OTL and Extra - pasted and attached

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

MBAM log was from Netbook

Post by etrdave on Mon Sep 10, 2012 4:10 am

I just realized that you meant for me to post the desktop machine's infected mbam log.

Before I do that, I wanted to ask if you could check my logs and give me a link for the HOST files I need for this machine, or, just tell me which of the many downloads on that page are the right ones. Thanks!

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Infected Desktop Machine MBAM log

Post by etrdave on Mon Sep 10, 2012 4:15 am

My Desktop pc's MBAM log will be posted next, along with the quarantine list from AVG.
MBAM has zeroaccess quarantined, and AVG has
Agent_r.BMS and Backdoor.Generic15.BIXF quarantined.

Please advise. Thanks.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Desktop MBAM / AVG / RK

Post by etrdave on Mon Sep 10, 2012 5:16 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4051

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/29/2010 8:29:14 AM
mbam-log-2010-04-29 (08-29-14).txt

Scan type: Full scan (A:\|C:\|)
Objects scanned: 207385
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\xrovqpfof\eeenncntssd.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\RaaH.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yCVO.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CEZD4KV5\n002102304801r0409J11000601R83a99fdaW046d99ddX9c4de30dYd79ec259Z03009f350[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WK60Y5LU\n002102304801r0409J11000601R83a99fdaW046d99ddX9430cb2fYdfe815a9Z03009f350[1] (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Here are quarantine notes in AVG:
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\PDFFORGETOOLBAR\IE\4.5\PDFFORGETOOLBARIE.DLL
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\COMMONFILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE
Malware UNKNOWN C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\F4D55F3B0001836367169D4ED151FC84\F4D55F3B0001836367169D4ED151FC84.EXE
Corrupted executable file C:\Documents and Settings\Owner\Local Settings\Temp\SkypeSetup.exe
Infection Trojan horse Agent_r.BMS C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000032.@.vir
Infection Trojan horse Backdoor.Generic15.BIXF C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\000000cb.@.vir

And a Quarantine Report:


Time : 01/09/2012 19:43:26
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 19:48:38
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 19:49:12
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 19:57:51
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 21:16:58
--------------------------


Time : 01/09/2012 21:25:50
--------------------------


Time : 05/09/2012 00:22:53
--------------------------


etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Mon Sep 10, 2012 5:19 am

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/01/2012 19:43:27

Bad processes : 1
[SUSP PATH] LaunchPad.exe -- C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe -> KILLED [TermProc]

Registry Entries : 2
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500AAKS-22VSA0 +++++
--- User ---
[MBR] d1dd1b46542915a868a86177a5d1c98b
[BSP] dc1586e26c5e2a65ee56087b0c6cae52 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Mon Sep 10, 2012 5:21 am

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/05/2012 00:22:53

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]

Infection :

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500AAKS-22VSA0 +++++
--- User ---
[MBR] d1dd1b46542915a868a86177a5d1c98b
[BSP] dc1586e26c5e2a65ee56087b0c6cae52 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

System is currently not connected to the internet.


etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Mon Sep 10, 2012 3:20 pm

Why is this last MBAM log posted, when it's from 4/29/2010 8:29:14 AM ?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Most recent MBAM log

Post by etrdave on Mon Sep 10, 2012 3:54 pm

I posted the old one because it showed what was shown as infected. I have not updated MBAM in 5 days as I have disconnected pc from the internet. AVG is showing something that appears to be reinstallers.
MBAM is below:
Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.09.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-1EFEC9199 [administrator]

9/9/2012 10:11:28 PM
mbam-log-2012-09-09 (22-11-28).txt

Scan type: Full scan (A:\|C:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376969
Time elapsed: 1 hour(s), 20 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000000.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Tue Sep 11, 2012 9:48 am

Let's look over a couple more things, then honestly I believe this PC is very clean!

AdwCleaner Scan
Please download [You must be registered and logged in to see this link.] by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Shall I reconnect my pc to internet?

Post by etrdave on Tue Sep 11, 2012 1:12 pm

I am currently disconnected. I ran the first program from the desktop.
Report is below. I put aswMBR on a stick and copied it to desktop.
When I clicked on it, it says "This application can use the Avast Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast virus definitions?

This will require reconnecting, unless I just click NO.

Please advise if it is safe for me to reconnect pc to internet.

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 14:40:28
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-1EFEC9199
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\Owner\Application Data\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\18uaxcra.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\duw4v4k6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [02/09/2012 14:40:28]

########## EOF - C:\AdwCleaner[R1].txt - [1507 octets] ##########

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Tue Sep 11, 2012 2:10 pm

I ran the aswMBR that I had saved to the desktop from my stick/not as downloaded with updates. Here are the results.
I am still waiting to hear if it is ok to reconnect the LAN cable to my pc.
Let me know if you'd like me to reconnect the LAN cable and then to
download aswMBR directly to the desktop, then to click on the YES button to update definitions and run it again.


Results follow:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 07:00:54
-----------------------------
07:00:54.906 OS Version: Windows 5.1.2600 Service Pack 3
07:00:54.906 Number of processors: 2 586 0x170A
07:00:54.906 ComputerName: OWNER-1EFEC9199 UserName: Owner
07:00:55.421 Initialize success
07:01:02.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
07:01:02.656 Disk 0 Vendor: WDC_WD2500AAKS-22VSA0 01.01B01 Size: 238475MB BusType: 3
07:01:02.687 Disk 0 MBR read successfully
07:01:02.687 Disk 0 MBR scan
07:01:02.687 Disk 0 Windows XP default MBR code
07:01:02.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
07:01:02.687 Disk 0 scanning sectors +488376000
07:01:02.734 Disk 0 scanning C:\WINDOWS\system32\drivers
07:01:07.343 Service scanning
07:01:16.593 Modules scanning
07:01:18.906 Disk 0 trace - called modules:
07:01:18.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:01:18.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3abab8]
07:01:18.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8b3b2f18]
07:01:18.921 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b3add98]
07:01:18.921 Scan finished successfully
07:04:19.250 Disk 0 MBR has been saved successfully to "J:\Reports from Desktop Computer September 2012\New Folder\MBR.dat"
07:04:19.250 The log file has been saved successfully to "J:\Reports from Desktop Computer September 2012\New Folder\aswMBR.txt"



etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Wed Sep 12, 2012 5:27 pm

Okie dokie. All clean! Smile

Do this, and we'll be done:

AdwCleaner Fix

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 2:29 am

# AdwCleaner v2.000 - Logfile created 09/12/2012 at 18:53:22
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-1EFEC9199
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program FilesC:\Program Files\Software
Deleted on reboot : C:\Program FilesC:\Program Files\Software
Folder Deleted : C:\Documents and Settings\Owner\Application Data\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\18uaxcra.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\duw4v4k6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1576 octets] - [02/09/2012 14:40:28]
AdwCleaner[R2].txt - [1636 octets] - [11/09/2012 05:26:26]
AdwCleaner[S1].txt - [1887 octets] - [12/09/2012 18:53:22]

########## EOF - C:\AdwCleaner[S1].txt - [1947 octets] ##########

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 4:10 am

What about the files that MBAM has identified?
C:\RECYCLER, for example???
HKCR\CLSID....?

Can I empty AVG Virus Vault?
Currently holding 2 Malware, 1 corrupted Skype exe file, , an Unknown application/data exe, and 2 trojans.

And what about the things RK has quarantined?
SHALL I DELETE THEM?
Or, is there a reason for keeping launchpad.exe.vir???


etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 7:33 am

One more question...
when I open Windows Security Center,
Security Essentials will not open and I cannot
view firewall settings when I click on it.

Is that virus related or a registry problem caused
by ccleaner?

And, when connected to the internet, IE wasn't able to check updates...and I know there is a new update.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Thu Sep 13, 2012 10:26 am

What c:\RECYCLER?

Yes, you can empty the quarantine and virus vault.

Please list all problems and error messages.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 1:50 pm

Recycler is listed as a zero access file.
Everything mbam shows is labelled either zeroaccess trojan or 0access file.

Windows does not allow the security center to start.
When I open it manually, security essentials are not available.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 2:10 pm

Due to an unidentified problem, Windows cannot display firewall settings.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 2:27 pm

I cannot connect to the internet as an administrator.
I have limited connectivity.
I can connect to the internet as a guest.
I cannot update Windows with the new service pack.

AVG Resident Shield shows Trojan horse Backdoor.Generic15.BYSQ in C:\Program Files\Malwarebytes Anti Malware\mbam.exe

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu Sep 13, 2012 2:28 pm

That was found on 9/9. I don't know how Resident Shield works. The file is C:\system volume information\_restore ().ini

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Fri Sep 14, 2012 10:16 am

I wouldn't doubt the possibility that you keep reinfecting the computer.

Please delete the old copy of TDSSKiller, download a new copy, run a scan, and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Fri Sep 14, 2012 2:24 pm

Be aware that we still have all of the old system restore points on this pc.

We have not yet reconnected to the internet to run
ESET as we did with the Acer netbook.

Here is the TDSS log:
07:10:01.0703 2544 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:10:01.0718 2544 ============================================================
07:10:01.0718 2544 Current date / time: 2012/09/14 07:10:01.0718
07:10:01.0718 2544 SystemInfo:
07:10:01.0718 2544
07:10:01.0718 2544 OS Version: 5.1.2600 ServicePack: 3.0
07:10:01.0718 2544 Product type: Workstation
07:10:01.0718 2544 ComputerName: OWNER-1EFEC9199
07:10:01.0718 2544 UserName: Owner
07:10:01.0718 2544 Windows directory: C:\WINDOWS
07:10:01.0718 2544 System windows directory: C:\WINDOWS
07:10:01.0718 2544 Processor architecture: Intel x86
07:10:01.0718 2544 Number of processors: 2
07:10:01.0718 2544 Page size: 0x1000
07:10:01.0718 2544 Boot type: Normal boot
07:10:01.0718 2544 ============================================================
07:10:02.0984 2544 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:10:03.0000 2544 ============================================================
07:10:03.0000 2544 \Device\Harddisk0\DR0:
07:10:03.0000 2544 MBR partitions:
07:10:03.0000 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
07:10:03.0000 2544 ============================================================
07:10:03.0031 2544 C: <-> \Device\Harddisk0\DR0\Partition1
07:10:03.0031 2544 ============================================================
07:10:03.0031 2544 Initialize success
07:10:03.0031 2544 ============================================================
07:10:33.0203 4044 ============================================================
07:10:33.0203 4044 Scan started
07:10:33.0203 4044 Mode: Manual; SigCheck; TDLFS;
07:10:33.0203 4044 ============================================================
07:10:33.0328 4044 ================ Scan system memory ========================
07:10:33.0328 4044 System memory - ok
07:10:33.0328 4044 ================ Scan services =============================
07:10:33.0468 4044 Abiosdsk - ok
07:10:33.0468 4044 abp480n5 - ok
07:10:33.0593 4044 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:10:33.0671 4044 ACDaemon - ok
07:10:33.0703 4044 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:10:33.0859 4044 ACPI - ok
07:10:33.0890 4044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:10:33.0984 4044 ACPIEC - ok
07:10:34.0078 4044 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:10:34.0078 4044 AdobeFlashPlayerUpdateSvc - ok
07:10:34.0093 4044 adpu160m - ok
07:10:34.0093 4044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:10:34.0156 4044 aec - ok
07:10:34.0187 4044 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
07:10:34.0187 4044 Afc - ok
07:10:34.0250 4044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:10:34.0359 4044 AFD - ok
07:10:34.0375 4044 Aha154x - ok
07:10:34.0375 4044 aic78u2 - ok
07:10:34.0375 4044 aic78xx - ok
07:10:34.0390 4044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:10:34.0484 4044 Alerter - ok
07:10:34.0500 4044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:10:34.0546 4044 ALG - ok
07:10:34.0546 4044 AliIde - ok
07:10:34.0546 4044 amsint - ok
07:10:34.0546 4044 AppMgmt - ok
07:10:34.0562 4044 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
07:10:34.0562 4044 ArcSoftKsUFilter - ok
07:10:34.0562 4044 asc - ok
07:10:34.0578 4044 asc3350p - ok
07:10:34.0578 4044 asc3550 - ok
07:10:34.0671 4044 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:10:34.0687 4044 aspnet_state - ok
07:10:34.0718 4044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:10:34.0781 4044 AsyncMac - ok
07:10:34.0812 4044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:10:34.0875 4044 atapi - ok
07:10:34.0875 4044 Atdisk - ok
07:10:34.0875 4044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:10:34.0937 4044 Atmarpc - ok
07:10:34.0968 4044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:10:35.0046 4044 AudioSrv - ok
07:10:35.0062 4044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:10:35.0125 4044 audstub - ok
07:10:35.0593 4044 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
07:10:35.0750 4044 AVGIDSAgent - ok
07:10:35.0781 4044 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:10:35.0796 4044 AVGIDSDriver - ok
07:10:35.0828 4044 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
07:10:35.0828 4044 AVGIDSFilter - ok
07:10:35.0859 4044 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:10:35.0859 4044 AVGIDSHX - ok
07:10:35.0890 4044 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:10:35.0906 4044 AVGIDSShim - ok
07:10:35.0921 4044 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:10:35.0937 4044 Avgldx86 - ok
07:10:35.0953 4044 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:10:35.0968 4044 Avgmfx86 - ok
07:10:35.0968 4044 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:10:35.0984 4044 Avgrkx86 - ok
07:10:36.0015 4044 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:10:36.0031 4044 Avgtdix - ok
07:10:36.0078 4044 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:10:36.0093 4044 avgwd - ok
07:10:36.0140 4044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:10:36.0203 4044 Beep - ok
07:10:36.0265 4044 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:10:36.0328 4044 Browser - ok
07:10:36.0343 4044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:10:36.0437 4044 cbidf2k - ok
07:10:36.0468 4044 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:10:36.0562 4044 CCDECODE - ok
07:10:36.0562 4044 cd20xrnt - ok
07:10:36.0609 4044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:10:36.0687 4044 Cdaudio - ok
07:10:36.0703 4044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:10:36.0765 4044 Cdfs - ok
07:10:36.0796 4044 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:10:36.0859 4044 Cdrom - ok
07:10:36.0859 4044 Changer - ok
07:10:36.0890 4044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:10:36.0953 4044 CiSvc - ok
07:10:36.0968 4044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:10:37.0031 4044 ClipSrv - ok
07:10:37.0062 4044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:10:37.0062 4044 clr_optimization_v2.0.50727_32 - ok
07:10:37.0125 4044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:10:37.0140 4044 clr_optimization_v4.0.30319_32 - ok
07:10:37.0140 4044 CmdIde - ok
07:10:37.0140 4044 COMSysApp - ok
07:10:37.0140 4044 Cpqarray - ok
07:10:37.0203 4044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:10:37.0265 4044 CryptSvc - ok
07:10:37.0281 4044 dac2w2k - ok
07:10:37.0281 4044 dac960nt - ok
07:10:37.0343 4044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:10:37.0421 4044 DcomLaunch - ok
07:10:37.0484 4044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:10:37.0562 4044 Dhcp - ok
07:10:37.0562 4044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:10:37.0625 4044 Disk - ok
07:10:37.0625 4044 dmadmin - ok
07:10:37.0671 4044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:10:37.0796 4044 dmboot - ok
07:10:37.0828 4044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:10:37.0921 4044 dmio - ok
07:10:37.0953 4044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:10:38.0015 4044 dmload - ok
07:10:38.0031 4044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:10:38.0093 4044 dmserver - ok
07:10:38.0140 4044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:10:38.0203 4044 DMusic - ok
07:10:38.0250 4044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:10:38.0359 4044 Dnscache - ok
07:10:38.0375 4044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:10:38.0437 4044 Dot3svc - ok
07:10:38.0437 4044 dpti2o - ok
07:10:38.0437 4044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:10:38.0531 4044 drmkaud - ok
07:10:38.0562 4044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:10:38.0625 4044 EapHost - ok
07:10:38.0656 4044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:10:38.0718 4044 ERSvc - ok
07:10:38.0781 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:10:38.0796 4044 Eventlog - ok
07:10:38.0859 4044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:10:38.0906 4044 EventSystem - ok
07:10:38.0906 4044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:10:39.0000 4044 Fastfat - ok
07:10:39.0046 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:10:39.0093 4044 FastUserSwitchingCompatibility - ok
07:10:39.0125 4044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:10:39.0187 4044 Fdc - ok
07:10:39.0203 4044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:10:39.0265 4044 Fips - ok
07:10:39.0281 4044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:10:39.0328 4044 Flpydisk - ok
07:10:39.0375 4044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:10:39.0437 4044 FltMgr - ok
07:10:39.0468 4044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:10:39.0468 4044 FontCache3.0.0.0 - ok
07:10:39.0484 4044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:10:39.0562 4044 Fs_Rec - ok
07:10:39.0578 4044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:10:39.0640 4044 Ftdisk - ok
07:10:39.0687 4044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:10:39.0750 4044 Gpc - ok
07:10:39.0875 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:39.0875 4044 gupdate - ok
07:10:39.0890 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:39.0890 4044 gupdatem - ok
07:10:39.0937 4044 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:10:39.0937 4044 gusvc - ok
07:10:39.0968 4044 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:10:40.0031 4044 HDAudBus - ok
07:10:40.0093 4044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:10:40.0156 4044 helpsvc - ok
07:10:40.0156 4044 HidServ - ok
07:10:40.0187 4044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:10:40.0250 4044 HidUsb - ok
07:10:40.0265 4044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:10:40.0328 4044 hkmsvc - ok
07:10:40.0343 4044 hpn - ok
07:10:40.0375 4044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:10:40.0421 4044 HTTP - ok
07:10:40.0453 4044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:10:40.0546 4044 HTTPFilter - ok
07:10:40.0546 4044 i2omgmt - ok
07:10:40.0546 4044 i2omp - ok
07:10:40.0562 4044 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:10:40.0640 4044 i8042prt - ok
07:10:40.0812 4044 [ CD32607F1CC8AC67224334AE123F7B98 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:10:41.0109 4044 ialm - ok
07:10:41.0156 4044 [ 16E441DC4DAF703FB0B0FE474830FF53 ] IcRecUsb C:\WINDOWS\system32\Drivers\IcRecUsb.sys
07:10:41.0203 4044 IcRecUsb - ok
07:10:41.0281 4044 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:10:41.0296 4044 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:10:41.0296 4044 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:10:41.0359 4044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:10:41.0390 4044 idsvc - ok
07:10:41.0390 4044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:10:41.0453 4044 Imapi - ok
07:10:41.0500 4044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:10:41.0578 4044 ImapiService - ok
07:10:41.0578 4044 ini910u - ok
07:10:41.0578 4044 IntelIde - ok
07:10:41.0593 4044 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:10:41.0656 4044 intelppm - ok
07:10:41.0750 4044 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
07:10:41.0750 4044 IntuitUpdateService - ok
07:10:41.0812 4044 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:10:41.0828 4044 IntuitUpdateServiceV4 - ok
07:10:41.0859 4044 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:10:41.0937 4044 Ip6Fw - ok
07:10:41.0968 4044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:10:42.0031 4044 IpFilterDriver - ok
07:10:42.0046 4044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:10:42.0140 4044 IpInIp - ok
07:10:42.0156 4044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:10:42.0218 4044 IpNat - ok
07:10:42.0281 4044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:10:42.0343 4044 IPSec - ok
07:10:42.0390 4044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:10:42.0437 4044 IRENUM - ok
07:10:42.0500 4044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:10:42.0562 4044 isapnp - ok
07:10:42.0640 4044 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:10:42.0640 4044 JavaQuickStarterService - ok
07:10:42.0671 4044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:10:42.0734 4044 Kbdclass - ok
07:10:42.0765 4044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:10:42.0828 4044 kmixer - ok
07:10:42.0859 4044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:10:42.0953 4044 KSecDD - ok
07:10:42.0984 4044 [ 93E64BAB9DEE162CA0CA5258D132A047 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
07:10:43.0031 4044 L1e - ok
07:10:43.0062 4044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:10:43.0109 4044 LanmanServer - ok
07:10:43.0140 4044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:10:43.0203 4044 lanmanworkstation - ok
07:10:43.0203 4044 lbrtfdc - ok
07:10:43.0281 4044 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:10:43.0296 4044 LightScribeService - ok
07:10:43.0343 4044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:10:43.0421 4044 LmHosts - ok
07:10:43.0453 4044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:10:43.0515 4044 Messenger - ok
07:10:43.0562 4044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:10:43.0625 4044 mnmdd - ok
07:10:43.0640 4044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:10:43.0703 4044 mnmsrvc - ok
07:10:43.0734 4044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:10:43.0796 4044 Modem - ok
07:10:43.0859 4044 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
07:10:44.0000 4044 monfilt - ok
07:10:44.0046 4044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:10:44.0125 4044 Mouclass - ok
07:10:44.0125 4044 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:10:44.0203 4044 mouhid - ok
07:10:44.0250 4044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:10:44.0328 4044 MountMgr - ok
07:10:44.0375 4044 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:10:44.0390 4044 MozillaMaintenance - ok
07:10:44.0390 4044 mraid35x - ok
07:10:44.0390 4044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:10:44.0453 4044 MRxDAV - ok
07:10:44.0500 4044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:10:44.0546 4044 MRxSmb - ok
07:10:44.0562 4044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:10:44.0625 4044 MSDTC - ok
07:10:44.0640 4044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:10:44.0703 4044 Msfs - ok
07:10:44.0703 4044 MSIServer - ok
07:10:44.0703 4044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:10:44.0765 4044 MSKSSRV - ok
07:10:44.0781 4044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:10:44.0843 4044 MSPCLOCK - ok
07:10:44.0843 4044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:10:44.0906 4044 MSPQM - ok
07:10:44.0937 4044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:10:45.0000 4044 mssmbios - ok
07:10:45.0031 4044 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:10:45.0093 4044 MSTEE - ok
07:10:45.0140 4044 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:10:45.0171 4044 MTsensor - ok
07:10:45.0203 4044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:10:45.0234 4044 Mup - ok
07:10:45.0265 4044 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:10:45.0359 4044 NABTSFEC - ok
07:10:45.0390 4044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:10:45.0468 4044 napagent - ok
07:10:45.0500 4044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:10:45.0562 4044 NDIS - ok
07:10:45.0593 4044 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:10:45.0656 4044 NdisIP - ok
07:10:45.0703 4044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:10:45.0750 4044 NdisTapi - ok
07:10:45.0781 4044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:10:45.0843 4044 Ndisuio - ok
07:10:45.0843 4044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:10:45.0921 4044 NdisWan - ok
07:10:45.0953 4044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:10:46.0015 4044 NDProxy - ok
07:10:46.0031 4044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:10:46.0078 4044 NetBIOS - ok
07:10:46.0109 4044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:10:46.0171 4044 NetBT - ok
07:10:46.0218 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:10:46.0312 4044 NetDDE - ok
07:10:46.0312 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:10:46.0375 4044 NetDDEdsdm - ok
07:10:46.0437 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:10:46.0500 4044 Netlogon - ok
07:10:46.0515 4044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:10:46.0578 4044 Netman - ok
07:10:46.0625 4044 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:10:46.0625 4044 NetTcpPortSharing - ok
07:10:46.0671 4044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:10:46.0687 4044 Nla - ok
07:10:46.0812 4044 [ DBB5F7B1A4F109CD7A1ABD3AC7A10D39 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:10:46.0828 4044 NMIndexingService - ok
07:10:46.0828 4044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:10:46.0890 4044 Npfs - ok
07:10:46.0937 4044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:10:47.0000 4044 Ntfs - ok
07:10:47.0000 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:10:47.0062 4044 NtLmSsp - ok
07:10:47.0093 4044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:10:47.0156 4044 NtmsSvc - ok
07:10:47.0187 4044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:10:47.0250 4044 Null - ok
07:10:47.0296 4044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:10:47.0359 4044 NwlnkFlt - ok
07:10:47.0359 4044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:10:47.0421 4044 NwlnkFwd - ok
07:10:47.0500 4044 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:10:47.0515 4044 ose - ok
07:10:47.0531 4044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:10:47.0593 4044 Parport - ok
07:10:47.0609 4044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:10:47.0656 4044 PartMgr - ok
07:10:47.0703 4044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:10:47.0765 4044 ParVdm - ok
07:10:47.0828 4044 [ CC91E0E369DF4A052EBDD1EA86AF999B ] PcaSp50 C:\WINDOWS\system32\DRIVERS\PcaSp50.sys
07:10:47.0859 4044 PcaSp50 ( UnsignedFile.Multi.Generic ) - warning
07:10:47.0859 4044 PcaSp50 - detected UnsignedFile.Multi.Generic (1)
07:10:47.0875 4044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:10:47.0937 4044 PCI - ok
07:10:47.0953 4044 PCIDump - ok
07:10:47.0953 4044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:10:48.0015 4044 PCIIde - ok
07:10:48.0015 4044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:10:48.0078 4044 Pcmcia - ok
07:10:48.0093 4044 PDCOMP - ok
07:10:48.0093 4044 PDFRAME - ok
07:10:48.0093 4044 PDRELI - ok
07:10:48.0093 4044 PDRFRAME - ok
07:10:48.0093 4044 perc2 - ok
07:10:48.0093 4044 perc2hib - ok
07:10:48.0125 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:10:48.0140 4044 PlugPlay - ok
07:10:48.0140 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:10:48.0203 4044 PolicyAgent - ok
07:10:48.0218 4044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:10:48.0281 4044 PptpMiniport - ok
07:10:48.0281 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:10:48.0343 4044 ProtectedStorage - ok
07:10:48.0359 4044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:10:48.0421 4044 PSched - ok
07:10:48.0421 4044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:10:48.0484 4044 Ptilink - ok
07:10:48.0500 4044 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:10:48.0515 4044 PxHelp20 - ok
07:10:48.0546 4044 [ FDDD1AEB9F81EF1E6E48AE1EDC2A97D6 ] QCDonner C:\WINDOWS\system32\DRIVERS\OVCD.sys
07:10:48.0593 4044 QCDonner - ok
07:10:48.0609 4044 ql1080 - ok
07:10:48.0609 4044 Ql10wnt - ok
07:10:48.0609 4044 ql12160 - ok
07:10:48.0609 4044 ql1240 - ok
07:10:48.0609 4044 ql1280 - ok
07:10:48.0625 4044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:10:48.0671 4044 RasAcd - ok
07:10:48.0718 4044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:10:48.0781 4044 RasAuto - ok
07:10:48.0812 4044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:10:48.0859 4044 Rasl2tp - ok
07:10:48.0890 4044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:10:48.0953 4044 RasMan - ok
07:10:48.0953 4044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:10:49.0015 4044 RasPppoe - ok
07:10:49.0015 4044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:10:49.0078 4044 Raspti - ok
07:10:49.0125 4044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:10:49.0187 4044 Rdbss - ok
07:10:49.0187 4044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:10:49.0250 4044 RDPCDD - ok
07:10:49.0296 4044 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:10:49.0328 4044 RDPWD - ok
07:10:49.0343 4044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:10:49.0406 4044 RDSessMgr - ok
07:10:49.0421 4044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:10:49.0484 4044 redbook - ok
07:10:49.0515 4044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:10:49.0578 4044 RemoteAccess - ok
07:10:49.0578 4044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:10:49.0640 4044 RpcLocator - ok
07:10:49.0703 4044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:10:49.0718 4044 RpcSs - ok
07:10:49.0781 4044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:10:49.0843 4044 RSVP - ok
07:10:49.0843 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:10:49.0906 4044 SamSs - ok
07:10:49.0921 4044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:10:50.0015 4044 SCardSvr - ok
07:10:50.0078 4044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:10:50.0140 4044 Schedule - ok
07:10:50.0171 4044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:10:50.0234 4044 Secdrv - ok
07:10:50.0281 4044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:10:50.0343 4044 seclogon - ok
07:10:50.0359 4044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:10:50.0437 4044 SENS - ok
07:10:50.0437 4044 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:10:50.0500 4044 serenum - ok
07:10:50.0500 4044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:10:50.0562 4044 Serial - ok
07:10:50.0578 4044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:10:50.0640 4044 Sfloppy - ok
07:10:50.0703 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:10:50.0718 4044 ShellHWDetection - ok
07:10:50.0718 4044 Simbad - ok
07:10:50.0968 4044 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
07:10:51.0046 4044 Skype C2C Service - ok
07:10:51.0156 4044 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:10:51.0156 4044 SkypeUpdate - ok
07:10:51.0203 4044 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:10:51.0265 4044 SLIP - ok
07:10:51.0265 4044 Sparrow - ok
07:10:51.0296 4044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:10:51.0375 4044 splitter - ok
07:10:51.0406 4044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:10:51.0406 4044 Spooler - ok
07:10:51.0437 4044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:10:51.0484 4044 sr - ok
07:10:51.0500 4044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:10:51.0531 4044 srservice - ok
07:10:51.0546 4044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:10:51.0625 4044 Srv - ok
07:10:51.0656 4044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:10:51.0718 4044 SSDPSRV - ok
07:10:51.0750 4044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:10:51.0828 4044 stisvc - ok
07:10:51.0828 4044 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:10:51.0906 4044 streamip - ok
07:10:51.0921 4044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:10:52.0000 4044 swenum - ok
07:10:52.0000 4044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:10:52.0062 4044 swmidi - ok
07:10:52.0062 4044 SwPrv - ok
07:10:52.0062 4044 symc810 - ok
07:10:52.0062 4044 symc8xx - ok
07:10:52.0078 4044 sym_hi - ok
07:10:52.0078 4044 sym_u3 - ok
07:10:52.0093 4044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:10:52.0140 4044 sysaudio - ok
07:10:52.0171 4044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:10:52.0265 4044 SysmonLog - ok
07:10:52.0296 4044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:10:52.0359 4044 TapiSrv - ok
07:10:52.0406 4044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:10:52.0437 4044 Tcpip - ok
07:10:52.0484 4044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:10:52.0546 4044 TDPIPE - ok
07:10:52.0562 4044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:10:52.0640 4044 TDTCP - ok
07:10:52.0703 4044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:10:52.0781 4044 TermDD - ok
07:10:52.0828 4044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:10:52.0890 4044 TermService - ok
07:10:52.0921 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:10:52.0921 4044 Themes - ok
07:10:52.0937 4044 TosIde - ok
07:10:52.0984 4044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:10:53.0046 4044 TrkWks - ok
07:10:53.0078 4044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:10:53.0140 4044 Udfs - ok
07:10:53.0156 4044 ultra - ok
07:10:53.0171 4044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:10:53.0234 4044 Update - ok
07:10:53.0281 4044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:10:53.0328 4044 upnphost - ok
07:10:53.0359 4044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:10:53.0421 4044 UPS - ok
07:10:53.0453 4044 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:10:53.0531 4044 usbaudio - ok
07:10:53.0578 4044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:10:53.0640 4044 usbccgp - ok
07:10:53.0703 4044 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:10:53.0765 4044 usbehci - ok
07:10:53.0812 4044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:10:53.0875 4044 usbhub - ok
07:10:53.0906 4044 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:10:54.0000 4044 usbscan - ok
07:10:54.0031 4044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:10:54.0125 4044 USBSTOR - ok
07:10:54.0140 4044 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:10:54.0187 4044 usbuhci - ok
07:10:54.0218 4044 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
07:10:54.0281 4044 usbvideo - ok
07:10:54.0296 4044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:10:54.0375 4044 VgaSave - ok
07:10:54.0437 4044 [ 51B24990850076F659D1D1DAEFBED6F1 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
07:10:54.0531 4044 VIAHdAudAddService - ok
07:10:54.0531 4044 ViaIde - ok
07:10:54.0546 4044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:10:54.0609 4044 VolSnap - ok
07:10:54.0640 4044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:10:54.0671 4044 VSS - ok
07:10:54.0734 4044 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:10:54.0781 4044 W32Time - ok
07:10:54.0828 4044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:10:54.0890 4044 Wanarp - ok
07:10:54.0890 4044 WDICA - ok
07:10:54.0906 4044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:10:54.0968 4044 wdmaud - ok
07:10:54.0984 4044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:10:55.0046 4044 WebClient - ok
07:10:55.0156 4044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:10:55.0218 4044 winmgmt - ok
07:10:55.0265 4044 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:10:55.0296 4044 WmdmPmSN - ok
07:10:55.0359 4044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:10:55.0437 4044 WmiApSrv - ok
07:10:55.0546 4044 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:10:55.0578 4044 WMPNetworkSvc - ok
07:10:55.0703 4044 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:10:55.0734 4044 WPFFontCache_v0400 - ok
07:10:55.0765 4044 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:10:55.0843 4044 WSTCODEC - ok
07:10:55.0890 4044 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:10:55.0953 4044 WudfPf - ok
07:10:55.0953 4044 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:10:55.0968 4044 WudfRd - ok
07:10:55.0984 4044 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:10:56.0000 4044 WudfSvc - ok
07:10:56.0031 4044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:10:56.0109 4044 WZCSVC - ok
07:10:56.0125 4044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:10:56.0203 4044 xmlprov - ok
07:10:56.0203 4044 ================ Scan global ===============================
07:10:56.0265 4044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:10:56.0328 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:10:56.0328 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:10:56.0343 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:10:56.0343 4044 [Global] - ok
07:10:56.0343 4044 ================ Scan MBR ==================================
07:10:56.0375 4044 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:10:56.0640 4044 \Device\Harddisk0\DR0 - ok
07:10:56.0640 4044 ================ Scan VBR ==================================
07:10:56.0640 4044 [ 0A2DC48A81E4668FF5F279776514A3EC ] \Device\Harddisk0\DR0\Partition1
07:10:56.0640 4044 \Device\Harddisk0\DR0\Partition1 - ok
07:10:56.0640 4044 ============================================================
07:10:56.0640 4044 Scan finished
07:10:56.0640 4044 ============================================================
07:10:56.0734 3140 Detected object count: 2
07:10:56.0734 3140 Actual detected object count: 2
07:11:49.0343 3140 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:11:49.0343 3140 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:11:49.0343 3140 PcaSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
07:11:49.0343 3140 PcaSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:13:17.0531 2276 Deinitialize success

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Fri Sep 14, 2012 5:27 pm

Okay. Clear a few things up here...

1. The Acer Netbook is fine now?

2. Are the same issues on this other computer you're showing me logs for now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat Sep 15, 2012 1:48 am

The Acer netbook APPEARS to be fine. I am able to update and run AVG, Spybot,
and Malwarebytes. It let me update Windows to the new security pack.
I need to know which HOST files to download from the website you provided...I'm not sure if I need to
download more than one file from there.

I think the pc is still infected. It had more of a problem than the Acer did. I can't get in
to change firewall settings.
The logs I sent yesterday and today are from the pc,
which is still not connected to the internet.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat Sep 15, 2012 5:33 am

I had tried to start a new thread for the pc the other day, but it ended up in the trash incinerator.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat Sep 15, 2012 6:53 am

This is today's Security Check log for the pc:
Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG 2012
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat Sep 15, 2012 1:49 pm

At CMD /K SC QC WSCSVC, OpenService FAILED 1060 appears. The specified service does not exist as an installed service.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Sat Sep 15, 2012 6:30 pm

It is usual for us to only allow one topic per person at a time. Otherwise, it gets seriously confusing. Goofy

ComboFix

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:


  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sun Sep 16, 2012 1:52 am

Thanks for your help, but as it's been 2 weeks since my pc got infected I couldn't keep working at it at that pace, so I took it to the shop that built it today.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sun Sep 16, 2012 1:56 am

By the way...if someone posts asking whether or not they should be connected to the internet or should reconnect if they've disconnected, you really need to let them know. Just mho.

etrdave
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-09-01
OS OS : xp home edition 2002 sp3
Points Points : 16125
# Likes # Likes : 0

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Dr Jay on Sun Sep 16, 2012 10:00 am

Most of the time, when you have originally detected the malware issue, it means the computer is infected by malware of some sort. Antivirus scanners may not show a sign of the malware still being there, which could be a sign of a rootkit.

Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

So, the idea is, is when you post to a forum that you need help removing malware, it is best to stay with the helper, to ensure your computer is clean.

However, we all face issues helping our victims out. Because of being volunteers, we have to succumb to the demand of many victims of malware, not just one of two at a time.

For myself, I have a workrate of 30-40 victims per day that I assist. In that case, it is only best to keep things less confusing. Maintaining a level of professionalism is important on both sides of the spectrum, and we do our best to try to seek out the best answers.

All of the info posted is to help reveal malware entry points so we can find and target the malware. Sometimes logs cannot properly help diagnose the issue. Eventually, malware finds ways to get around our scanners.

If we did not use our scanners, and instead used third party products, we could not get enough info to make sure we can help to defeat the issue. So, these scanners are engineered by our staff, and corresponding staff to help bypass malware, and fully detect it.

Our wish would be that if you'd like help in the future, you would keep some of these principles in mind.

Since you have requested no more help, this topic is now closed.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum