKsl7025a4f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90bfd792-9bbb-429b-b7bc-caa8119314c2}\mpksl7025a4f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90bfd792-9bbb-429b-b7bc-caa8119314c2}\MpKsl7025a4f8.sys [?]
    S1 MpKsl70318e2b;MpKsl70318e2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpksl70318e2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKsl70318e2b.sys [?]
    S1 MpKsl7083ed96;MpKsl7083ed96;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75286f47-2e11-468a-86be-da03ff9189a8}\mpksl7083ed96.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75286f47-2e11-468a-86be-da03ff9189a8}\MpKsl7083ed96.sys [?]
    S1 MpKsl732dc8e0;MpKsl732dc8e0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e7e5f55-2861-4ba6-b65f-18d4944b2df3}\mpksl732dc8e0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e7e5f55-2861-4ba6-b65f-18d4944b2df3}\MpKsl732dc8e0.sys [?]
    S1 MpKsl768c7bda;MpKsl768c7bda;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl768c7bda.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl768c7bda.sys [?]
    S1 MpKsl77787d3f;MpKsl77787d3f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1990712-a156-4b6f-ad03-41861775a5d1}\mpksl77787d3f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1990712-a156-4b6f-ad03-41861775a5d1}\MpKsl77787d3f.sys [?]
    S1 MpKsl78cc6871;MpKsl78cc6871;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84ed5ba1-e004-4698-82e6-0acbd447d267}\mpksl78cc6871.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84ed5ba1-e004-4698-82e6-0acbd447d267}\MpKsl78cc6871.sys [?]
    S1 MpKsl79c75460;MpKsl79c75460;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\mpksl79c75460.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\MpKsl79c75460.sys [?]
    S1 MpKsl79e45fa2;MpKsl79e45fa2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl79e45fa2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl79e45fa2.sys [?]
    S1 MpKsl7a90b488;MpKsl7a90b488;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\mpksl7a90b488.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\MpKsl7a90b488.sys [?]
    S1 MpKsl7d4b3e1f;MpKsl7d4b3e1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ea3defba-6667-4ea3-9dcc-a6a6b8ff090a}\mpksl7d4b3e1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ea3defba-6667-4ea3-9dcc-a6a6b8ff090a}\MpKsl7d4b3e1f.sys [?]
    S1 MpKsl7fe68586;MpKsl7fe68586;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{051d3654-cf7e-4b18-9541-791490debe58}\mpksl7fe68586.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{051d3654-cf7e-4b18-9541-791490debe58}\MpKsl7fe68586.sys [?]
    S1 MpKsl82c78bea;MpKsl82c78bea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl82c78bea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl82c78bea.sys [?]
    S1 MpKsl8448aac1;MpKsl8448aac1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7f18f56-93f0-4383-ae36-27551fba3821}\mpksl8448aac1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7f18f56-93f0-4383-ae36-27551fba3821}\MpKsl8448aac1.sys [?]
    S1 MpKsl84b23d81;MpKsl84b23d81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec3eeec9-ea37-4e07-9953-5e846c8f4ea3}\mpksl84b23d81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec3eeec9-ea37-4e07-9953-5e846c8f4ea3}\MpKsl84b23d81.sys [?]
    S1 MpKsl85bca496;MpKsl85bca496;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpksl85bca496.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKsl85bca496.sys [?]
    S1 MpKsl86e1d016;MpKsl86e1d016;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aea3f982-5efe-42cc-a03e-af5eddc7e6e1}\mpksl86e1d016.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aea3f982-5efe-42cc-a03e-af5eddc7e6e1}\MpKsl86e1d016.sys [?]
    S1 MpKsl8768a01b;MpKsl8768a01b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0188886c-ac60-43b2-9902-a071e236127d}\mpksl8768a01b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0188886c-ac60-43b2-9902-a071e236127d}\MpKsl8768a01b.sys [?]
    S1 MpKsl882d20e7;MpKsl882d20e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\mpksl882d20e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\MpKsl882d20e7.sys [?]
    S1 MpKsl8978c8ff;MpKsl8978c8ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\mpksl8978c8ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\MpKsl8978c8ff.sys [?]
    S1 MpKsl8c3f1bbe;MpKsl8c3f1bbe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abc1b274-4eea-40ee-aa1d-ed12ab730d21}\mpksl8c3f1bbe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abc1b274-4eea-40ee-aa1d-ed12ab730d21}\MpKsl8c3f1bbe.sys [?]
    S1 MpKsl90b627f9;MpKsl90b627f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5224ae27-05ec-4830-8166-bd2f313343a8}\mpksl90b627f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5224ae27-05ec-4830-8166-bd2f313343a8}\MpKsl90b627f9.sys [?]
    S1 MpKsl90e8f9f7;MpKsl90e8f9f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\mpksl90e8f9f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\MpKsl90e8f9f7.sys [?]
    S1 MpKsl92c15e5d;MpKsl92c15e5d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72b99243-ce89-440f-ae8e-f75f628a9ec6}\mpksl92c15e5d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72b99243-ce89-440f-ae8e-f75f628a9ec6}\MpKsl92c15e5d.sys [?]
    S1 MpKsl9544b421;MpKsl9544b421;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl9544b421.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl9544b421.sys [?]
    S1 MpKsl9991fd1d;MpKsl9991fd1d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl9991fd1d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl9991fd1d.sys [?]
    S1 MpKsl9b7d7549;MpKsl9b7d7549;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\mpksl9b7d7549.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\MpKsl9b7d7549.sys [?]
    S1 MpKsl9bdefa49;MpKsl9bdefa49;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa1ac50e-5eb5-4f32-9242-42512d722391}\mpksl9bdefa49.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa1ac50e-5eb5-4f32-9242-42512d722391}\MpKsl9bdefa49.sys [?]
    S1 MpKsl9cc347cf;MpKsl9cc347cf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dca8e859-376a-435e-a2a9-6ed5ff89d4fd}\mpksl9cc347cf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dca8e859-376a-435e-a2a9-6ed5ff89d4fd}\MpKsl9cc347cf.sys [?]
    S1 MpKsl9fa260f5;MpKsl9fa260f5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl9fa260f5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl9fa260f5.sys [?]
    S1 MpKsla4b8dc0c;MpKsla4b8dc0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksla4b8dc0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsla4b8dc0c.sys [?]
    S1 MpKsla7348050;MpKsla7348050;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\mpksla7348050.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\MpKsla7348050.sys [?]
    S1 MpKsla7e411f6;MpKsla7e411f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df538801-4803-46fb-a244-b8903112fe15}\mpksla7e411f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df538801-4803-46fb-a244-b8903112fe15}\MpKsla7e411f6.sys [?]
    S1 MpKslb0ab3566;MpKslb0ab3566;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\mpkslb0ab3566.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\MpKslb0ab3566.sys [?]
    S1 MpKslb1281781;MpKslb1281781;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpkslb1281781.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKslb1281781.sys [?]
    S1 MpKslb355e44e;MpKslb355e44e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpkslb355e44e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKslb355e44e.sys [?]
    S1 MpKslb81f84c2;MpKslb81f84c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpkslb81f84c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKslb81f84c2.sys [?]
    S1 MpKslb95397a7;MpKslb95397a7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3980db14-2258-4c99-97ab-f0d6087bf5a9}\mpkslb95397a7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3980db14-2258-4c99-97ab-f0d6087bf5a9}\MpKslb95397a7.sys [?]
    S1 MpKslb9c795e4;MpKslb9c795e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpkslb9c795e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKslb9c795e4.sys [?]
    S1 MpKslbde55635;MpKslbde55635;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\mpkslbde55635.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\MpKslbde55635.sys [?]
    S1 MpKslbf6f8607;MpKslbf6f8607;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\mpkslbf6f8607.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\MpKslbf6f8607.sys [?]
    S1 MpKslc005bd54;MpKslc005bd54;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpkslc005bd54.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKslc005bd54.sys [?]
    S1 MpKslc0b7e180;MpKslc0b7e180;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd1d732a-8960-4803-9398-d5741a9476ee}\mpkslc0b7e180.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd1d732a-8960-4803-9398-d5741a9476ee}\MpKslc0b7e180.sys [?]
    S1 MpKslc2d7f383;MpKslc2d7f383;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpkslc2d7f383.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKslc2d7f383.sys [?]
    S1 MpKslc2dc6cfd;MpKslc2dc6cfd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df8f124a-328f-4d37-ba2a-ef364f053703}\mpkslc2dc6cfd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df8f124a-328f-4d37-ba2a-ef364f053703}\MpKslc2dc6cfd.sys [?]
    S1 MpKslc6596daa;MpKslc6596daa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1e01110-0ff9-4b67-9086-4f25800bb87c}\mpkslc6596daa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1e01110-0ff9-4b67-9086-4f25800bb87c}\MpKslc6596daa.sys [?]
    S1 MpKslc695764b;MpKslc695764b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpkslc695764b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKslc695764b.sys [?]
    S1 MpKslc7906ecd;MpKslc7906ecd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f08b84a8-998e-45dc-ad7c-d072cf51791b}\mpkslc7906ecd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f08b84a8-998e-45dc-ad7c-d072cf51791b}\MpKslc7906ecd.sys [?]
    S1 MpKslca1df19b;MpKslca1df19b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpkslca1df19b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKslca1df19b.sys [?]
    S1 MpKslcb48b3c3;MpKslcb48b3c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\mpkslcb48b3c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\MpKslcb48b3c3.sys [?]
    S1 MpKslcba153a8;MpKslcba153a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{46059d0d-bc3c-4612-b7e2-d4678679bf06}\mpkslcba153a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{46059d0d-bc3c-4612-b7e2-d4678679bf06}\MpKslcba153a8.sys [?]
    S1 MpKslcf3e8bb7;MpKslcf3e8bb7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\mpkslcf3e8bb7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\MpKslcf3e8bb7.sys [?]
    S1 MpKsld25bf520;MpKsld25bf520;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c223de1-9632-4e3b-89a5-06948ffbb19b}\mpksld25bf520.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c223de1-9632-4e3b-89a5-06948ffbb19b}\MpKsld25bf520.sys [?]
    S1 MpKsld5c0fda7;MpKsld5c0fda7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\mpksld5c0fda7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\MpKsld5c0fda7.sys [?]
    S1 MpKsld5d71b64;MpKsld5d71b64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5092328-600d-4d8a-b65a-93664d9167e0}\mpksld5d71b64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5092328-600d-4d8a-b65a-93664d9167e0}\MpKsld5d71b64.sys [?]
    S1 MpKsldeb97eb5;MpKsldeb97eb5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\mpksldeb97eb5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\MpKsldeb97eb5.sys [?]
    S1 MpKsle8bae06d;MpKsle8bae06d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\mpksle8bae06d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\MpKsle8bae06d.sys [?]
    S1 MpKslf3edb6ff;MpKslf3edb6ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bff0155e-9692-45e1-80f9-6e05ae582121}\mpkslf3edb6ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bff0155e-9692-45e1-80f9-6e05ae582121}\MpKslf3edb6ff.sys [?]
    S1 MpKslf4c13f00;MpKslf4c13f00;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\mpkslf4c13f00.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\MpKslf4c13f00.sys [?]
    S1 MpKslf59b743e;MpKslf59b743e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\mpkslf59b743e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\MpKslf59b743e.sys [?]
    S1 MpKslf77e9dc5;MpKslf77e9dc5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\mpkslf77e9dc5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\MpKslf77e9dc5.sys [?]
    S1 MpKslfcbbeb9d;MpKslfcbbeb9d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7151093-beef-441b-8684-17175aeeb21c}\mpkslfcbbeb9d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7151093-beef-441b-8684-17175aeeb21c}\MpKslfcbbeb9d.sys [?]
    S1 MpKslff9814ee;MpKslff9814ee;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21e79a59-f5f6-44cb-ad94-5647a0e231b7}\mpkslff9814ee.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21e79a59-f5f6-44cb-ad94-5647a0e231b7}\MpKslff9814ee.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-10-11 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-10-11 398720]
    .
    =============== Created Last 30 ================
    .
    2011-12-18 18:14:05 388096 ----a-r- c:\documents and settings\tom daigle\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-18 18:13:49 -------- d-----w- c:\program files\Trend Micro
    2011-12-18 17:20:33 -------- dc----w- C:\cmdcons
    2011-12-18 17:16:53 98816 ----a-w- c:\windows\sed.exe
    2011-12-18 17:16:53 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-18 17:16:53 256000 ----a-w- c:\windows\PEV.exe
    2011-12-18 17:16:53 208896 ----a-w- c:\windows\MBR.exe
    2011-12-18 17:16:27 -------- dcs---w- C:\ComboFix
    2011-12-18 14:27:27 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl887c3eaa.sys
    2011-12-18 13:34:28 428032 ----a-w- c:\documents and settings\tom daigle\application data\R32tp.exe
    2011-12-18 13:34:00 364032 ----a-w- c:\documents and settings\tom daigle\local settings\application data\mor.exe
    2011-12-18 08:33:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl99c162d1.sys
    2011-12-18 08:33:17 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\offreg.dll
    2011-12-18 08:33:10 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-12-17 09:42:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-09 16:24:48 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-09-28 15:04:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 11:28:33.50 ===============

    ---------
    dds------
    ---------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 DSREPAIR
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Tom Daigle at 11:24:37 on 2011-12-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.572 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\ping.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Steam] "e:\programs\steam\steam.exe" -silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WinDrivxxx.exe] c:\windrivxxx.exe\WinDrivxxx.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QveCtl2Tray] c:\program files\philips\sound agent 2\mc500cpl.exe
    mRun: [WTClient] WTClient.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [P-Install] d:\install\installerp1.exe e
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [WinDrivxxx.exe] c:\windrivxxx.exe\WinDrivxxx.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\finest~1.lnk - c:\windows\installer\{07b222f4-6640-433e-af02-007f5e2cdb9b}\MainIcon.ico
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8185 wireless lan utility\RtWLan.exe
    IE: Free YouTube Download - c:\documents and settings\tom daigle\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\tom daigle\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263522022747
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{261DC9A7-3D04-4395-8049-E425AF5048E7} : DhcpNameServer = 192.168.0.30 192.168.0.1
    TCP: Interfaces\{703E5B80-5D90-4D3F-B7B8-FC672CC13F55} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C7CE0DA3-0FE8-4E49-9CDF-E7CC0B35B6C1} : DhcpNameServer = 192.168.0.30 192.168.0.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: Btmchk - {6DFAF370-0ED5-4D10-A0DC-9C4CEFB707BA} - c:\documents and settings\tom daigle\local settings\temp\adobe\AdobeRdrPlug.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 62.212.84.38 tracker.empornium.us62.212.84.38 download.empornium.us62.212.84.235 www.empornium.us forums.empornium.us empornium.us
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\tom daigle\application data\mozilla\firefox\profiles\14o2zbj5.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\documents and settings\tom daigle\application data\mozilla\firefox\profiles\14o2zbj5.default\extensions\[email protected]\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\tom daigle\application data\mozilla\firefox\profiles\14o2zbj5.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\programs\firefox4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Read It Later: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: SkipScreen: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: tektek.org GaiaOnline Toolbar 2.1: {0df7b3bb-9581-44bb-835f-061a29ec8a46} - %profile%\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
    FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-17 64512]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl887c3eaa;MpKsl887c3eaa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl887c3eaa.sys [2011-12-18 29904]
    R1 MpKsl99c162d1;MpKsl99c162d1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl99c162d1.sys [2011-12-18 29904]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-10-1 38144]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-8 54760]
    R2 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\drivers\uacbflt.sys [2003-7-16 15104]
    R3 psa500;Sound Agent 2 for Audio Set (WDM);c:\windows\system32\drivers\psa500.sys [2010-1-16 414976]
    R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [2010-1-16 16256]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-1-14 1390976]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
    S1 MpKsl02066459;MpKsl02066459;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\mpksl02066459.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\MpKsl02066459.sys [?]
    S1 MpKsl079ff7ef;MpKsl079ff7ef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl079ff7ef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl079ff7ef.sys [?]
    S1 MpKsl080684f6;MpKsl080684f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{063d0995-a04b-4e26-886e-87e60ee6ded3}\mpksl080684f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{063d0995-a04b-4e26-886e-87e60ee6ded3}\MpKsl080684f6.sys [?]
    S1 MpKsl0d163b2e;MpKsl0d163b2e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpksl0d163b2e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKsl0d163b2e.sys [?]
    S1 MpKsl1125ad8c;MpKsl1125ad8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl1125ad8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl1125ad8c.sys [?]
    S1 MpKsl1537001d;MpKsl1537001d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\mpksl1537001d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\MpKsl1537001d.sys [?]
    S1 MpKsl160fa233;MpKsl160fa233;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\mpksl160fa233.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\MpKsl160fa233.sys [?]
    S1 MpKsl17ea2e91;MpKsl17ea2e91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpksl17ea2e91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKsl17ea2e91.sys [?]
    S1 MpKsl19bb6f32;MpKsl19bb6f32;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5162cf0c-7ceb-493e-a6bc-c720826d5333}\mpksl19bb6f32.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5162cf0c-7ceb-493e-a6bc-c720826d5333}\MpKsl19bb6f32.sys [?]
    S1 MpKsl1f520b51;MpKsl1f520b51;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\mpksl1f520b51.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\MpKsl1f520b51.sys [?]
    S1 MpKsl208ccf2b;MpKsl208ccf2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c30d9e0-2bd2-4e4d-ad47-1a45c527810e}\mpksl208ccf2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c30d9e0-2bd2-4e4d-ad47-1a45c527810e}\MpKsl208ccf2b.sys [?]
    S1 MpKsl22919809;MpKsl22919809;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9b997e2-efaa-46c6-b640-7bbbffa0eb72}\mpksl22919809.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9b997e2-efaa-46c6-b640-7bbbffa0eb72}\MpKsl22919809.sys [?]
    S1 MpKsl261032d1;MpKsl261032d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820343b9-f22f-47aa-bd0c-839b1ac45446}\mpksl261032d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{820343b9-f22f-47aa-bd0c-839b1ac45446}\MpKsl261032d1.sys [?]
    S1 MpKsl286386b0;MpKsl286386b0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl286386b0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl286386b0.sys [?]
    S1 MpKsl2a3e0155;MpKsl2a3e0155;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl2a3e0155.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl2a3e0155.sys [?]
    S1 MpKsl2ad2e169;MpKsl2ad2e169;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpksl2ad2e169.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKsl2ad2e169.sys [?]
    S1 MpKsl2cb92887;MpKsl2cb92887;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec323388-0095-4ad0-bdaa-cd8f23013759}\mpksl2cb92887.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec323388-0095-4ad0-bdaa-cd8f23013759}\MpKsl2cb92887.sys [?]
    S1 MpKsl2cf64bcc;MpKsl2cf64bcc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl2cf64bcc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl2cf64bcc.sys [?]
    S1 MpKsl2cff8af8;MpKsl2cff8af8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\mpksl2cff8af8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\MpKsl2cff8af8.sys [?]
    S1 MpKsl2f6fb540;MpKsl2f6fb540;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\mpksl2f6fb540.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\MpKsl2f6fb540.sys [?]
    S1 MpKsl31c0f7ab;MpKsl31c0f7ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl31c0f7ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl31c0f7ab.sys [?]
    S1 MpKsl31ef50ce;MpKsl31ef50ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1e20fe5-3224-4960-95d7-474a8e07a0f1}\mpksl31ef50ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1e20fe5-3224-4960-95d7-474a8e07a0f1}\MpKsl31ef50ce.sys [?]
    S1 MpKsl33bd5282;MpKsl33bd5282;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\mpksl33bd5282.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\MpKsl33bd5282.sys [?]
    S1 MpKsl38e7fe98;MpKsl38e7fe98;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl38e7fe98.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl38e7fe98.sys [?]
    S1 MpKsl40c1ed45;MpKsl40c1ed45;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\mpksl40c1ed45.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\MpKsl40c1ed45.sys [?]
    S1 MpKsl41f20227;MpKsl41f20227;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df55624-bb03-47df-9263-22d26559f0a2}\mpksl41f20227.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df55624-bb03-47df-9263-22d26559f0a2}\MpKsl41f20227.sys [?]
    S1 MpKsl45aeb636;MpKsl45aeb636;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\mpksl45aeb636.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c97f7ef1-b39c-4460-827d-efe73d34b8f8}\MpKsl45aeb636.sys [?]
    S1 MpKsl47477c29;MpKsl47477c29;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\mpksl47477c29.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\MpKsl47477c29.sys [?]
    S1 MpKsl49b8e9b3;MpKsl49b8e9b3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpksl49b8e9b3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKsl49b8e9b3.sys [?]
    S1 MpKsl49cdc09b;MpKsl49cdc09b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl49cdc09b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl49cdc09b.sys [?]
    S1 MpKsl4a0acef6;MpKsl4a0acef6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl4a0acef6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl4a0acef6.sys [?]
    S1 MpKsl4b1fa8e4;MpKsl4b1fa8e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c30f494-d3e7-4050-a2d1-e2bf29653f55}\mpksl4b1fa8e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c30f494-d3e7-4050-a2d1-e2bf29653f55}\MpKsl4b1fa8e4.sys [?]
    S1 MpKsl4b825923;MpKsl4b825923;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl4b825923.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl4b825923.sys [?]
    S1 MpKsl50cc7d85;MpKsl50cc7d85;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\mpksl50cc7d85.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\MpKsl50cc7d85.sys [?]
    S1 MpKsl52b41502;MpKsl52b41502;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\mpksl52b41502.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\MpKsl52b41502.sys [?]
    S1 MpKsl535556f6;MpKsl535556f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl535556f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl535556f6.sys [?]
    S1 MpKsl54d346a1;MpKsl54d346a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71a30bc2-590f-4240-b83f-fbd9ac9ac18b}\mpksl54d346a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71a30bc2-590f-4240-b83f-fbd9ac9ac18b}\MpKsl54d346a1.sys [?]
    S1 MpKsl5ae2aefd;MpKsl5ae2aefd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpksl5ae2aefd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKsl5ae2aefd.sys [?]
    S1 MpKsl5af027a4;MpKsl5af027a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\mpksl5af027a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a538fe11-b274-4274-85b5-8602cb14d26c}\MpKsl5af027a4.sys [?]
    S1 MpKsl5c7e3a46;MpKsl5c7e3a46;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\mpksl5c7e3a46.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\MpKsl5c7e3a46.sys [?]
    S1 MpKsl6119ad5c;MpKsl6119ad5c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0be688db-88bd-4650-8a29-3321185b0b87}\mpksl6119ad5c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0be688db-88bd-4650-8a29-3321185b0b87}\MpKsl6119ad5c.sys [?]
    S1 MpKsl64e028cc;MpKsl64e028cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\mpksl64e028cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26833407-a58b-485d-8d27-2af8ff31ad4f}\MpKsl64e028cc.sys [?]
    S1 MpKsl6548a3ab;MpKsl6548a3ab;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl6548a3ab.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl6548a3ab.sys [?]
    S1 MpKsl67cc8f84;MpKsl67cc8f84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df6e819f-d471-41ad-816a-8e3272012c8c}\mpksl67cc8f84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df6e819f-d471-41ad-816a-8e3272012c8c}\MpKsl67cc8f84.sys [?]
    S1 MpKsl7025a4f8;MpKsl7025a4f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90bfd792-9bbb-429b-b7bc-caa8119314c2}\mpksl7025a4f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90bfd792-9bbb-429b-b7bc-caa8119314c2}\MpKsl7025a4f8.sys [?]
    S1 MpKsl70318e2b;MpKsl70318e2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpksl70318e2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKsl70318e2b.sys [?]
    S1 MpKsl7083ed96;MpKsl7083ed96;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75286f47-2e11-468a-86be-da03ff9189a8}\mpksl7083ed96.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75286f47-2e11-468a-86be-da03ff9189a8}\MpKsl7083ed96.sys [?]
    S1 MpKsl732dc8e0;MpKsl732dc8e0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e7e5f55-2861-4ba6-b65f-18d4944b2df3}\mpksl732dc8e0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e7e5f55-2861-4ba6-b65f-18d4944b2df3}\MpKsl732dc8e0.sys [?]
    S1 MpKsl768c7bda;MpKsl768c7bda;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\mpksl768c7bda.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5923216-f4ec-4938-a883-bb5e6e7e06fe}\MpKsl768c7bda.sys [?]
    S1 MpKsl77787d3f;MpKsl77787d3f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1990712-a156-4b6f-ad03-41861775a5d1}\mpksl77787d3f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1990712-a156-4b6f-ad03-41861775a5d1}\MpKsl77787d3f.sys [?]
    S1 MpKsl78cc6871;MpKsl78cc6871;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84ed5ba1-e004-4698-82e6-0acbd447d267}\mpksl78cc6871.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84ed5ba1-e004-4698-82e6-0acbd447d267}\MpKsl78cc6871.sys [?]
