Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer keeps on calling IP 206.161.121.x


  • This topic is locked This topic is locked
24 replies to this topic

#1 embrun809

embrun809

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 30 March 2012 - 08:34 PM

Hi. I was on your site about a week ago and followed a set of basic steps after a malware infection . I'm not able to find that particular document on your site anymore and the steps you have in your current welcome guide are different. In any case, here is the sequence that was suggested: 1) Malwarebytes Anti-Malware; )2 Unhide 3)GMER; 4) DDS. Step 1 ran fine (log attached); step 2 as well; step 3(GMER) didn't go a 100%. It first ran a LoadDriver error message (cannot create stable sub key under volatile parent key) and then ran, but not with all the options you had indicated. It also did not create a log, but your site indicated that that would happen if GMER didn't pick anything up. I have tried running DDS, but it just seems to grind to a halt after seemingly making decent progress. I have since ran Defogger, according to the instructions you have posted.

Malwarebytes originally managed to remove the primary infection, but at the moment it keeps on blocking outgoing calls to servers which include the following IP range: 206.161.121.X

I would be happy to get your suggestions as to how to proceed.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 05 April 2012 - 08:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448245 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 09 April 2012 - 01:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 embrun809

embrun809
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 10 April 2012 - 10:48 PM

Hi Gringo. Thanks for taking the time to look into this. Below is the text from the OTL log you asked for. Other than MalwareBytes blocking outgoing IP calls, the only other thing that happens from time to time is that search results from Google sometimes seem to get hijacked. Instead of getting the link from Google, it launches a bunch of crap windows. It also seems that sometimes you have to click twice on a link to actually go there.

Dick

OTL logfile created on: 10/04/2012 11:26:23 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dyana Preville\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1023.54 Mb Total Physical Memory | 181.64 Mb Available Physical Memory | 17.75% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.72% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.29 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 46.50 Gb Free Space | 62.41% Space Free | Partition Type: NTFS

Computer Name: ARGUS-7218B99C5 | User Name: Dyana Preville | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dyana Preville\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFDA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
MOD - C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDInstallMgr.dll ()
MOD - C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBMsgRequestMgr.dll ()
MOD - C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBMsgMgrps.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-562591055-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-562591055-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-507921405-562591055-725345543-1003\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80152&lng=en
IE - HKU\S-1-5-21-507921405-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.139
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Dyana Preville\Application Data\Mozilla\Firefox\Profiles\yjufd26m.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 00:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 11:33:04 | 000,000,000 | ---D | M]

[2010/10/31 13:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dyana Preville\Application Data\Mozilla\Extensions
[2012/04/01 22:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dyana Preville\Application Data\Mozilla\Firefox\Profiles\yjufd26m.default\extensions
[2012/01/08 12:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/17 00:01:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 12:27:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 12:27:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-507921405-562591055-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-507921405-562591055-725345543-1003..\Run: [EPSON NX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-507921405-562591055-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-562591055-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-507921405-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-562591055-725345543-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-562591055-725345543-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-562591055-725345543-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-562591055-725345543-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287630108390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B8C2C0-E3D1-4167-A2D0-75C81F1E664B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B8C2C0-E3D1-4167-A2D0-75C81F1E664B}: NameServer = 205.151.222.251,206.167.80.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/20 22:31:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 23:20:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dyana Preville\Desktop\OTL.exe
[2012/04/07 13:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\Help
[2012/04/07 13:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dyana Preville\Application Data\Help
[2012/04/01 21:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Chat Republic Games
[2012/04/01 21:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2012/04/01 21:12:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/30 21:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dyana Preville\Desktop\gmer
[2012/03/22 18:40:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dyana Preville\Start Menu\Programs\Administrative Tools
[2012/03/20 23:42:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dyana Preville\Recent
[2012/03/20 23:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dyana Preville\Application Data\Malwarebytes
[2012/03/20 23:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/20 23:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/20 23:00:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/20 23:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 22:57:17 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dyana Preville\Desktop\mbam--setup-1.60.1.1000.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 23:32:05 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-562591055-725345543-1003Core.job
[2012/04/10 23:32:04 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-562591055-725345543-1003UA.job
[2012/04/10 23:20:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dyana Preville\Desktop\OTL.exe
[2012/04/10 21:18:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/10 19:02:03 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\My Documents\Default.rdp
[2012/04/10 15:41:55 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/10 15:41:54 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Desktop\Google Chrome.lnk
[2012/04/10 09:53:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/10 09:47:54 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/10 09:47:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/10 09:47:17 | 1073,324,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 19:27:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/01 21:19:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/04/01 21:04:42 | 000,181,923 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\census.cache
[2012/04/01 21:04:29 | 000,178,242 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\ars.cache
[2012/04/01 20:51:10 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\housecall.guid.cache
[2012/03/30 21:20:44 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Desktop\gmer.zip
[2012/03/30 19:15:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\defogger_reenable
[2012/03/30 19:13:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Desktop\Defogger.exe
[2012/03/29 00:01:19 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/24 21:28:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/20 23:01:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/20 22:57:17 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dyana Preville\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/20 22:48:20 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6g1hFnj5utlCtZ
[2012/03/20 22:46:40 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZ
[2012/03/20 22:46:40 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZr
[2012/03/20 15:16:45 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/20 15:16:45 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Desktop\System Check.lnk
[2012/03/15 08:26:34 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 01:02:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 21:04:42 | 000,181,923 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\census.cache
[2012/04/01 21:04:29 | 000,178,242 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\ars.cache
[2012/04/01 20:51:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\housecall.guid.cache
[2012/03/30 21:22:10 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Desktop\gmer.zip
[2012/03/30 19:15:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\defogger_reenable
[2012/03/30 19:13:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Desktop\Defogger.exe
[2012/03/26 22:26:49 | 1073,324,032 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/24 21:28:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/21 20:52:20 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/21 20:52:20 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/03/21 20:52:20 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon Expanded.lnk
[2012/03/21 20:52:20 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2012/03/21 20:52:20 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks.lnk
[2012/03/21 20:52:20 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken 2011.lnk
[2012/03/21 20:52:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/21 20:52:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/21 20:52:20 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/21 20:52:20 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2012/03/21 20:52:20 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/21 20:52:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WolfQuest 2 Release Notes.lnk
[2012/03/21 20:52:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WolfQuest 2 Manual.lnk
[2012/03/21 20:52:20 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WolfQuest Website.lnk
[2012/03/21 20:52:20 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/21 20:52:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WolfQuest Survival of the Pack.lnk
[2012/03/21 20:52:20 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WolfQuest 2 Help.lnk
[2012/03/21 20:52:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/21 20:52:19 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/03/21 20:52:19 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/03/21 20:52:19 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/03/21 20:52:19 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/03/21 20:52:19 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
[2012/03/21 20:52:19 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/21 20:52:19 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/03/21 20:52:19 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/21 20:52:19 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/03/21 20:52:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/21 20:52:19 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/21 20:52:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/21 20:52:18 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/03/21 20:52:17 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/21 20:52:17 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/21 20:52:17 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 5.0.lnk
[2012/03/21 20:52:17 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 5.0.lnk
[2012/03/20 23:01:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/20 15:16:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZ
[2012/03/20 15:16:47 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZr
[2012/03/20 15:16:45 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/20 15:16:45 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Desktop\System Check.lnk
[2012/03/20 15:16:39 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6g1hFnj5utlCtZ
[2012/02/15 09:53:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/02 09:11:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/09/01 16:03:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/09/01 16:03:03 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/09/01 16:03:03 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/09/01 16:03:03 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/09/01 16:03:03 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/09/01 16:03:03 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/09/01 16:03:03 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/09/01 16:03:03 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/09/01 16:03:03 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/09/01 16:03:03 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/09/01 16:03:03 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/09/01 16:03:03 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/09/01 16:03:03 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/09/01 16:03:03 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/09/01 16:03:03 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/09/01 16:03:03 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/09/01 15:59:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX210.ini
[2011/03/03 16:36:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2011/03/03 16:28:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/03/03 16:26:17 | 000,000,819 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2011/03/03 16:21:47 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2011/03/03 16:21:47 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2011/03/03 16:21:47 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/03/03 16:21:47 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/03/03 16:21:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2011/03/03 16:19:42 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2011/02/02 20:09:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Dyana Preville\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 14:05:22 | 000,053,948 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/16 21:17:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/11/17 01:18:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/11/17 01:17:43 | 000,000,187 | ---- | C] () -- C:\WINDOWS\WinHelp.ini
[2010/11/17 00:00:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/31 13:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/26 21:44:21 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/26 21:44:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/10/23 14:42:43 | 000,000,188 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/10/23 02:09:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/20 22:34:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 22:27:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/20 15:17:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/20 15:15:06 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >
[2010/10/23 13:43:36 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\desktop.ini
[2010/10/20 23:01:53 | 000,001,566 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2010/10/23 02:07:55 | 000,001,992 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2011/09/14 22:37:46 | 000,002,443 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2010/10/23 13:43:35 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2010/10/20 22:31:28 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2010/10/20 22:31:28 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2011/03/03 16:37:21 | 000,001,794 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Acrobat Distiller 5.0.lnk
[2011/03/03 16:37:21 | 000,000,888 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Acrobat 5.0.lnk
[2012/01/15 11:33:05 | 000,002,347 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
[2011/10/27 17:22:34 | 000,002,265 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2010/10/20 22:29:41 | 000,000,150 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
[2011/02/24 00:23:39 | 000,002,487 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
[2011/12/12 01:11:19 | 000,002,513 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Outlook.lnk
[2010/10/23 02:07:56 | 000,001,978 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Publisher.lnk
[2011/08/02 09:25:42 | 000,001,680 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Security Essentials.lnk
[2012/03/15 14:16:11 | 000,002,489 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
[2011/03/24 10:30:15 | 000,000,730 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2012/03/13 22:59:35 | 000,002,193 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
[2010/10/20 22:28:00 | 000,000,609 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2010/10/20 22:29:41 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2010/11/06 12:55:01 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2011/09/01 16:09:08 | 000,000,255 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2011/08/23 12:20:22 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2011/03/09 19:07:27 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2011/09/01 16:09:08 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2010/10/20 22:27:59 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2010/10/20 22:28:00 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2010/10/20 22:28:00 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2010/10/23 13:45:04 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2010/10/20 22:28:00 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2010/10/20 22:24:43 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2010/10/20 22:29:31 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2010/10/20 22:24:43 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2010/10/23 13:45:04 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2010/10/20 22:28:00 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2010/10/20 22:28:00 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2011/02/16 18:13:32 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2010/10/20 22:31:28 | 000,001,599 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Activate Windows.lnk
[2010/10/20 22:31:28 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2010/10/20 22:27:59 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2010/10/20 22:31:28 | 000,000,757 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2010/10/20 22:29:37 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2010/10/20 22:29:34 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/10/20 22:57:04 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2010/10/20 22:29:37 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2010/10/20 22:29:34 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2010/10/20 22:29:36 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2010/10/20 22:27:40 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2010/10/20 22:31:28 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2010/10/20 22:31:28 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2010/10/20 22:31:28 | 000,000,545 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2010/10/20 22:31:28 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2010/10/20 22:31:28 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2010/10/20 22:31:28 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2010/10/20 22:31:28 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2010/12/16 21:17:17 | 000,000,505 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord ReadMe.lnk
[2010/12/16 21:17:18 | 000,000,725 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord unInstall.lnk
[2010/12/16 21:17:17 | 000,000,828 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon PhotoRecord\PhotoRecord.lnk
[2010/12/16 21:16:42 | 000,001,562 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow 4.0\CameraWindow Readme.lnk
[2010/12/16 21:16:42 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow 4.0\CameraWindow Uninstall.lnk
[2010/12/16 21:15:45 | 000,001,587 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.0\FileViewerUtility Readme.lnk
[2010/12/16 21:15:45 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.0\FileViewerUtility Uninstall.lnk
[2010/12/16 21:15:45 | 000,001,675 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\FileViewerUtility 1.0\FileViewerUtility.lnk
[2010/12/16 21:15:26 | 000,000,555 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch README.lnk
[2010/12/16 21:15:27 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
[2010/12/16 21:15:27 | 000,001,691 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
[2010/12/16 21:17:40 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PowerShot G3 WIA Driver\WIA Driver Readme.lnk
[2010/12/16 21:17:40 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\PowerShot G3 WIA Driver\WIA Driver Uninstall.lnk
[2010/12/16 21:16:05 | 000,001,567 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.6\RemoteCapture Readme.lnk
[2010/12/16 21:16:05 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.6\RemoteCapture Uninstall.lnk
[2010/12/16 21:16:05 | 000,001,668 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\RemoteCapture 2.6\RemoteCapture.lnk
[2010/12/16 21:16:16 | 000,001,946 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX README.lnk
[2010/12/16 21:16:16 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
[2010/12/16 21:16:16 | 000,001,942 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
[2011/03/03 16:24:13 | 000,000,535 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan to Web\Scan to Web.lnk
[2011/03/03 16:23:36 | 000,000,641 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scanner\EPSON Photo Print Uninstall.lnk
[2011/03/03 16:23:36 | 000,000,787 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scanner\EPSON Photo Print.lnk
[2011/03/03 16:24:34 | 000,000,729 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Smart Panel\EPSON Smart Panel.lnk
[2011/03/03 16:24:34 | 000,000,717 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Smart Panel\ReadMe.lnk
[2011/03/03 16:24:34 | 000,000,729 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Smart Panel\Register.lnk
[2011/03/03 16:24:34 | 000,000,783 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Smart Panel\Uninstall EPSON Smart Panel.lnk
[2011/03/03 16:24:34 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON Smart Panel\User Guide.lnk
[2011/09/01 16:02:07 | 000,001,750 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Epson Software\Event Manager.lnk
[2011/09/01 16:02:51 | 000,001,026 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON NX210 Series\Buy Ink.lnk
[2011/09/01 16:02:51 | 000,001,067 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON NX210 Series\Driver Update.lnk
[2011/09/01 16:02:51 | 000,000,968 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON NX210 Series\EPSON Printer Software Uninstall.lnk
[2011/09/01 16:02:51 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON NX210 Series\Online Support.lnk
[2011/09/01 16:00:28 | 000,000,676 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan Settings.lnk
[2011/09/01 16:00:28 | 000,000,683 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan.lnk
[2011/09/01 16:07:31 | 000,000,835 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\NX210 Series Info Center\Epson NX210 Series Info Center.lnk
[2011/09/01 16:07:30 | 000,000,872 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\EPSON\NX210 Series Info Center\Uninstall Epson NX210 Series Info Center.lnk
[2010/10/20 22:28:00 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/10/20 22:28:00 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2010/10/20 22:28:00 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2010/10/20 22:28:00 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2010/10/20 22:28:00 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2010/10/20 22:28:00 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2010/10/20 22:28:00 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2010/10/20 22:28:00 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2011/01/26 21:18:03 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2010/10/20 22:28:00 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2011/01/22 15:32:21 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2011/01/22 15:38:45 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2011/10/27 17:20:40 | 000,001,814 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/10/27 17:20:40 | 000,001,554 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2011/09/02 10:17:39 | 000,001,737 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Play Zoo Tycoon Expanded.lnk
[2011/09/02 10:17:39 | 000,001,794 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Uninstall Zoo Tycoon Expanded .lnk
[2011/09/02 10:17:39 | 000,001,758 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon Expanded Readme.lnk
[2011/09/02 10:17:40 | 000,000,153 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Website Links\Register Zoo Tycoon Expanded Online.url
[2011/09/02 10:17:39 | 000,000,141 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Website Links\Zoo Tycoon Expanded Homepage.url
[2010/10/23 02:07:55 | 000,001,834 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Activate Product.lnk
[2010/10/23 02:07:55 | 000,001,988 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2010/10/23 02:07:55 | 000,001,876 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2010/10/23 02:07:55 | 000,002,138 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2010/10/23 02:07:55 | 000,002,090 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2010/10/23 02:07:55 | 000,001,902 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
[2010/10/23 02:07:56 | 000,001,908 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
[2012/02/23 17:28:04 | 000,001,984 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2010/11/17 01:17:44 | 000,001,644 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickBooks\QuickBooks Help.lnk
[2010/11/17 01:17:44 | 000,001,675 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickBooks\QuickBooks Online Manual.lnk
[2010/11/17 01:17:44 | 000,001,660 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickBooks\QuickBooks.lnk
[2011/05/31 10:07:06 | 000,001,607 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Quicken 2011\Quicken 2011.lnk
[2011/10/28 00:53:46 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/10/28 00:53:46 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/10/28 00:53:46 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/10/28 00:53:46 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2012/01/23 17:23:31 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Rosetta Stone\Rosetta Stone Version 3\Rosetta Stone Version 3.lnk
[2011/01/18 19:01:13 | 000,000,868 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Rosetta Stone\Rosetta Stone Version 3\Visit www.RosettaStone.com.lnk
[2011/03/03 16:36:57 | 000,000,910 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Acrobat Assistant.lnk
[2010/10/20 22:31:28 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
[2010/10/23 02:07:56 | 000,001,730 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Office.lnk
[2010/11/17 01:17:44 | 000,001,866 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
[2011/06/14 17:42:51 | 000,001,660 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Timez Attack Launcher\Report an Error.lnk
[2011/06/14 17:42:44 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Timez Attack Launcher\Timez Attack Launcher.lnk
[2011/06/14 17:42:42 | 000,001,672 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Timez Attack Launcher\Uninstall Timez Attack Launcher.lnk
[2012/01/15 12:49:31 | 000,002,565 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\Chessmaster 10th Edition\Chessmaster 10th Edition.lnk
[2011/12/26 16:09:00 | 000,000,052 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\Chessmaster 10th Edition\Chessmaster Web Site.url
[2012/01/04 15:34:03 | 000,002,497 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\Chessmaster 10th Edition\Game Settings.lnk
[2011/12/26 16:09:00 | 000,000,830 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\Chessmaster 10th Edition\ReadMe.lnk
[2011/12/26 16:08:58 | 000,001,966 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\Chessmaster 10th Edition\Register.lnk
[2011/12/26 16:08:59 | 000,001,177 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\Ubisoft\Chessmaster 10th Edition\Uninstall.lnk
[2011/02/13 16:33:42 | 000,000,708 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\WolfQuest\Play WolfQuest.lnk
[2011/02/13 16:33:42 | 000,001,645 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\1\Programs\WolfQuest\Uninstall WolfQuest.lnk
[2011/07/05 17:56:54 | 000,001,854 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
[2010/10/20 22:39:32 | 000,000,119 | -HS- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\desktop.ini
[2012/03/12 23:33:59 | 000,002,329 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
[2010/10/20 23:19:44 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2011/07/27 17:15:45 | 000,000,792 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Launch Microsoft Outlook.lnk
[2011/03/24 10:30:15 | 000,000,742 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2010/10/20 22:39:31 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2012/03/20 15:16:45 | 000,000,853 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\System Check.lnk
[2011/02/10 01:12:18 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2011/06/19 11:17:24 | 000,001,734 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\Adobe Reader X.lnk
[2011/09/01 16:07:31 | 000,000,817 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\Epson NX210 Series Info Center.lnk
[2011/09/01 16:00:28 | 000,000,665 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\EPSON Scan.lnk
[2011/10/27 17:20:40 | 000,001,542 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2011/03/24 10:30:15 | 000,000,724 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2011/05/14 22:11:07 | 000,001,857 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\MSN Installer.lnk
[2010/11/17 01:17:49 | 000,001,578 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\QuickBooks.lnk
[2011/05/31 10:07:17 | 000,001,565 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\Quicken 2011.lnk
[2011/06/14 17:42:51 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\Timez Attack.lnk
[2011/02/13 16:33:42 | 000,000,667 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\WolfQuest 2 Help.lnk
[2011/02/13 16:33:42 | 000,000,741 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\WolfQuest 2 Manual.lnk
[2011/02/13 16:33:42 | 000,000,741 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\WolfQuest 2 Release Notes.lnk
[2011/02/13 16:33:42 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\WolfQuest Survival of the Pack.lnk
[2011/02/13 16:33:42 | 000,000,736 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\WolfQuest Website.lnk
[2011/09/02 10:17:38 | 000,001,719 | ---- | M] () -- C:\DOCUME~1\DYANAP~1\LOCALS~1\Temp\smtmp\4\Zoo Tycoon Expanded.lnk

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 10 April 2012 - 10:55 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 12 April 2012 - 11:46 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 13 April 2012 - 04:00 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 embrun809

embrun809
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 13 April 2012 - 02:10 PM

Hi Gringo. Sorry about the radio silence. I tried running Combofix like you suggested, but somewhere along the line I got re-infected by PUM again and it took me a while to resolve that. I was certain that I was disconnected from the Internet at the crucial times when I had to turn off anti-virus/anti-malware, but maybe I made a mistake. Anyway, I did the same thing I did last time and removed PUM.Hijack again using Malwarebytes. Then I ran your unhide utility to recover my file names. So far so good.

I have tried several times to run Combofix, but somewhere along the line it peters out. It runs fine for a while, but then it just locks up. I thought that maybe it ran out of memory space (my disk was pretty full), so cleared some more diskspace, but that didn't do much and Combofix still locks up.

In the meantime, I still have the issue that on Google searches, some process hijacks the search results.

At this point, I am considering just wiping the hard drive altogether to get rid of whatever it is. However, I'm open to trying a few other things first if you have suggestions.

Let me know. I appreciate your opinion.

Dick

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 13 April 2012 - 05:04 PM

Hello

At this point, I am considering just wiping the hard drive altogether to get rid of whatever it is

It is still early for that.


  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 embrun809

embrun809
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 14 April 2012 - 10:28 AM

Thanks, Gringo. Running it with that modifier worked. The log file is posted below.

Dick


ComboFix 12-04-11.03 - Dyana Preville 14/04/2012 9:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.527 [GMT -4:00]
Running from: c:\documents and settings\Dyana Preville\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~6g1hFnj5utlCtZ
c:\documents and settings\All Users\Application Data\~6g1hFnj5utlCtZr
c:\documents and settings\All Users\Application Data\6g1hFnj5utlCtZ
c:\documents and settings\Dyana Preville\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-13 03:22 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1075950B-FF14-4CDF-BF27-E733695572E3}\mpengine.dll
2012-04-13 01:00 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-07 17:20 . 2012-04-07 17:20 -------- d-----w- c:\documents and settings\Dyana Preville\Local Settings\Application Data\Help
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 01:50 . 2012-04-02 01:50 -------- d-----w- c:\program files\Chat Republic Games
2012-04-02 01:50 . 2012-04-02 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2012-03-25 15:43 . 2012-03-25 15:43 -------- d-----w- c:\documents and settings\Administrator
2012-03-21 03:02 . 2012-03-21 03:02 -------- d-----w- c:\documents and settings\Dyana Preville\Application Data\Malwarebytes
2012-03-21 03:00 . 2012-03-21 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-21 03:00 . 2012-04-13 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 04:01 . 2012-03-17 04:01 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 04:01 . 2012-03-17 04:01 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2010-10-22 21:26 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-10-21 05:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-17 04:01 . 2012-02-12 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-3-3 82026]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks 2002 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe [2010-11-17 311296]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dyana Preville^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=c:\documents and settings\Dyana Preville\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/03/2012 11:00 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/04/2012 9:00 PM 22344]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-562591055-725345543-1003Core.job
- c:\documents and settings\Dyana Preville\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-24 05:44]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-562591055-725345543-1003UA.job
- c:\documents and settings\Dyana Preville\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-24 05:44]
.
2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{29B8C2C0-E3D1-4167-A2D0-75C81F1E664B}: NameServer = 205.151.222.251,206.167.80.3
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Dyana Preville\Application Data\Mozilla\Firefox\Profiles\yjufd26m.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-14 10:58:28
ComboFix-quarantined-files.txt 2012-04-14 14:58
.
Pre-Run: 5,307,904,000 bytes free
Post-Run: 7,500,939,264 bytes free
.
- - End Of File - - 98E5394B04B71C553FC35E7884C5E274

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 14 April 2012 - 03:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 embrun809

embrun809
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 15 April 2012 - 10:49 AM

Gringo, I downloaded TDSSKiller, but it does not want to run. Any suggestions?
Thanks.
Dick

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 15 April 2012 - 12:55 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 embrun809

embrun809
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 April 2012 - 05:17 PM

Hi Gringo. I had replied a few days ago to report back, but don't see it on the forum. Don't know what happened. Anyway, running fixTDSS worked. It did detect an MBR infection, which it fixed. After that I had no problem running TDSSKiller. The log is pasted below. In the meantime, the computer seems to be working fine. If there are any other tools you want me to run, let me know. If not, thanks so much for helping us out. It is really greatly appreciated!

Dick

21:31:14.0109 3328 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:31:14.0453 3328 ============================================================
21:31:14.0453 3328 Current date / time: 2012/04/15 21:31:14.0453
21:31:14.0453 3328 SystemInfo:
21:31:14.0453 3328
21:31:14.0453 3328 OS Version: 5.1.2600 ServicePack: 3.0
21:31:14.0468 3328 Product type: Workstation
21:31:14.0468 3328 ComputerName: ARGUS-7218B99C5
21:31:14.0468 3328 UserName: Dyana Preville
21:31:14.0468 3328 Windows directory: C:\WINDOWS
21:31:14.0468 3328 System windows directory: C:\WINDOWS
21:31:14.0468 3328 Processor architecture: Intel x86
21:31:14.0468 3328 Number of processors: 1
21:31:14.0468 3328 Page size: 0x1000
21:31:14.0468 3328 Boot type: Normal boot
21:31:14.0468 3328 ============================================================
21:31:16.0875 3328 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:31:16.0875 3328 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:31:16.0906 3328 Drive \Device\Harddisk2\DR4 - Size: 0x1EC00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:31:16.0906 3328 \Device\Harddisk0\DR0:
21:31:16.0906 3328 MBR used
21:31:16.0906 3328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
21:31:16.0906 3328 \Device\Harddisk1\DR1:
21:31:16.0906 3328 MBR used
21:31:16.0906 3328 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
21:31:16.0906 3328 \Device\Harddisk2\DR4:
21:31:16.0921 3328 MBR used
21:31:16.0921 3328 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0xF5FE0
21:31:16.0953 3328 Initialize success
21:31:16.0953 3328 ============================================================
21:31:22.0609 3528 ============================================================
21:31:22.0609 3528 Scan started
21:31:22.0609 3528 Mode: Manual;
21:31:22.0609 3528 ============================================================
21:31:23.0015 3528 Abiosdsk - ok
21:31:23.0078 3528 abp480n5 - ok
21:31:23.0203 3528 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
21:31:23.0203 3528 ac97intc - ok
21:31:23.0312 3528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:31:23.0312 3528 ACPI - ok
21:31:23.0421 3528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:31:23.0421 3528 ACPIEC - ok
21:31:23.0500 3528 adpu160m - ok
21:31:23.0562 3528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:31:23.0578 3528 aec - ok
21:31:23.0671 3528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:31:23.0671 3528 AFD - ok
21:31:23.0750 3528 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:31:23.0750 3528 agp440 - ok
21:31:23.0812 3528 Aha154x - ok
21:31:23.0921 3528 aic78u2 - ok
21:31:24.0015 3528 aic78xx - ok
21:31:24.0234 3528 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:31:24.0234 3528 Alerter - ok
21:31:24.0312 3528 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:31:24.0312 3528 ALG - ok
21:31:24.0390 3528 AliIde - ok
21:31:24.0437 3528 amsint - ok
21:31:24.0625 3528 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:31:24.0640 3528 Apple Mobile Device - ok
21:31:24.0734 3528 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:31:24.0750 3528 AppMgmt - ok
21:31:24.0828 3528 asc - ok
21:31:24.0875 3528 asc3350p - ok
21:31:24.0921 3528 asc3550 - ok
21:31:25.0062 3528 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:31:25.0125 3528 aspnet_state - ok
21:31:25.0250 3528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:31:25.0265 3528 AsyncMac - ok
21:31:25.0343 3528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:31:25.0343 3528 atapi - ok
21:31:25.0406 3528 Atdisk - ok
21:31:25.0484 3528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:31:25.0484 3528 Atmarpc - ok
21:31:25.0609 3528 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:31:25.0609 3528 AudioSrv - ok
21:31:25.0718 3528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:31:25.0718 3528 audstub - ok
21:31:25.0796 3528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:31:25.0796 3528 Beep - ok
21:31:25.0890 3528 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:31:25.0953 3528 BITS - ok
21:31:26.0187 3528 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:31:26.0203 3528 Bonjour Service - ok
21:31:26.0359 3528 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:31:26.0359 3528 Browser - ok
21:31:26.0515 3528 catchme - ok
21:31:26.0593 3528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:31:26.0593 3528 cbidf2k - ok
21:31:26.0671 3528 cd20xrnt - ok
21:31:26.0734 3528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:31:26.0734 3528 Cdaudio - ok
21:31:26.0812 3528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:31:26.0812 3528 Cdfs - ok
21:31:26.0890 3528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:31:26.0890 3528 Cdrom - ok
21:31:26.0953 3528 Changer - ok
21:31:27.0046 3528 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:31:27.0046 3528 CiSvc - ok
21:31:27.0156 3528 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:31:27.0156 3528 ClipSrv - ok
21:31:27.0281 3528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:27.0312 3528 clr_optimization_v2.0.50727_32 - ok
21:31:27.0406 3528 CmdIde - ok
21:31:27.0453 3528 COMSysApp - ok
21:31:27.0515 3528 Cpqarray - ok
21:31:27.0578 3528 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:31:27.0578 3528 CryptSvc - ok
21:31:27.0640 3528 dac2w2k - ok
21:31:27.0703 3528 dac960nt - ok
21:31:27.0812 3528 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:31:27.0828 3528 DcomLaunch - ok
21:31:27.0906 3528 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:31:27.0906 3528 Dhcp - ok
21:31:27.0984 3528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:31:27.0984 3528 Disk - ok
21:31:28.0015 3528 dmadmin - ok
21:31:28.0125 3528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:31:28.0156 3528 dmboot - ok
21:31:28.0250 3528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:31:28.0250 3528 dmio - ok
21:31:28.0328 3528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:31:28.0328 3528 dmload - ok
21:31:28.0437 3528 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:31:28.0437 3528 dmserver - ok
21:31:28.0515 3528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:31:28.0515 3528 DMusic - ok
21:31:28.0625 3528 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:31:28.0625 3528 Dnscache - ok
21:31:28.0765 3528 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:31:28.0765 3528 Dot3svc - ok
21:31:28.0828 3528 dpti2o - ok
21:31:28.0890 3528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:31:28.0890 3528 drmkaud - ok
21:31:28.0953 3528 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:31:28.0968 3528 EapHost - ok
21:31:29.0078 3528 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
21:31:29.0093 3528 EL90XBC - ok
21:31:29.0218 3528 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:31:29.0218 3528 ERSvc - ok
21:31:29.0343 3528 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:31:29.0343 3528 Eventlog - ok
21:31:29.0500 3528 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:31:29.0515 3528 EventSystem - ok
21:31:29.0656 3528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:31:29.0656 3528 Fastfat - ok
21:31:29.0765 3528 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:31:29.0765 3528 FastUserSwitchingCompatibility - ok
21:31:29.0843 3528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:31:29.0843 3528 Fdc - ok
21:31:29.0921 3528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:31:29.0921 3528 Fips - ok
21:31:30.0078 3528 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:31:30.0156 3528 FLEXnet Licensing Service - ok
21:31:30.0265 3528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:31:30.0265 3528 Flpydisk - ok
21:31:30.0359 3528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:31:30.0359 3528 FltMgr - ok
21:31:30.0484 3528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:31:30.0484 3528 FontCache3.0.0.0 - ok
21:31:30.0546 3528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:31:30.0546 3528 Fs_Rec - ok
21:31:30.0609 3528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:31:30.0609 3528 Ftdisk - ok
21:31:30.0703 3528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:31:30.0703 3528 gameenum - ok
21:31:30.0765 3528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:31:30.0765 3528 GEARAspiWDM - ok
21:31:30.0843 3528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:31:30.0843 3528 Gpc - ok
21:31:30.0937 3528 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:31:30.0937 3528 helpsvc - ok
21:31:31.0046 3528 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:31:31.0046 3528 HidServ - ok
21:31:31.0156 3528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:31:31.0171 3528 hidusb - ok
21:31:31.0281 3528 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:31:31.0281 3528 hkmsvc - ok
21:31:31.0359 3528 hpn - ok
21:31:31.0531 3528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:31:31.0546 3528 HTTP - ok
21:31:31.0625 3528 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:31:31.0640 3528 HTTPFilter - ok
21:31:31.0703 3528 i2omgmt - ok
21:31:31.0765 3528 i2omp - ok
21:31:31.0812 3528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:31:31.0812 3528 i8042prt - ok
21:31:32.0046 3528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:31:32.0109 3528 idsvc - ok
21:31:32.0203 3528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:31:32.0203 3528 Imapi - ok
21:31:32.0328 3528 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:31:32.0328 3528 ImapiService - ok
21:31:32.0390 3528 ini910u - ok
21:31:32.0453 3528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:31:32.0453 3528 IntelIde - ok
21:31:32.0546 3528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:31:32.0546 3528 intelppm - ok
21:31:32.0625 3528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:31:32.0640 3528 Ip6Fw - ok
21:31:32.0734 3528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:31:32.0734 3528 IpFilterDriver - ok
21:31:32.0843 3528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:31:32.0843 3528 IpInIp - ok
21:31:32.0937 3528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:31:32.0937 3528 IpNat - ok
21:31:33.0109 3528 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
21:31:33.0234 3528 iPod Service - ok
21:31:33.0343 3528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:31:33.0343 3528 IPSec - ok
21:31:33.0421 3528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:31:33.0421 3528 IRENUM - ok
21:31:33.0531 3528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:31:33.0531 3528 isapnp - ok
21:31:33.0640 3528 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:31:33.0640 3528 JavaQuickStarterService - ok
21:31:33.0703 3528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:31:33.0703 3528 Kbdclass - ok
21:31:33.0796 3528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:31:33.0796 3528 kbdhid - ok
21:31:33.0875 3528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:31:33.0875 3528 kmixer - ok
21:31:33.0968 3528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:31:33.0984 3528 KSecDD - ok
21:31:34.0093 3528 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:31:34.0109 3528 lanmanserver - ok
21:31:34.0265 3528 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:31:34.0265 3528 lanmanworkstation - ok
21:31:34.0328 3528 lbrtfdc - ok
21:31:34.0406 3528 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:31:34.0421 3528 LmHosts - ok
21:31:34.0531 3528 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:31:34.0531 3528 MBAMProtector - ok
21:31:34.0718 3528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:31:34.0750 3528 MBAMService - ok
21:31:34.0812 3528 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:31:34.0828 3528 Messenger - ok
21:31:34.0937 3528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:31:34.0937 3528 mnmdd - ok
21:31:35.0062 3528 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:31:35.0062 3528 mnmsrvc - ok
21:31:35.0156 3528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:31:35.0171 3528 Modem - ok
21:31:35.0296 3528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:31:35.0296 3528 Mouclass - ok
21:31:35.0359 3528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:31:35.0359 3528 mouhid - ok
21:31:35.0453 3528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:31:35.0453 3528 MountMgr - ok
21:31:35.0531 3528 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:31:35.0546 3528 MpFilter - ok
21:31:35.0609 3528 mraid35x - ok
21:31:35.0687 3528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:31:35.0687 3528 MRxDAV - ok
21:31:35.0796 3528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:31:35.0812 3528 MRxSmb - ok
21:31:35.0906 3528 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:31:35.0906 3528 MSDTC - ok
21:31:36.0000 3528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:31:36.0000 3528 Msfs - ok
21:31:36.0031 3528 MSIServer - ok
21:31:36.0203 3528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:31:36.0203 3528 MSKSSRV - ok
21:31:36.0328 3528 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:31:36.0343 3528 MsMpSvc - ok
21:31:36.0421 3528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:31:36.0437 3528 MSPCLOCK - ok
21:31:36.0546 3528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:31:36.0546 3528 MSPQM - ok
21:31:36.0656 3528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:31:36.0656 3528 mssmbios - ok
21:31:36.0796 3528 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:31:36.0796 3528 ms_mpu401 - ok
21:31:36.0968 3528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:31:36.0968 3528 Mup - ok
21:31:37.0109 3528 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:31:37.0140 3528 napagent - ok
21:31:37.0250 3528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:31:37.0250 3528 NDIS - ok
21:31:37.0375 3528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:31:37.0375 3528 NdisTapi - ok
21:31:37.0453 3528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:31:37.0468 3528 Ndisuio - ok
21:31:37.0593 3528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:31:37.0609 3528 NdisWan - ok
21:31:37.0718 3528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:31:37.0734 3528 NDProxy - ok
21:31:37.0859 3528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:31:37.0859 3528 NetBIOS - ok
21:31:37.0937 3528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:31:37.0953 3528 NetBT - ok
21:31:38.0046 3528 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:31:38.0046 3528 NetDDE - ok
21:31:38.0078 3528 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:31:38.0078 3528 NetDDEdsdm - ok
21:31:38.0187 3528 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:31:38.0187 3528 Netlogon - ok
21:31:38.0281 3528 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:31:38.0281 3528 Netman - ok
21:31:38.0453 3528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:38.0453 3528 NetTcpPortSharing - ok
21:31:38.0578 3528 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:31:38.0593 3528 Nla - ok
21:31:38.0687 3528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:31:38.0687 3528 Npfs - ok
21:31:38.0812 3528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:31:38.0843 3528 Ntfs - ok
21:31:38.0906 3528 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:31:38.0906 3528 NtLmSsp - ok
21:31:38.0984 3528 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:31:39.0015 3528 NtmsSvc - ok
21:31:39.0156 3528 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:31:39.0156 3528 NuidFltr - ok
21:31:39.0265 3528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:31:39.0265 3528 Null - ok
21:31:39.0484 3528 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:31:39.0562 3528 nv - ok
21:31:39.0671 3528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:31:39.0671 3528 NwlnkFlt - ok
21:31:39.0765 3528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:31:39.0765 3528 NwlnkFwd - ok
21:31:39.0843 3528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:31:39.0843 3528 Parport - ok
21:31:39.0937 3528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:31:39.0937 3528 PartMgr - ok
21:31:40.0000 3528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:31:40.0000 3528 ParVdm - ok
21:31:40.0078 3528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:31:40.0078 3528 PCI - ok
21:31:40.0156 3528 PCIDump - ok
21:31:40.0203 3528 PCIIde - ok
21:31:40.0296 3528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:31:40.0296 3528 Pcmcia - ok
21:31:40.0375 3528 PDCOMP - ok
21:31:40.0421 3528 PDFRAME - ok
21:31:40.0468 3528 PDRELI - ok
21:31:40.0531 3528 PDRFRAME - ok
21:31:40.0578 3528 perc2 - ok
21:31:40.0625 3528 perc2hib - ok
21:31:40.0781 3528 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:31:40.0781 3528 PlugPlay - ok
21:31:40.0875 3528 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:31:40.0875 3528 PolicyAgent - ok
21:31:41.0000 3528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:31:41.0000 3528 PptpMiniport - ok
21:31:41.0078 3528 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:31:41.0078 3528 ProtectedStorage - ok
21:31:41.0203 3528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:31:41.0203 3528 PSched - ok
21:31:41.0281 3528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:31:41.0281 3528 Ptilink - ok
21:31:41.0343 3528 ql1080 - ok
21:31:41.0421 3528 Ql10wnt - ok
21:31:41.0500 3528 ql12160 - ok
21:31:41.0593 3528 ql1240 - ok
21:31:41.0640 3528 ql1280 - ok
21:31:41.0687 3528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:31:41.0687 3528 RasAcd - ok
21:31:41.0750 3528 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:31:41.0765 3528 RasAuto - ok
21:31:41.0843 3528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:31:41.0843 3528 Rasl2tp - ok
21:31:41.0937 3528 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:31:41.0953 3528 RasMan - ok
21:31:42.0015 3528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:31:42.0015 3528 RasPppoe - ok
21:31:42.0078 3528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:31:42.0093 3528 Raspti - ok
21:31:42.0203 3528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:31:42.0203 3528 Rdbss - ok
21:31:42.0265 3528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:31:42.0265 3528 RDPCDD - ok
21:31:42.0359 3528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:31:42.0359 3528 rdpdr - ok
21:31:42.0453 3528 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:31:42.0453 3528 RDPWD - ok
21:31:42.0531 3528 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:31:42.0531 3528 RDSessMgr - ok
21:31:42.0640 3528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:31:42.0656 3528 redbook - ok
21:31:42.0718 3528 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:31:42.0718 3528 RemoteAccess - ok
21:31:42.0843 3528 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:31:42.0843 3528 RemoteRegistry - ok
21:31:42.0937 3528 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:31:42.0937 3528 RpcLocator - ok
21:31:43.0062 3528 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:31:43.0062 3528 RpcSs - ok
21:31:43.0250 3528 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:31:43.0250 3528 RSVP - ok
21:31:43.0343 3528 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:31:43.0343 3528 SamSs - ok
21:31:43.0437 3528 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:31:43.0453 3528 SCardSvr - ok
21:31:43.0546 3528 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:31:43.0562 3528 Schedule - ok
21:31:43.0671 3528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:31:43.0671 3528 Secdrv - ok
21:31:43.0781 3528 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:31:43.0796 3528 seclogon - ok
21:31:43.0906 3528 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:31:43.0906 3528 SENS - ok
21:31:44.0000 3528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:31:44.0000 3528 serenum - ok
21:31:44.0078 3528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:31:44.0078 3528 Serial - ok
21:31:44.0203 3528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:31:44.0203 3528 Sfloppy - ok
21:31:44.0281 3528 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:31:44.0296 3528 SharedAccess - ok
21:31:44.0406 3528 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:31:44.0406 3528 ShellHWDetection - ok
21:31:44.0468 3528 Simbad - ok
21:31:44.0531 3528 Sparrow - ok
21:31:44.0625 3528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:31:44.0625 3528 splitter - ok
21:31:44.0750 3528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:31:44.0750 3528 Spooler - ok
21:31:44.0843 3528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:31:44.0843 3528 sr - ok
21:31:44.0937 3528 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:31:44.0953 3528 srservice - ok
21:31:45.0062 3528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:31:45.0078 3528 Srv - ok
21:31:45.0203 3528 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:31:45.0218 3528 SSDPSRV - ok
21:31:45.0343 3528 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:31:45.0375 3528 stisvc - ok
21:31:45.0468 3528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:31:45.0468 3528 swenum - ok
21:31:45.0546 3528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:31:45.0546 3528 swmidi - ok
21:31:45.0578 3528 SwPrv - ok
21:31:45.0640 3528 symc810 - ok
21:31:45.0703 3528 symc8xx - ok
21:31:45.0750 3528 sym_hi - ok
21:31:45.0796 3528 sym_u3 - ok
21:31:45.0859 3528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:31:45.0859 3528 sysaudio - ok
21:31:45.0953 3528 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:31:45.0953 3528 SysmonLog - ok
21:31:46.0031 3528 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:31:46.0046 3528 TapiSrv - ok
21:31:46.0171 3528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:31:46.0203 3528 Tcpip - ok
21:31:46.0343 3528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:31:46.0343 3528 TDPIPE - ok
21:31:46.0468 3528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:31:46.0468 3528 TDTCP - ok
21:31:46.0562 3528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:31:46.0562 3528 TermDD - ok
21:31:46.0640 3528 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:31:46.0671 3528 TermService - ok
21:31:46.0765 3528 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:31:46.0781 3528 Themes - ok
21:31:46.0875 3528 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:31:46.0890 3528 TlntSvr - ok
21:31:46.0968 3528 TosIde - ok
21:31:47.0031 3528 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:31:47.0031 3528 TrkWks - ok
21:31:47.0140 3528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:31:47.0140 3528 Udfs - ok
21:31:47.0218 3528 ultra - ok
21:31:47.0359 3528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:31:47.0390 3528 Update - ok
21:31:47.0484 3528 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:31:47.0484 3528 upnphost - ok
21:31:47.0546 3528 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:31:47.0546 3528 UPS - ok
21:31:47.0656 3528 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:31:47.0656 3528 USBAAPL - ok
21:31:47.0765 3528 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:31:47.0765 3528 usbaudio - ok
21:31:47.0828 3528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:31:47.0843 3528 usbccgp - ok
21:31:48.0015 3528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:31:48.0015 3528 usbhub - ok
21:31:48.0156 3528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:31:48.0156 3528 usbprint - ok
21:31:48.0265 3528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:31:48.0265 3528 usbscan - ok
21:31:48.0375 3528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:31:48.0375 3528 USBSTOR - ok
21:31:48.0468 3528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:31:48.0468 3528 usbuhci - ok
21:31:48.0546 3528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:31:48.0562 3528 VgaSave - ok
21:31:48.0609 3528 ViaIde - ok
21:31:48.0671 3528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:31:48.0671 3528 VolSnap - ok
21:31:48.0796 3528 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:31:48.0812 3528 VSS - ok
21:31:48.0921 3528 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:31:48.0937 3528 W32Time - ok
21:31:49.0000 3528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:31:49.0000 3528 Wanarp - ok
21:31:49.0156 3528 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:31:49.0187 3528 Wdf01000 - ok
21:31:49.0265 3528 WDICA - ok
21:31:49.0359 3528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:31:49.0359 3528 wdmaud - ok
21:31:49.0468 3528 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:31:49.0468 3528 WebClient - ok
21:31:49.0593 3528 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:31:49.0609 3528 winmgmt - ok
21:31:49.0734 3528 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:31:49.0750 3528 WmdmPmSN - ok
21:31:49.0890 3528 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:31:49.0890 3528 Wmi - ok
21:31:50.0000 3528 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:31:50.0000 3528 WmiApSrv - ok
21:31:50.0171 3528 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:31:50.0218 3528 WMPNetworkSvc - ok
21:31:50.0328 3528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:31:50.0328 3528 WS2IFSL - ok
21:31:50.0453 3528 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:31:50.0468 3528 wscsvc - ok
21:31:50.0546 3528 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:31:50.0546 3528 wuauserv - ok
21:31:50.0656 3528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:31:50.0671 3528 WudfPf - ok
21:31:50.0781 3528 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:31:50.0796 3528 WudfRd - ok
21:31:50.0875 3528 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:31:50.0875 3528 WudfSvc - ok
21:31:51.0265 3528 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:31:51.0312 3528 WZCSVC - ok
21:31:51.0515 3528 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:31:51.0515 3528 xmlprov - ok
21:31:51.0578 3528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:31:51.0984 3528 \Device\Harddisk0\DR0 - ok
21:31:52.0015 3528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:31:52.0203 3528 \Device\Harddisk1\DR1 - ok
21:31:52.0265 3528 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR4
21:33:22.0828 3528 \Device\Harddisk2\DR4 - ok
21:33:22.0875 3528 Boot (0x1200) (5628d17ba34771ca3ff0e707b31008b5) \Device\Harddisk0\DR0\Partition0
21:33:22.0875 3528 \Device\Harddisk0\DR0\Partition0 - ok
21:33:22.0906 3528 Boot (0x1200) (8f6baa25daab18e8a06dfa50a0395122) \Device\Harddisk1\DR1\Partition0
21:33:22.0906 3528 \Device\Harddisk1\DR1\Partition0 - ok
21:33:22.0937 3528 Boot (0x1200) (328c9abedf4d0a21159d2c11595b77bf) \Device\Harddisk2\DR4\Partition0
21:33:22.0937 3528 \Device\Harddisk2\DR4\Partition0 - ok
21:33:22.0937 3528 ============================================================
21:33:22.0937 3528 Scan finished
21:33:22.0953 3528 ============================================================
21:33:23.0000 3520 Detected object count: 0
21:33:23.0000 3520 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:26 PM

Posted 17 April 2012 - 06:51 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Dyana Preville\Application Data\Mozilla\Firefox\Profiles\yjufd26m.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
    O3 - HKU\S-1-5-21-507921405-562591055-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    [2012/03/20 15:16:45 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/03/20 15:16:45 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Dyana Preville\Desktop\System Check.lnk
    [2012/03/20 15:16:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZ
    [2012/03/20 15:16:47 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZr
    [2012/03/20 15:16:39 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6g1hFnj5utlCtZ
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 embrun809

embrun809
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 18 April 2012 - 08:24 PM

Gringo, here is the OTL log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-562591055-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File C:\Documents and Settings\Dyana Preville\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Documents and Settings\Dyana Preville\Desktop\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZ not found.
File C:\Documents and Settings\All Users\Application Data\~6g1hFnj5utlCtZr not found.
File C:\Documents and Settings\All Users\Application Data\6g1hFnj5utlCtZ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dyana Preville\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dyana Preville\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.ARGUS-7218B99C5

User: All Users

User: Default User

User: Dyana Preville
->Java cache emptied: 11332591 bytes

User: kids
->Java cache emptied: 0 bytes

User: LocalService

User: Luke

User: NetworkService

Total Java Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 56502 bytes

User: Administrator.ARGUS-7218B99C5
->Flash cache emptied: 56958 bytes

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: Dyana Preville
->Flash cache emptied: 544186 bytes

User: kids
->Flash cache emptied: 59107 bytes

User: LocalService

User: Luke
->Flash cache emptied: 56502 bytes

User: NetworkService

Total Flash Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04182012_211513

Docl




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users