    S1 MpKsl79c75460;MpKsl79c75460;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\mpksl79c75460.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{378d270f-0ec6-4173-8479-fdc84a524045}\MpKsl79c75460.sys [?]
    S1 MpKsl79e45fa2;MpKsl79e45fa2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl79e45fa2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl79e45fa2.sys [?]
    S1 MpKsl7a90b488;MpKsl7a90b488;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\mpksl7a90b488.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\MpKsl7a90b488.sys [?]
    S1 MpKsl7d4b3e1f;MpKsl7d4b3e1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ea3defba-6667-4ea3-9dcc-a6a6b8ff090a}\mpksl7d4b3e1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ea3defba-6667-4ea3-9dcc-a6a6b8ff090a}\MpKsl7d4b3e1f.sys [?]
    S1 MpKsl7fe68586;MpKsl7fe68586;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{051d3654-cf7e-4b18-9541-791490debe58}\mpksl7fe68586.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{051d3654-cf7e-4b18-9541-791490debe58}\MpKsl7fe68586.sys [?]
    S1 MpKsl82c78bea;MpKsl82c78bea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpksl82c78bea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKsl82c78bea.sys [?]
    S1 MpKsl8448aac1;MpKsl8448aac1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7f18f56-93f0-4383-ae36-27551fba3821}\mpksl8448aac1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7f18f56-93f0-4383-ae36-27551fba3821}\MpKsl8448aac1.sys [?]
    S1 MpKsl84b23d81;MpKsl84b23d81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec3eeec9-ea37-4e07-9953-5e846c8f4ea3}\mpksl84b23d81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec3eeec9-ea37-4e07-9953-5e846c8f4ea3}\MpKsl84b23d81.sys [?]
    S1 MpKsl85bca496;MpKsl85bca496;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpksl85bca496.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKsl85bca496.sys [?]
    S1 MpKsl86e1d016;MpKsl86e1d016;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aea3f982-5efe-42cc-a03e-af5eddc7e6e1}\mpksl86e1d016.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aea3f982-5efe-42cc-a03e-af5eddc7e6e1}\MpKsl86e1d016.sys [?]
    S1 MpKsl8768a01b;MpKsl8768a01b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0188886c-ac60-43b2-9902-a071e236127d}\mpksl8768a01b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0188886c-ac60-43b2-9902-a071e236127d}\MpKsl8768a01b.sys [?]
    S1 MpKsl882d20e7;MpKsl882d20e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\mpksl882d20e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d03c9530-3116-45aa-ae7e-25ed111ef419}\MpKsl882d20e7.sys [?]
    S1 MpKsl8978c8ff;MpKsl8978c8ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\mpksl8978c8ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\MpKsl8978c8ff.sys [?]
    S1 MpKsl8c3f1bbe;MpKsl8c3f1bbe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abc1b274-4eea-40ee-aa1d-ed12ab730d21}\mpksl8c3f1bbe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abc1b274-4eea-40ee-aa1d-ed12ab730d21}\MpKsl8c3f1bbe.sys [?]
    S1 MpKsl90b627f9;MpKsl90b627f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5224ae27-05ec-4830-8166-bd2f313343a8}\mpksl90b627f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5224ae27-05ec-4830-8166-bd2f313343a8}\MpKsl90b627f9.sys [?]
    S1 MpKsl90e8f9f7;MpKsl90e8f9f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\mpksl90e8f9f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7c930b6-9e91-4073-8e99-6d886ac3eb39}\MpKsl90e8f9f7.sys [?]
    S1 MpKsl92c15e5d;MpKsl92c15e5d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72b99243-ce89-440f-ae8e-f75f628a9ec6}\mpksl92c15e5d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72b99243-ce89-440f-ae8e-f75f628a9ec6}\MpKsl92c15e5d.sys [?]
    S1 MpKsl9544b421;MpKsl9544b421;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksl9544b421.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsl9544b421.sys [?]
    S1 MpKsl9991fd1d;MpKsl9991fd1d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl9991fd1d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl9991fd1d.sys [?]
    S1 MpKsl9b7d7549;MpKsl9b7d7549;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\mpksl9b7d7549.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\MpKsl9b7d7549.sys [?]
    S1 MpKsl9bdefa49;MpKsl9bdefa49;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa1ac50e-5eb5-4f32-9242-42512d722391}\mpksl9bdefa49.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa1ac50e-5eb5-4f32-9242-42512d722391}\MpKsl9bdefa49.sys [?]
    S1 MpKsl9cc347cf;MpKsl9cc347cf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dca8e859-376a-435e-a2a9-6ed5ff89d4fd}\mpksl9cc347cf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dca8e859-376a-435e-a2a9-6ed5ff89d4fd}\MpKsl9cc347cf.sys [?]
    S1 MpKsl9fa260f5;MpKsl9fa260f5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpksl9fa260f5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKsl9fa260f5.sys [?]
    S1 MpKsla4b8dc0c;MpKsla4b8dc0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\mpksla4b8dc0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e56b6518-f1ae-4b87-869e-420b0ea27768}\MpKsla4b8dc0c.sys [?]
    S1 MpKsla7348050;MpKsla7348050;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\mpksla7348050.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f72fe5b-7ff9-4d01-abca-c55d4c13f28f}\MpKsla7348050.sys [?]
    S1 MpKsla7e411f6;MpKsla7e411f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df538801-4803-46fb-a244-b8903112fe15}\mpksla7e411f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df538801-4803-46fb-a244-b8903112fe15}\MpKsla7e411f6.sys [?]
    S1 MpKslb0ab3566;MpKslb0ab3566;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\mpkslb0ab3566.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\MpKslb0ab3566.sys [?]
    S1 MpKslb1281781;MpKslb1281781;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpkslb1281781.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKslb1281781.sys [?]
    S1 MpKslb355e44e;MpKslb355e44e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpkslb355e44e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKslb355e44e.sys [?]
    S1 MpKslb81f84c2;MpKslb81f84c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpkslb81f84c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKslb81f84c2.sys [?]
    S1 MpKslb95397a7;MpKslb95397a7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3980db14-2258-4c99-97ab-f0d6087bf5a9}\mpkslb95397a7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3980db14-2258-4c99-97ab-f0d6087bf5a9}\MpKslb95397a7.sys [?]
    S1 MpKslb9c795e4;MpKslb9c795e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\mpkslb9c795e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{727ef031-2a42-4968-b356-216980da2ca3}\MpKslb9c795e4.sys [?]
    S1 MpKslbde55635;MpKslbde55635;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\mpkslbde55635.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7b3381f-e440-41e6-918e-d33bb5e6ec30}\MpKslbde55635.sys [?]
    S1 MpKslbf6f8607;MpKslbf6f8607;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\mpkslbf6f8607.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcef9835-892e-47f9-b6b4-e74facb9c01c}\MpKslbf6f8607.sys [?]
    S1 MpKslc005bd54;MpKslc005bd54;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\mpkslc005bd54.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c816b8b-1afd-4f82-bb38-aff2c6b0653b}\MpKslc005bd54.sys [?]
    S1 MpKslc0b7e180;MpKslc0b7e180;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd1d732a-8960-4803-9398-d5741a9476ee}\mpkslc0b7e180.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd1d732a-8960-4803-9398-d5741a9476ee}\MpKslc0b7e180.sys [?]
    S1 MpKslc2d7f383;MpKslc2d7f383;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\mpkslc2d7f383.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8830e841-f41e-43cd-be7d-615dd549ef1e}\MpKslc2d7f383.sys [?]
    S1 MpKslc2dc6cfd;MpKslc2dc6cfd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df8f124a-328f-4d37-ba2a-ef364f053703}\mpkslc2dc6cfd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df8f124a-328f-4d37-ba2a-ef364f053703}\MpKslc2dc6cfd.sys [?]
    S1 MpKslc6596daa;MpKslc6596daa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1e01110-0ff9-4b67-9086-4f25800bb87c}\mpkslc6596daa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1e01110-0ff9-4b67-9086-4f25800bb87c}\MpKslc6596daa.sys [?]
    S1 MpKslc695764b;MpKslc695764b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\mpkslc695764b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{458f666e-890e-4fa1-8f74-e5d325dfcd13}\MpKslc695764b.sys [?]
    S1 MpKslc7906ecd;MpKslc7906ecd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f08b84a8-998e-45dc-ad7c-d072cf51791b}\mpkslc7906ecd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f08b84a8-998e-45dc-ad7c-d072cf51791b}\MpKslc7906ecd.sys [?]
    S1 MpKslca1df19b;MpKslca1df19b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\mpkslca1df19b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c960072-2fbb-4cb3-aa41-3b35be059a35}\MpKslca1df19b.sys [?]
    S1 MpKslcb48b3c3;MpKslcb48b3c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\mpkslcb48b3c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c627d0a-a7a7-4ec4-8638-6a26cad1913b}\MpKslcb48b3c3.sys [?]
    S1 MpKslcba153a8;MpKslcba153a8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{46059d0d-bc3c-4612-b7e2-d4678679bf06}\mpkslcba153a8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{46059d0d-bc3c-4612-b7e2-d4678679bf06}\MpKslcba153a8.sys [?]
    S1 MpKslcf3e8bb7;MpKslcf3e8bb7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\mpkslcf3e8bb7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27aeb38f-885d-4a3d-b724-89f568c7925a}\MpKslcf3e8bb7.sys [?]
    S1 MpKsld25bf520;MpKsld25bf520;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c223de1-9632-4e3b-89a5-06948ffbb19b}\mpksld25bf520.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1c223de1-9632-4e3b-89a5-06948ffbb19b}\MpKsld25bf520.sys [?]
    S1 MpKsld5c0fda7;MpKsld5c0fda7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\mpksld5c0fda7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\MpKsld5c0fda7.sys [?]
    S1 MpKsld5d71b64;MpKsld5d71b64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5092328-600d-4d8a-b65a-93664d9167e0}\mpksld5d71b64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5092328-600d-4d8a-b65a-93664d9167e0}\MpKsld5d71b64.sys [?]
    S1 MpKsldeb97eb5;MpKsldeb97eb5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\mpksldeb97eb5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4e140276-f521-4ffc-944a-85ddbe8650bb}\MpKsldeb97eb5.sys [?]
    S1 MpKsle8bae06d;MpKsle8bae06d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\mpksle8bae06d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c99c58f-4db9-4f21-81e2-d7f0e652216f}\MpKsle8bae06d.sys [?]
    S1 MpKslf3edb6ff;MpKslf3edb6ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bff0155e-9692-45e1-80f9-6e05ae582121}\mpkslf3edb6ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bff0155e-9692-45e1-80f9-6e05ae582121}\MpKslf3edb6ff.sys [?]
    S1 MpKslf4c13f00;MpKslf4c13f00;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\mpkslf4c13f00.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12cb8543-71dd-462c-8f78-396985279a79}\MpKslf4c13f00.sys [?]
    S1 MpKslf59b743e;MpKslf59b743e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\mpkslf59b743e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8acda626-cac5-49c6-b37b-339b3ae0dd2a}\MpKslf59b743e.sys [?]
    S1 MpKslf77e9dc5;MpKslf77e9dc5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\mpkslf77e9dc5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f61e50f-1cd7-4a41-a00e-2fdcb1fd3894}\MpKslf77e9dc5.sys [?]
    S1 MpKslfcbbeb9d;MpKslfcbbeb9d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7151093-beef-441b-8684-17175aeeb21c}\mpkslfcbbeb9d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7151093-beef-441b-8684-17175aeeb21c}\MpKslfcbbeb9d.sys [?]
    S1 MpKslff9814ee;MpKslff9814ee;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21e79a59-f5f6-44cb-ad94-5647a0e231b7}\mpkslff9814ee.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21e79a59-f5f6-44cb-ad94-5647a0e231b7}\MpKslff9814ee.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-24 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-10-11 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-10-11 398720]
    .
    =============== Created Last 30 ================
    .
    2011-12-18 18:14:05 388096 ----a-r- c:\documents and settings\tom daigle\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-18 18:13:49 -------- d-----w- c:\program files\Trend Micro
    2011-12-18 17:20:33 -------- dc----w- C:\cmdcons
    2011-12-18 17:16:53 98816 ----a-w- c:\windows\sed.exe
    2011-12-18 17:16:53 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-18 17:16:53 256000 ----a-w- c:\windows\PEV.exe
    2011-12-18 17:16:53 208896 ----a-w- c:\windows\MBR.exe
    2011-12-18 17:16:27 -------- dcs---w- C:\ComboFix
    2011-12-18 14:27:27 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl887c3eaa.sys
    2011-12-18 13:34:28 428032 ----a-w- c:\documents and settings\tom daigle\application data\R32tp.exe
    2011-12-18 13:34:00 364032 ----a-w- c:\documents and settings\tom daigle\local settings\application data\mor.exe
    2011-12-18 08:33:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\MpKsl99c162d1.sys
    2011-12-18 08:33:17 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\offreg.dll
    2011-12-18 08:33:10 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfa5c0d5-451c-4efe-b9b3-355093ba245d}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-12-17 09:42:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-09 16:24:48 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-09-28 15:04:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 11:28:33.50 ===============

    --------
    Gmer
    --------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-18 20:04:42
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721010CLA332 rev.JP4OA25C
    Running: joqwd9vu.exe; Driver: C:\DOCUME~1\TOMDAI~1\LOCALS~1\Temp\pxldipob.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ipsec.sys B4359000 47 Bytes [B4, FF, B5, 04, FF, FF, FF, ...]
    .text ipsec.sys B4359030 5 Bytes [FF, FF, E8, E5, FC]
    .text ipsec.sys B4359037 120 Bytes [6A, 40, 57, 53, 68, 54, 7C, ...]
    .text ipsec.sys B43590B0 68 Bytes [B5, 04, FF, FF, FF, E8, 8E, ...]
    .text ipsec.sys B43590F5 20 Bytes [00, 69, 00, 6E, 00, 65, 00, ...]
    .text ...
    ? C:\WINDOWS\System32\DRIVERS\ipsec.sys suspicious PE modification

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A
    .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF000A
    .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FD000C
    .text C:\WINDOWS\System32\ping.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\System32\ping.exe[1468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\System32\ping.exe[1468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
    .text C:\WINDOWS\System32\ping.exe[1468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
    .text C:\WINDOWS\System32\ping.exe[1468] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
    .text C:\WINDOWS\System32\ping.exe[1468] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00C1000A
    .text C:\WINDOWS\System32\ping.exe[1468] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C2000A
    .text C:\WINDOWS\System32\ping.exe[1468] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C3000A
    .text C:\WINDOWS\System32\ping.exe[1468] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00C0000A

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B436B000-B4385000 (106496 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x51 0x0D 0xA7 0x5E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x6C 0x3F 0xED 0x47 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA1 0xCC 0x6C 0xB3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xF6 0xC2 0x0C 0x32 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x51 0x0D 0xA7 0x5E ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x6C 0x3F 0xED 0x47 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA1 0xCC 0x6C 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xF6 0xC2 0x0C 0x32 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\search[3] 990 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\search[4] 842 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\related-posts[1].gif 145 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\show_ads[1].js 13115 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\default[1].jpg 3519 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\default[2].jpg 2249 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\adview[1].txt 0 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\ads[1].htm 2787 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\A3B40O0E\ads[2].htm 4812 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\B02QOLM8\csearch[1].css 1875 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\B02QOLM8\jquery.min[3].js 57254 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\DQ7XPFEB\intl-flags[1].gif 3648 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\DQ7XPFEB\231-48580214_ampnetwork_net[1].htm 4476 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\init[1] 12503 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\how_to_crack_a_sentry_safe[1].htm 58738 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\plusoneclick[1].js 425 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\corporate_641c5699[1].png 34441 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\Sentry_Safe_Combination[1].htm 35634 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\article-preview_ehow_images_a07_4u_0i_open-combination-safe-only-key-800x800[1].jpg 1879 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\article-preview_ehow_images_ehow_cat_home-design-decoration_home-design-decoration2[1].jpg 3104 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\article_indieclicktest-4ffa531e[1].js 1616 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\an[1].gif 43 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\E8ZRC61E\layout_17ccc96a[1].png 17518 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\G6NGVSM1\ads[4].htm 5743 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\G6NGVSM1\mr120110903090629genlink[1].js 21 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\G6NGVSM1\pixel[2].gif 43 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\G6NGVSM1\gradients_light[1].png 1147 bytes
    File C:\Documents and Settings\Tom Daigle\Local Settings\Temporary Internet Files\Content.IE5\L33311N2\google_ads[1].js 50252 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458 0 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\bckfg.tmp 1000 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\cfg.ini 199 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\keywords 272 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\L\akygdmgo 75264 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U\[email protected] 2048 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U\[email protected] 224768 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U\0000[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U\[email protected] 12800 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1346655458\U\[email protected] 98304 bytes
    File C:\WINDOWS\$NtUninstallKB1190$\1361053376 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    This issue is still unresolved, any help would be welcome.

    Some new information:
    1. computer will flash BSOD and crash if I attempt to start in normal windows.
    2. I attempted to restore the computer to a week before infection but nothing changed.
     
  5. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    bump
    RTWLAN.exe (my wireless card driver) now refuses to work. It wont connect to the network and whenevever I attempt to fix this I get a drwatson message. The program continues to run but I cannot connect to anything. I am without internet on the computer

    After this i looked for how to remove rootkits,
    I have downloaded rootkitrevealer and can post a log from it as well if desired, it revealed various suspicious files however I do not know what to do with them.

    I installed and ran RuBotted but it did not find anything.

    I would at this point reinstall windows but my father recently passed away and he wasthe only one who knew where the windows cd was.
    google revealed that you can reinstall from a file in the c drive, would that work? it seems like that would be the first place the rootkit would copy itself to.
     
  6. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    You have ZeroAccess Rootkit infectioin, If you have no connection you will have to download the following on another PC and transfer to the Desktop of the infected one:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  8. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    Thanks for the reply! especially just before Christmas. Here's the log.
    Security Essentials still crashes on start and RTWLAN.exe still crashes before it connects to the network.
    After the first scan completed I ran it a second time and nothing came up.

    ----------
    ComboFix 11-12-22.04 - Tom Daigle 12/23/2011 22:56:31.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1183 [GMT -7:00]
    Running from: c:\documents and settings\Tom Daigle\Desktop\Gotcha.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Tom Daigle\_r_a_p_.tmp
    c:\documents and settings\Tom Daigle\Application Data\EurekaLog
    c:\documents and settings\Tom Daigle\Application Data\PriceGong
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Tom Daigle\Application Data\PriceGong\Data\z.xml
    C:\Documents
    c:\program files\Common Files\winafx.log
    c:\windows\$NtUninstallKB1190$
    c:\windows\$NtUninstallKB1190$\1346655458\@
    c:\windows\$NtUninstallKB1190$\1346655458\bckfg.tmp
    c:\windows\$NtUninstallKB1190$\1346655458\cfg.ini
    c:\windows\$NtUninstallKB1190$\1346655458\Desktop.ini
    c:\windows\$NtUninstallKB1190$\1346655458\keywords
    c:\windows\$NtUninstallKB1190$\1346655458\L\akygdmgo
    c:\windows\$NtUninstallKB1190$\1346655458\U\[email protected]
    c:\windows\$NtUninstallKB1190$\1346655458\U\[email protected]
    c:\windows\$NtUninstallKB1190$\1346655458\U\[email protected]
    c:\windows\$NtUninstallKB1190$\1346655458\U\[email protected]
    c:\windows\$NtUninstallKB1190$\1346655458\U\[email protected]
    c:\windows\$NtUninstallKB1190$\1346655458\U\[email protected]
    c:\windows\$NtUninstallKB1190$\1361053376
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\OLDAE.tmp
    c:\windows\system32\OLDAF.tmp
    c:\windows\system32\OLDB0.tmp
    c:\windows\system32\OLDB1.tmp
    c:\windows\system32\OLDB2.tmp
    c:\windows\system32\OLDB3.tmp
    c:\windows\system32\OLDB4.tmp
    c:\windows\system32\OLDB5.tmp
    c:\windows\system32\OLDB6.tmp
    c:\windows\system32\OLDB7.tmp
    c:\windows\system32\oobe\isperror
    c:\windows\system32\oobe\isperror\ispcnerr.htm
    c:\windows\system32\oobe\isperror\ispdtone.htm
    c:\windows\system32\oobe\isperror\isphdshk.htm
    c:\windows\system32\oobe\isperror\ispins.htm
    c:\windows\system32\oobe\isperror\ispnoanw.htm
    c:\windows\system32\oobe\isperror\isppberr.htm
    c:\windows\system32\oobe\isperror\ispphbsy.htm
    c:\windows\system32\oobe\isperror\ispsbusy.htm
    c:\windows\system32\SET1F.tmp
    c:\windows\system32\SET20.tmp
    c:\windows\system32\SET21.tmp
    c:\windows\system32\SET25.tmp
    c:\windows\system32\SET26.tmp
    c:\windows\system32\SET27.tmp
    c:\windows\system32\SET2B.tmp
    c:\windows\system32\SET2D.tmp
    c:\windows\system32\SET5F.tmp
    c:\windows\system32\SET6D.tmp
    c:\windows\system32\SET6F.tmp
    c:\windows\system32\SET73.tmp
    c:\windows\system32\SET75.tmp
    c:\windows\system32\SET8D.tmp
    c:\windows\system32\SET8F.tmp
    c:\windows\system32\SET91.tmp
    c:\windows\system32\SET95.tmp
    c:\windows\system32\SET97.tmp
    c:\windows\system32\SETA3.tmp
    c:\windows\system32\ST~88.tmp
    c:\windows\system32\ST~89.tmp
    c:\windrivxxx.exe\WinDrivxxx.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_UacFlt
    -------\Legacy_MpKsl02066459
    -------\Legacy_MpKsl079ff7ef
    -------\Legacy_MpKsl080684f6
    -------\Legacy_MpKsl08bf6063
    -------\Legacy_MpKsl0d163b2e
    -------\Legacy_MpKsl1125ad8c
    -------\Legacy_MpKsl1537001d
    -------\Legacy_MpKsl160fa233
    -------\Legacy_MpKsl17ea2e91
    -------\Legacy_MpKsl19bb6f32
    -------\Legacy_MpKsl1f520b51
    -------\Legacy_MpKsl208ccf2b
    -------\Legacy_MpKsl22919809
    -------\Legacy_MpKsl261032d1
    -------\Legacy_MpKsl286386b0
    -------\Legacy_MpKsl2a3e0155
    -------\Legacy_MpKsl2ad2e169
    -------\Legacy_MpKsl2cb92887
    -------\Legacy_MpKsl2cf64bcc
    -------\Legacy_MpKsl2cff8af8
    -------\Legacy_MpKsl2f6fb540
    -------\Legacy_MpKsl31c0f7ab
    -------\Legacy_MpKsl31ef50ce
    -------\Legacy_MpKsl33bd5282
    -------\Legacy_MpKsl38e7fe98
    -------\Legacy_MpKsl40c1ed45
    -------\Legacy_MpKsl41f20227
    -------\Legacy_MpKsl45aeb636
    -------\Legacy_MpKsl47477c29
    -------\Legacy_MpKsl49b8e9b3
    -------\Legacy_MpKsl49cdc09b
    -------\Legacy_MpKsl4a0acef6
    -------\Legacy_MpKsl4b1fa8e4
    -------\Legacy_MpKsl4b825923
    -------\Legacy_MpKsl50cc7d85
    -------\Legacy_MpKsl52b41502
    -------\Legacy_MpKsl535556f6
    -------\Legacy_MpKsl54d346a1
    -------\Legacy_MpKsl5ae2aefd
    -------\Legacy_MpKsl5af027a4
    -------\Legacy_MpKsl5c7e3a46
    -------\Legacy_MpKsl5f23d93b
    -------\Legacy_MpKsl6119ad5c
    -------\Legacy_MpKsl64e028cc
    -------\Legacy_MpKsl6548a3ab
    -------\Legacy_MpKsl67cc8f84
    -------\Legacy_MpKsl7025a4f8
    -------\Legacy_MpKsl70318e2b
    -------\Legacy_MpKsl7083ed96
    -------\Legacy_MpKsl732dc8e0
    -------\Legacy_MpKsl768c7bda
    -------\Legacy_MpKsl77787d3f
    -------\Legacy_MpKsl78cc6871
    -------\Legacy_MpKsl79c75460
    -------\Legacy_MpKsl79e45fa2
    -------\Legacy_MpKsl7a90b488
    -------\Legacy_MpKsl7d4b3e1f
    -------\Legacy_MpKsl7fe68586
    -------\Legacy_MpKsl82c78bea
    -------\Legacy_MpKsl8448aac1
    -------\Legacy_MpKsl84b23d81
    -------\Legacy_MpKsl85bca496
    -------\Legacy_MpKsl86e1d016
    -------\Legacy_MpKsl8768a01b
    -------\Legacy_MpKsl882d20e7
    -------\Legacy_MpKsl8978c8ff
    -------\Legacy_MpKsl8c3f1bbe
    -------\Legacy_MpKsl90b627f9
    -------\Legacy_MpKsl90e8f9f7
    -------\Legacy_MpKsl9544b421
    -------\Legacy_MpKsl9991fd1d
    -------\Legacy_MpKsl9b7d7549
    -------\Legacy_MpKsl9bdefa49
    -------\Legacy_MpKsl9cc347cf
    -------\Legacy_MpKsl9fa260f5
    -------\Legacy_MpKsla4b8dc0c
    -------\Legacy_MpKsla7348050
    -------\Legacy_MpKsla7e411f6
    -------\Legacy_MpKslb0ab3566
    -------\Legacy_MpKslb1281781
    -------\Legacy_MpKslb355e44e
    -------\Legacy_MpKslb81f84c2
    -------\Legacy_MpKslb95397a7
    -------\Legacy_MpKslb9c795e4
    -------\Legacy_MpKslbde55635
    -------\Legacy_MpKslbf6f8607
    -------\Legacy_MpKslc005bd54
    -------\Legacy_MpKslc0b7e180
    -------\Legacy_MpKslc2d7f383
    -------\Legacy_MpKslc2dc6cfd
    -------\Legacy_MpKslc6596daa
    -------\Legacy_MpKslc6647ab6
    -------\Legacy_MpKslc695764b
    -------\Legacy_MpKslc7906ecd
    -------\Legacy_MpKslca1df19b
    -------\Legacy_MpKslcb48b3c3
    -------\Legacy_MpKslcba153a8
    -------\Legacy_MpKslcf3e8bb7
    -------\Legacy_MpKsld25bf520
    -------\Legacy_MpKsld5c0fda7
    -------\Legacy_MpKsld5d71b64
    -------\Legacy_MpKsldeb97eb5
    -------\Legacy_MpKsle8bae06d
    -------\Legacy_MpKslf3edb6ff
    -------\Legacy_MpKslf4c13f00
    -------\Legacy_MpKslf59b743e
    -------\Legacy_MpKslf77e9dc5
    -------\Legacy_MpKslfcbbeb9d
    -------\Legacy_MpKslff9814ee
    -------\Service_MpKsl02066459
    -------\Service_MpKsl079ff7ef
    -------\Service_MpKsl080684f6
    -------\Service_MpKsl08bf6063
    -------\Service_MpKsl0d163b2e
    -------\Service_MpKsl1125ad8c
    -------\Service_MpKsl1537001d
    -------\Service_MpKsl160fa233
    -------\Service_MpKsl17ea2e91
    -------\Service_MpKsl19bb6f32
    -------\Service_MpKsl1f520b51
    -------\Service_MpKsl208ccf2b
    -------\Service_MpKsl22919809
    -------\Service_MpKsl261032d1
    -------\Service_MpKsl286386b0
    -------\Service_MpKsl2a3e0155
    -------\Service_MpKsl2ad2e169
    -------\Service_MpKsl2cb92887
    -------\Service_MpKsl2cf64bcc
    -------\Service_MpKsl2cff8af8
    -------\Service_MpKsl2f6fb540
    -------\Service_MpKsl31c0f7ab
    -------\Service_MpKsl31ef50ce
    -------\Service_MpKsl33bd5282
    -------\Service_MpKsl38e7fe98
    -------\Service_MpKsl40c1ed45
    -------\Service_MpKsl41f20227
    -------\Service_MpKsl45aeb636
    -------\Service_MpKsl47477c29
    -------\Service_MpKsl49b8e9b3
    -------\Service_MpKsl49cdc09b
    -------\Service_MpKsl4a0acef6
    -------\Service_MpKsl4b1fa8e4
    -------\Service_MpKsl4b825923
    -------\Service_MpKsl50cc7d85
    -------\Service_MpKsl52b41502
    -------\Service_MpKsl535556f6
    -------\Service_MpKsl54d346a1
    -------\Service_MpKsl5ae2aefd
    -------\Service_MpKsl5af027a4
    -------\Service_MpKsl5c7e3a46
    -------\Service_MpKsl5f23d93b
    -------\Service_MpKsl6119ad5c
    -------\Service_MpKsl64e028cc
    -------\Service_MpKsl6548a3ab
    -------\Service_MpKsl67cc8f84
    -------\Service_MpKsl7025a4f8
    -------\Service_MpKsl70318e2b
    -------\Service_MpKsl7083ed96
    -------\Service_MpKsl732dc8e0
    -------\Service_MpKsl768c7bda
    -------\Service_MpKsl77787d3f
    -------\Service_MpKsl78cc6871
    -------\Service_MpKsl79c75460
    -------\Service_MpKsl79e45fa2
    -------\Service_MpKsl7a90b488
    -------\Service_MpKsl7d4b3e1f
    -------\Service_MpKsl7fe68586
    -------\Service_MpKsl82c78bea
    -------\Service_MpKsl8448aac1
    -------\Service_MpKsl84b23d81
    -------\Service_MpKsl85bca496
    -------\Service_MpKsl86e1d016
    -------\Service_MpKsl8768a01b
    -------\Service_MpKsl882d20e7
    -------\Service_MpKsl8978c8ff
    -------\Service_MpKsl8c3f1bbe
    -------\Service_MpKsl90b627f9
    -------\Service_MpKsl90e8f9f7
    -------\Service_MpKsl92c15e5d
    -------\Service_MpKsl9544b421
    -------\Service_MpKsl9991fd1d
    -------\Service_MpKsl9b7d7549
    -------\Service_MpKsl9bdefa49
    -------\Service_MpKsl9cc347cf
    -------\Service_MpKsl9fa260f5
    -------\Service_MpKsla4b8dc0c
    -------\Service_MpKsla7348050
    -------\Service_MpKsla7e411f6
    -------\Service_MpKslb0ab3566
    -------\Service_MpKslb1281781
    -------\Service_MpKslb355e44e
    -------\Service_MpKslb81f84c2
    -------\Service_MpKslb95397a7
    -------\Service_MpKslb9c795e4
    -------\Service_MpKslbde55635
    -------\Service_MpKslbf6f8607
    -------\Service_MpKslc005bd54
    -------\Service_MpKslc0b7e180
    -------\Service_MpKslc2d7f383
    -------\Service_MpKslc2dc6cfd
    -------\Service_MpKslc6596daa
    -------\Service_MpKslc6647ab6
    -------\Service_MpKslc695764b
    -------\Service_MpKslc7906ecd
    -------\Service_MpKslca1df19b
    -------\Service_MpKslcb48b3c3
    -------\Service_MpKslcba153a8
    -------\Service_MpKslcf3e8bb7
    -------\Service_MpKsld25bf520
    -------\Service_MpKsld5c0fda7
    -------\Service_MpKsld5d71b64
    -------\Service_MpKsldeb97eb5
    -------\Service_MpKsle8bae06d
    -------\Service_MpKslf3edb6ff
    -------\Service_MpKslf4c13f00
    -------\Service_MpKslf59b743e
    -------\Service_MpKslf77e9dc5
    -------\Service_MpKslfcbbeb9d
    -------\Service_MpKslff9814ee
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-24 06:20 . 2011-12-24 06:20 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl459ad035.sys
    2011-12-24 05:49 . 2008-04-13 18:36 187776 -c--a-w- c:\windows\system32\dllcache\acpi.sys
    2011-12-24 05:49 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    2011-12-23 08:21 . 2011-12-23 08:21 -------- dc----w- C:\Boot
    2011-12-23 02:51 . 2011-12-23 02:51 54016 ----a-w- c:\windows\system32\drivers\cumleqg.sys
    2011-12-22 23:46 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-22 23:46 . 2011-12-22 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-22 23:13 . 2011-12-22 23:13 -------- d-----w- c:\documents and settings\Tom Daigle\Application Data\InstallShield
    2011-12-22 20:54 . 2011-12-22 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
    2011-12-22 20:49 . 2011-12-22 20:49 -------- d-----w- c:\program files\WinPcap
    2011-12-21 23:55 . 2011-12-17 04:51 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-12-21 23:55 . 2011-12-17 04:51 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-12-21 23:55 . 2011-12-17 04:51 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-12-21 23:55 . 2011-12-17 04:51 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-12-21 23:55 . 2011-12-17 04:51 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2011-12-21 23:55 . 2011-12-17 04:51 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-12-21 23:55 . 2011-12-17 04:51 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-12-21 23:55 . 2011-12-17 01:20 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-12-21 23:55 . 2011-12-17 01:20 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-12-21 23:55 . 2011-12-17 01:20 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2011-12-21 23:55 . 2011-12-17 01:20 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2011-12-21 23:55 . 2011-12-17 01:20 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2011-12-21 22:19 . 2011-12-21 22:19 -------- d-----w- C:\found.001
    2011-12-21 11:52 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\mpengine.dll
    2011-12-21 06:49 . 2011-12-21 06:50 -------- dc----w- C:\a37064209ee47583c2330912
    2011-12-20 18:54 . 2011-12-20 18:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-19 10:09 . 2011-12-19 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\iN28300CeJhD28300
    2011-12-18 19:50 . 2011-12-18 19:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-18 18:14 . 2011-12-18 18:14 388096 ----a-r- c:\documents and settings\Tom Daigle\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-18 18:13 . 2011-12-22 20:48 -------- d-----w- c:\program files\Trend Micro
    2011-12-18 17:16 . 2011-12-24 05:46 -------- dc----w- C:\ComboFix
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:25 . 2001-08-23 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-10-28 05:31 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2001-08-23 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2001-08-17 13:48 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-23 11:08 . 2011-05-18 09:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-18 11:13 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2010-01-14 05:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-09 16:24 . 2001-08-23 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-09-28 15:04 . 2011-09-28 22:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-09-28 07:06 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 17:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 17:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-12-17 04:51 . 2011-12-21 23:55 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-17 2937528]
    "Steam"="e:\programs\Steam\steam.exe" [2011-08-03 1242448]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-08-21 5782528]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
    "QveCtl2Tray"="c:\program files\Philips\Sound Agent 2\mc500cpl.exe" [2003-09-20 720896]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-05 273544]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Finestra Virtual Desktops.lnk - c:\windows\Installer\{07B222F4-6640-433E-AF02-007F5E2CDB9B}\MainIcon.ico [2011-10-23 51816]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-30 805392]
    REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe [2011-12-22 843776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\n:\0autocheck autochk *\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-07-09 22:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-06-05 03:05 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "e:\\Programs\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
    "e:\\Programs\\Utorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "59037:TCP"= 59037:TCP:pando Media Booster
    "59037:UDP"= 59037:UDP:pando Media Booster
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/17/2010 1:31 PM 64512]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2010 1:23 PM 691696]
    R1 MpKsl459ad035;MpKsl459ad035;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl459ad035.sys [12/23/2011 11:20 PM 28752]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 5:00 AM 14336]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/1/2010 8:20 PM 38144]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
    R2 RealtekPCI;RealtekPCI;c:\program files\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [10/1/2010 8:20 PM 36864]
    R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [12/22/2011 1:48 PM 439632]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
    R3 psa500;Sound Agent 2 for Audio Set (WDM);c:\windows\system32\drivers\psa500.sys [1/16/2010 8:00 PM 414976]
    R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [1/16/2010 8:00 PM 16256]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/14/2010 9:18 PM 1390976]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
    S1 MpKsla58e7929;MpKsla58e7929;\??\c:\windows\system32\MpEngineStore\MpKsla58e7929.sys --> c:\windows\system32\MpEngineStore\MpKsla58e7929.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 11:46 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 11:46 AM 135664]
    S3 HWN;HWN;c:\docume~1\TOMDAI~1\LOCALS~1\Temp\HWN.exe --> c:\docume~1\TOMDAI~1\LOCALS~1\Temp\HWN.exe [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 11:13 AM 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 11:12 AM 174720]
    S3 PFNWATPEYOXF;PFNWATPEYOXF;c:\docume~1\TOMDAI~1\LOCALS~1\Temp\PFNWATPEYOXF.exe --> c:\docume~1\TOMDAI~1\LOCALS~1\Temp\PFNWATPEYOXF.exe [?]
    S3 S;S;c:\docume~1\TOMDAI~1\LOCALS~1\Temp\S.exe --> c:\docume~1\TOMDAI~1\LOCALS~1\Temp\S.exe [?]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [10/11/2010 5:37 PM 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [10/11/2010 5:37 PM 398720]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    *NewlyCreated* - MPKSL459AD035
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 20:53]
    .
    2011-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
    .
    2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 18:46]
    .
    2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 18:46]
    .
    2011-12-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
    .
    2011-12-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1035525444-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    2011-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1035525444-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Free YouTube Download - c:\documents and settings\Tom Daigle\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Tom Daigle\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ProfilePath - c:\documents and settings\Tom Daigle\Application Data\Mozilla\Firefox\Profiles\14o2zbj5.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-WinDrivxxx.exe - c:\windrivxxx.exe\WinDrivxxx.exe
    HKLM-Run-P-Install - d:\install\installerp1.exe
    HKU-Default-Run-WinDrivxxx.exe - c:\windrivxxx.exe\WinDrivxxx.exe
    MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-23 23:23
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
    P-Install = d:\install\installerp1.exe e???????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-861567501-1035525444-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:84,5e,27,4f,c4,bb,52,9c,a0,2a,d2,1f,da,85,05,8e,d9,91,b4,bf,e8,
    9a,b9,5c,fd,4e,5f,43,59,58,4e,94,0e,fd,f3,1e,5c,d3,97,9a,07,d2,bd,59,a9,09,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
    "DisplayName"="???\16?\11\09"
    "DeviceDesc"="???\16?\11\09"
    "ProviderName"="???\11???\11??"
    "MFG"="???????"
    "ReinstallString"=".10.1000.8"
    "DeviceInstanceIds"=multi:"d:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(612)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
    .
    - - - - - - - > 'explorer.exe'(1464)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\WTClient.exe
    c:\program files\Finestra\VirtualDesktops.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-23 23:30:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-24 06:30
    .
    Pre-Run: 71,062,405,120 bytes free
    Post-Run: 74,062,635,008 bytes free
    .
    - - End Of File - - D94729C59C2F5BAA364F4F1CED4B34DD
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Continue as follows:

    Step 1

    Uninstall Lavasoft Adaware via Start > Control Panel > Add/Remove Programs, it has an anti virus component that will clash with MSE and cause major issues.

    Step 2

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    File::
    c:\windows\system32\drivers\cumleqg.sys
    c:\docume~1\TOMDAI~1\LOCALS~1\Temp\PFNWATPEYOXF.exe
    c:\docume~1\TOMDAI~1\LOCALS~1\Temp\S.exe
    Folder::
    c:\documents and settings\All Users\Application Data\iN28300CeJhD28300 
    Driver::
    PFNWATPEYOXF
    S
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõw æ*]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 3

    Please download Farbar Service Scanner and run it on the computer with the issue.

    [​IMG]

    • Make sure "Internet Services" is selected
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Let me see the log from Combofix and Farbar Services Scanner in next reply...

    Kevin
     
  10. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    New problem, Add/remove programs does not have any of the "remove" buttons it normally does and Ad-aware's uninstall file is nowhere to be found
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Leave step one and continue...
     
  12. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    The wireless card is able to connect properly now. SEcurity Essentials still refuses to start.

    ComboFix 11-12-28.03 - Tom Daigle 12/29/2011 8:44.4.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1003 [GMT -7:00]
    Running from: c:\documents and settings\Tom Daigle\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Tom Daigle\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    * Created a new restore point
    .
    FILE ::
    "c:\docume~1\TOMDAI~1\LOCALS~1\Temp\PFNWATPEYOXF.exe"
    "c:\docume~1\TOMDAI~1\LOCALS~1\Temp\S.exe"
    "c:\windows\system32\drivers\cumleqg.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\All Users\Application Data\iN28300CeJhD28300\iN28300CeJhD28300
    c:\windows\system32\drivers\cumleqg.sys
    .
    c:\windows\system32\drivers\ipsec.sys was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\ipsec.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_PFNWATPEYOXF
    -------\Legacy_S
    -------\Service_PFNWATPEYOXF
    -------\Service_S
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 16:12 . 2011-12-29 16:12 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45249353-8BB5-477B-815C-B8729966B531}\MpKslad6fa029.sys
    2011-12-29 16:11 . 2011-12-29 16:11 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45249353-8BB5-477B-815C-B8729966B531}\offreg.dll
    2011-12-29 16:11 . 2011-11-21 09:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45249353-8BB5-477B-815C-B8729966B531}\mpengine.dll
    2011-12-29 15:52 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2011-12-29 15:52 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-12-24 05:49 . 2008-04-13 18:36 187776 -c--a-w- c:\windows\system32\dllcache\acpi.sys
    2011-12-24 05:49 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    2011-12-23 08:21 . 2011-12-27 03:54 -------- dc----w- C:\Boot
    2011-12-22 23:46 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-22 23:46 . 2011-12-22 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-22 23:13 . 2011-12-22 23:13 -------- d-----w- c:\documents and settings\Tom Daigle\Application Data\InstallShield
    2011-12-22 20:54 . 2011-12-22 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
    2011-12-22 20:49 . 2011-12-22 20:49 -------- d-----w- c:\program files\WinPcap
    2011-12-21 23:55 . 2011-12-17 04:51 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-12-21 23:55 . 2011-12-17 04:51 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-12-21 23:55 . 2011-12-17 04:51 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-12-21 23:55 . 2011-12-17 04:51 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-12-21 23:55 . 2011-12-17 04:51 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2011-12-21 23:55 . 2011-12-17 04:51 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-12-21 23:55 . 2011-12-17 04:51 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-12-21 23:55 . 2011-12-17 01:20 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-12-21 23:55 . 2011-12-17 01:20 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-12-21 23:55 . 2011-12-17 01:20 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2011-12-21 23:55 . 2011-12-17 01:20 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2011-12-21 23:55 . 2011-12-17 01:20 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2011-12-21 22:19 . 2011-12-21 22:19 -------- d-----w- C:\found.001
    2011-12-21 06:49 . 2011-12-21 06:50 -------- dc----w- C:\a37064209ee47583c2330912
    2011-12-20 18:54 . 2011-12-20 18:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-18 19:50 . 2011-12-18 19:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-18 18:14 . 2011-12-18 18:14 388096 ----a-r- c:\documents and settings\Tom Daigle\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-18 18:13 . 2011-12-22 20:48 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:25 . 2001-08-23 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2001-08-23 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2001-08-23 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2001-08-17 13:48 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-23 11:08 . 2011-05-18 09:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-18 11:13 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2010-01-14 05:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-09 16:24 . 2001-08-23 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-12-17 04:51 . 2011-12-21 23:55 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_06.21.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-29 15:56 . 2011-12-29 15:56 16384 c:\windows\Temp\Perflib_Perfdata_7e4.dat
    + 2011-12-29 19:00 . 2011-12-29 19:00 16384 c:\windows\Temp\Perflib_Perfdata_2a4.dat
    + 2001-08-23 12:00 . 2011-12-29 16:00 72910 c:\windows\system32\perfc009.dat
    + 2009-03-08 10:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 10:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    + 2001-08-23 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    - 2001-08-23 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    + 2001-08-23 12:00 . 2011-12-29 16:00 443320 c:\windows\system32\perfh009.dat
    + 2009-03-08 10:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    - 2009-03-08 10:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    - 2001-08-23 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
    + 2001-08-23 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    + 2001-08-23 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
    - 2009-03-08 10:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
    + 2009-03-08 10:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    + 2009-03-08 10:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
    - 2009-03-08 10:39 . 2011-08-23 23:48 11081728 c:\windows\system32\ieframe.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-17 2937528]
    "Steam"="e:\programs\Steam\steam.exe" [2011-08-03 1242448]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Akamai NetSession Interface"="c:\documents and settings\Tom Daigle\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-13 3305760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-08-21 5782528]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
    "QveCtl2Tray"="c:\program files\Philips\Sound Agent 2\mc500cpl.exe" [2003-09-20 720896]
    "WTClient"="WTClient.exe" [2007-04-11 40960]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-05 273544]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Finestra Virtual Desktops.lnk - c:\windows\Installer\{07B222F4-6640-433E-AF02-007F5E2CDB9B}\MainIcon.ico [2011-10-23 51816]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-30 805392]
    REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe [2011-12-22 843776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\n:\0autocheck autochk *\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-07-09 22:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-06-05 03:05 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "e:\\Programs\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
    "e:\\Programs\\Utorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "e:\\Programs\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Documents and Settings\\Tom Daigle\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "59037:TCP"= 59037:TCP:pando Media Booster
    "59037:UDP"= 59037:UDP:pando Media Booster
    "1409:TCP"= 1409:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/17/2010 1:31 PM 64512]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2010 1:23 PM 691696]
    R1 MpKsl633726d4;MpKsl633726d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl633726d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl633726d4.sys [?]
    R1 MpKslad6fa029;MpKslad6fa029;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45249353-8BB5-477B-815C-B8729966B531}\MpKslad6fa029.sys [12/29/2011 9:12 AM 29904]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/1/2010 8:20 PM 38144]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
    R3 psa500;Sound Agent 2 for Audio Set (WDM);c:\windows\system32\drivers\psa500.sys [1/16/2010 8:00 PM 414976]
    R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [1/16/2010 8:00 PM 16256]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/14/2010 9:18 PM 1390976]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
    S1 MpKsl197be98e;MpKsl197be98e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl197be98e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl197be98e.sys [?]
    S1 MpKsl3a67faa7;MpKsl3a67faa7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl3a67faa7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl3a67faa7.sys [?]
    S1 MpKsl9abb3017;MpKsl9abb3017;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl9abb3017.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9845DD2B-545E-4CA9-9F47-FC5B6FCA4749}\MpKsl9abb3017.sys [?]
    S1 MpKsla58e7929;MpKsla58e7929;\??\c:\windows\system32\MpEngineStore\MpKsla58e7929.sys --> c:\windows\system32\MpEngineStore\MpKsla58e7929.sys [?]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 11:13 AM 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 11:12 AM 174720]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [10/11/2010 5:37 PM 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [10/11/2010 5:37 PM 398720]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    *NewlyCreated* - MPKSLAD6FA029
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 20:53]
    .
    2011-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 18:46]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 18:46]
    .
    2011-12-29 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
    .
    2011-12-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1035525444-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    2011-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1035525444-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Free YouTube Download - c:\documents and settings\Tom Daigle\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Tom Daigle\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Tom Daigle\Application Data\Mozilla\Firefox\Profiles\14o2zbj5.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-29 12:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-861567501-1035525444-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:84,5e,27,4f,c4,bb,52,9c,a0,2a,d2,1f,da,85,05,8e,d9,91,b4,bf,e8,
    9a,b9,5c,fd,4e,5f,43,59,58,4e,94,0e,fd,f3,1e,5c,d3,97,9a,07,d2,bd,59,a9,09,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
    "DisplayName"="???\16?\11\09"
    "DeviceDesc"="???\16?\11\09"
    "ProviderName"="???\11???\11??"
    "MFG"="???????"
    "ReinstallString"=".10.1000.8"
    "DeviceInstanceIds"=multi:"d:\\drivers\\chipset\\xp\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
    .
    - - - - - - - > 'explorer.exe'(5376)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\AAWService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Realtek\RTL8185 Wireless LAN Utility\Rtlservice.exe
    c:\program files\Trend Micro\RUBotted\RUBotSrv.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\System32\Drivers\WTSRV.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WTClient.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\Finestra\VirtualDesktops.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-29 13:09:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-29 20:09
    ComboFix2.txt 2011-12-24 11:15
    ComboFix3.txt 2011-12-24 06:31
    .
    Pre-Run: 74,802,929,664 bytes free
    Post-Run: 74,814,554,112 bytes free
    .
    - - End Of File - - 7FE08F08B60041D4F394BD5CABB0421F
    ---------------------------

    Farbar Service Scanner
    Ran by Tom Daigle (administrator) on 29-12-2011 at 14:48:45
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(8) fssfltr(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000006000000070000000800000009000000

    **** End of log ****
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Can you UNinstall/ reinstall MSE and see if that cures the problem. To UNinsall go Here and follow the instructions. Basically, download the MSE installer, open "Run" by selecting the "Windows" key and "R" key together, drag the installer to the "Run" box. Put cursor at the end of the address, hit the spacebar then type /U tap the enter Key or select OK.

    That should UNinstall MSE, then re-install again.

    You can keep Lavasoft Adaware, but will have to turn off the AV component, You can turn off the anti-virus component as follows:

    • Open Ad-Aware
    • Click on switch to advanced mode
    • Click on Settings
    • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
    • Click OK and close Ad-Aware

    Let me know if that completes OK. When you rreinstall MSE it will want to update and do a quick scan, let that happen. Tell me if it finds anything....

    Kevin
     
  14. Ryuukaze

    Ryuukaze Thread Starter

    Joined:
    Dec 18, 2011
    Messages:
    11
    reinstallation worked. The scan found no viruses.Ad watch is disabled.
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    OK, if no more issues/concerns do the following:

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.
    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Step 3

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

    Step 3

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted


    Let me know if those steps complete OK, also if any remaining issues or concerns...

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031865

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice