Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

funmoods hijacked homepage and browsing slow down


  • This topic is locked This topic is locked
59 replies to this topic

#1 carolannh

carolannh

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 02 June 2012 - 06:35 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by mommy at 23:53:09 on 2012-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.871 [GMT -4:00]
.
AV: Immunet 3.0 *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe
C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Immunet\3.0.5\agent.exe
C:\windows\System32\IgrsSvcs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DigitalLifeboat\Data Protection Service\DigitalLifeboatClientApp.exe
C:\Program Files\Immunet\3.0.5\iptray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\STOPzilla!\STOPzilla.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\windows\system32\DllHost.exe
c:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
c:\Program Files\STOPzilla!\SZOptionsFlash.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - c:\progra~1\funmoods\1.5.23.22\bh\escort.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - c:\progra~1\funmoods\1.5.23.22\escorTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Digital Lifeboat Client Application] c:\program files\digitallifeboat\data protection service\DigitalLifeboatClientApp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Immunet Protect] "c:\program files\immunet\3.0.5\iptray.exe"
StartupFolder: c:\users\mommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{4BADB65D-981F-4F80-BFB9-915EDEAB5D6E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF} : DhcpNameServer = 71.2.28.14 63.162.197.99
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}\27F6F6D6C696E687 : DhcpNameServer = 4.2.2.2 24.92.226.12 24.29.199.35
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}\35573716E672370225F657475627 : DhcpNameServer = 172.16.0.254
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}\35573716E672370225F657475627D27657563747 : DhcpNameServer = 172.16.0.254
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}\84F6C6964616970294E6E6021647024786560205C616A716 : DhcpNameServer = 216.136.95.2 64.132.94.250
TCP: Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}\84F6C69646169794E6E633 : DhcpNameServer = 64.85.177.10 64.85.177.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mommy\appdata\roaming\mozilla\firefox\profiles\qrjwhz67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?hl=en&shva=1#inbox|http://kat.ph/microsoft-office-enterprise-edition-2007-lifetime-key-t5242637.html#comments_tab|http://www.newyorker.com/online/blogs/books/2012/05/in-the-news-remote-autographs-bookish-bar-graphs.html|http://www.visualnews.com/data-design/april/top10books_jaredfanning/|http://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mommy\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 0ed1fa900000000000000026827ffcae
FF - user.js: extensions.funmoods.instlDay - 15490
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:0:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2010-5-1 54800]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2012-3-21 51104]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2012-3-21 34080]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-4-17 101112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-5-1 21520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-30 260648]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-5-1 63240]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
.
=============== Created Last 30 ================
.
2012-06-02 03:49:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-02 01:18:34 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-06-02 01:18:33 -------- d-----w- c:\program files\SpywareBlaster
2012-06-02 00:04:57 -------- d--h--w- C:\Lifeboat Restore Working
2012-05-30 22:12:40 -------- d-----w- c:\users\mommy\.swt
2012-05-30 22:12:36 -------- d-----w- c:\users\mommy\appdata\roaming\Azureus
2012-05-30 22:11:46 -------- d-----w- c:\program files\Vuze
2012-05-30 22:01:27 -------- d-----w- c:\program files\Brand Affinity Technologies
2012-05-30 22:00:40 -------- d-----w- c:\program files\Funmoods
2012-05-30 21:59:43 -------- d-----w- c:\program files\1ClickDownload
2012-05-29 21:49:52 -------- d-----w- c:\program files\BitTorrent
2012-05-08 21:03:50 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 21:03:47 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-08 21:03:47 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-08 21:03:47 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-08 21:03:47 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-08 21:03:38 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-08 21:03:38 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 21:03:38 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 20:56:53 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 20:56:52 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 21:39:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-07 21:39:44 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-07 21:39:44 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-06 15:01:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 15:01:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-23 21:21:34 138056 ----a-w- c:\windows\system32\atl100.dll
2012-04-11 18:56:36 73104 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-04 17:13:38 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 17:13:26 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 17:13:22 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 23:55:50 51104 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2012-03-21 23:55:50 34080 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2012-03-21 23:55:50 304712 ----a-w- c:\windows\system32\drivers\Trufos.sys
.
============= FINISH: 23:59:37.17 ===============








GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-02 19:30:39
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.01.0
Running: gmer.exe; Driver: C:\Users\mommy\AppData\Local\Temp\fgloypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwTerminateProcess [0x8B1C39E0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E813C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82EC2324 4 Bytes [E0, 39, 1C, 8B] {LOOPNZ 0x3b; SBB AL, 0x8b}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2964] USER32.dll!SetWindowLongA 75988BA3 5 Bytes JMP 5A925EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2964] USER32.dll!SetWindowLongW 75994449 5 Bytes JMP 5A925E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2964] USER32.dll!GetWindowInfo 75994B5E 5 Bytes JMP 5A714822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2964] USER32.dll!TrackPopupMenu 759A2228 5 Bytes JMP 5A714DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] ntdll.dll!LdrLoadDll 774F223E 5 Bytes JMP 5A59C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] kernel32.dll!MapViewOfFile 75BB93DB 5 Bytes JMP 5A7CE083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] kernel32.dll!VirtualAlloc 75BBC43A 5 Bytes JMP 5A7CE0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2984] GDI32.dll!CreateDIBSection 77638850 5 Bytes JMP 5A7CE00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:2376] AC99CF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\0b1d8411-712b-4a13-875c-2188e832d9e0.0.29.Jacket 162087 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\544425c4-c8d7-4f8d-90da-306a662eb479.0.29.Jacket 161412 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\570ee0ca-1d8e-4b66-a183-268b7af52a52.0.29.Jacket 164956 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\5a37735b-6fc7-4fd7-965a-93c57104a390.0.29.Jacket 163676 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\9f138ccc-3e16-4da9-bff8-a3feed84ede0.0.29.Jacket 162811 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\b007c67c-9cbe-4dd9-a74c-ce95508a82ce.0.29.Jacket 163196 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\b337b24a-7d2c-4a10-8d90-a309b548bdac.0.29.Jacket 164443 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\7f5341f5-690f-4322-b557-d14c07da23c4.0.29.Jacket 160084 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\859f0a5e-bf52-4e3a-adf4-08119b95a7f8.0.29.Jacket 162356 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\bbb2342b-5913-4d24-ae83-e143864799e2.0.29.Jacket 162695 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\c766dd0c-93aa-4a55-8a78-67c243704a01.0.29.Jacket 163820 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\d80afe8d-49bc-4b7d-8109-77421f3e2b18.0.29.Jacket 157920 bytes
File C:\LifeboatStorage\384ca4b2-7908-41d2-b8bc-9194924d473f\Backup\Local\Outgoing\DropBox29\74501b50-09b4-4a20-9bb9-2a36b0687d90.0.29.Jacket 161807 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 PM

Posted 05 June 2012 - 02:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 02:03 PM

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Immunet 3.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 PM

Posted 05 June 2012 - 02:20 PM

Greetings carolannh,

Now I would like to see the combofix report when it is complete.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 02:40 PM

ComboFix 12-06-05.03 - mommy 06/05/2012 15:15:20.6.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.1737 [GMT -4:00]
Running from: c:\users\mommy\Desktop\ComboFix.exe
AV: Immunet 3.0 *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Brand Affinity Technologies
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 19:24 . 2012-06-05 19:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-05 19:24 . 2012-06-05 19:24 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-06-05 19:24 . 2012-06-05 19:24 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-06-05 19:24 . 2012-06-05 19:24 -------- d-----w- c:\users\Joey\AppData\Local\temp
2012-06-05 19:24 . 2012-06-05 19:24 -------- d-----w- c:\users\diddy\AppData\Local\temp
2012-06-05 19:24 . 2012-06-05 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 17:26 . 2012-06-05 17:26 -------- d-----w- C:\Lifeboat Restore Working
2012-06-02 05:23 . 2012-06-02 05:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-02 01:18 . 2010-01-10 22:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-06-02 01:18 . 2012-06-02 01:37 -------- d-----w- c:\program files\SpywareBlaster
2012-05-30 22:12 . 2012-05-30 22:12 -------- d-----w- c:\users\mommy\.swt
2012-05-30 22:12 . 2012-06-01 00:49 -------- d-----w- c:\users\mommy\AppData\Roaming\Azureus
2012-05-30 22:11 . 2012-05-30 22:12 -------- d-----w- c:\program files\Vuze
2012-05-30 22:00 . 2012-05-30 22:00 -------- d-----w- c:\program files\Funmoods
2012-05-30 21:59 . 2012-05-30 22:00 -------- d-----w- c:\program files\1ClickDownload
2012-05-29 21:49 . 2012-05-29 21:49 -------- d-----w- c:\program files\BitTorrent
2012-05-08 21:03 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 21:03 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 21:03 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 21:03 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 21:03 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 21:03 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-08 21:03 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 20:56 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 20:56 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 21:39 . 2012-05-07 21:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-07 21:39 . 2012-05-07 21:39 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 21:39 . 2012-05-07 21:39 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 15:01 . 2012-04-18 11:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 15:01 . 2011-06-25 19:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-23 21:21 . 2012-04-23 21:21 138056 ----a-w- c:\windows\system32\atl100.dll
2012-04-14 19:17 . 2012-04-14 19:17 28672 ----a-r- c:\users\mommy\AppData\Roaming\Microsoft\Installer\{7E82E59F-F04A-487A-BCDA-78079B2E14C3}\_9BBE3BF4CD55_4975_B7D1_7331AF87B685.exe
2012-04-14 19:17 . 2012-04-14 19:17 1212416 ----a-r- c:\users\mommy\AppData\Roaming\Microsoft\Installer\{7E82E59F-F04A-487A-BCDA-78079B2E14C3}\Testware.exe
2012-04-11 18:56 . 2012-04-11 18:56 73104 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-04 19:56 . 2011-12-29 15:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 17:13 . 2012-04-04 17:13 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 17:13 . 2012-04-04 17:13 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 17:13 . 2012-04-04 17:13 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-31 02:36 . 2012-05-08 21:03 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 23:55 . 2012-03-21 23:55 34080 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2012-03-21 23:55 . 2012-03-21 23:55 51104 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2012-03-21 23:55 . 2012-03-21 23:55 304712 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-05-07 21:39 . 2011-06-08 01:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-05-29 6379928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2010-05-01 3122440]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Digital Lifeboat Client Application"="c:\program files\DigitalLifeboat\Data Protection Service\DigitalLifeboatClientApp.exe" [2012-06-05 514464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Immunet Protect"="c:\program files\Immunet\3.0.5\iptray.exe" [2012-03-21 2637088]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-02-24 99728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-06-02 40776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2012-02-24 99728]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2012-04-11 73104]
S1 funfrm;funfrm; [x]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [2012-03-21 51104]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [2012-03-21 34080]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 101112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 Digital Lifeboat Backup Service;Digital Lifeboat Backup Service;c:\program files\DigitalLifeboat\Data Protection Service\DataProtectionService.exe [2012-06-05 10240]
S2 Digital Lifeboat Update Service;Digital Lifeboat Update Service;c:\program files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe [2012-06-05 158720]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ImmunetProtect;Immunet 3.0;c:\program files\Immunet\3.0.5\agent.exe [2012-03-21 797096]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 15:02]
.
2012-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005Core.job
- c:\users\mommy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 21:51]
.
2012-06-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005UA.job
- c:\users\mommy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 21:51]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005Core.job
- c:\users\mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 04:42]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005UA.job
- c:\users\mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 04:42]
.
2012-06-05 c:\windows\Tasks\Immunet Scan 1551726.job
- c:\program files\Immunet\ips.exe [2012-03-21 23:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.2.28.14 63.162.197.99
FF - ProfilePath - c:\users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?hl=en&shva=1#inbox|http://kat.ph/microsoft-office-enterprise-edition-2007-lifetime-key-t5242637.html#comments_tab|http://www.newyorker.com/online/blogs/books/2012/05/in-the-news-remote-autographs-bookish-bar-graphs.html|http://www.visualnews.com/data-design/april/top10books_jaredfanning/|http://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 0ed1fa900000000000000026827ffcae
FF - user.js: extensions.funmoods.instlDay - 15490
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:0:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02866132.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3120601830-1121106676-2442682348-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3120601830-1121106676-2442682348-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Completion time: 2012-06-05 15:35:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-05 19:35
ComboFix2.txt 2011-07-23 22:06
ComboFix3.txt 2011-07-23 02:24
.
Pre-Run: 25,567,870,976 bytes free
Post-Run: 28,482,498,560 bytes free
.
- - End Of File - - 782AFDFBB47C4FEDCBF22EE2297C305A

#6 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 02:44 PM

still have the funmoods hijack problem, but is quicker than before.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 PM

Posted 05 June 2012 - 02:51 PM

Greetings carolannh

We will get to the Funmoods soon but now i want to check if there is something more serious on here.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 03:08 PM

16:06:33.0821 3696 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:06:35.0823 3696 ============================================================
16:06:35.0823 3696 Current date / time: 2012/06/05 16:06:35.0823
16:06:35.0824 3696 SystemInfo:
16:06:35.0824 3696
16:06:35.0824 3696 OS Version: 6.1.7601 ServicePack: 1.0
16:06:35.0824 3696 Product type: Workstation
16:06:35.0824 3696 ComputerName: MOMMY-PC
16:06:35.0824 3696 UserName: mommy
16:06:35.0824 3696 Windows directory: C:\windows
16:06:35.0824 3696 System windows directory: C:\windows
16:06:35.0824 3696 Processor architecture: Intel x86
16:06:35.0824 3696 Number of processors: 1
16:06:35.0824 3696 Page size: 0x1000
16:06:35.0824 3696 Boot type: Normal boot
16:06:35.0824 3696 ============================================================
16:06:36.0413 3696 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:06:36.0415 3696 ============================================================
16:06:36.0415 3696 \Device\Harddisk0\DR0:
16:06:36.0415 3696 MBR partitions:
16:06:36.0415 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:06:36.0415 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0xCFB4800
16:06:36.0436 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD019800, BlocksNum 0x3C7E000
16:06:36.0436 3696 ============================================================
16:06:36.0480 3696 C: <-> \Device\Harddisk0\DR0\Partition1
16:06:36.0529 3696 D: <-> \Device\Harddisk0\DR0\Partition2
16:06:36.0529 3696 ============================================================
16:06:36.0529 3696 Initialize success
16:06:36.0529 3696 ============================================================
16:06:39.0581 4496 ============================================================
16:06:39.0581 4496 Scan started
16:06:39.0581 4496 Mode: Manual;
16:06:39.0581 4496 ============================================================
16:06:40.0163 4496 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
16:06:40.0165 4496 1394ohci - ok
16:06:40.0236 4496 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
16:06:40.0240 4496 ACPI - ok
16:06:40.0308 4496 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
16:06:40.0309 4496 AcpiPmi - ok
16:06:40.0373 4496 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
16:06:40.0374 4496 ACPIVPC - ok
16:06:40.0536 4496 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:06:40.0536 4496 AdobeARMservice - ok
16:06:40.0647 4496 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:06:40.0649 4496 AdobeFlashPlayerUpdateSvc - ok
16:06:40.0753 4496 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:06:40.0760 4496 adp94xx - ok
16:06:40.0809 4496 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:06:40.0812 4496 adpahci - ok
16:06:40.0860 4496 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:06:40.0861 4496 adpu320 - ok
16:06:40.0908 4496 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
16:06:40.0909 4496 AeLookupSvc - ok
16:06:41.0009 4496 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
16:06:41.0012 4496 AFD - ok
16:06:41.0073 4496 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
16:06:41.0074 4496 agp440 - ok
16:06:41.0158 4496 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:06:41.0159 4496 aic78xx - ok
16:06:41.0232 4496 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
16:06:41.0235 4496 ALG - ok
16:06:41.0304 4496 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
16:06:41.0304 4496 aliide - ok
16:06:41.0352 4496 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
16:06:41.0352 4496 amdagp - ok
16:06:41.0370 4496 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
16:06:41.0371 4496 amdide - ok
16:06:41.0424 4496 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:06:41.0425 4496 AmdK8 - ok
16:06:41.0444 4496 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:06:41.0444 4496 AmdPPM - ok
16:06:41.0512 4496 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
16:06:41.0513 4496 amdsata - ok
16:06:41.0579 4496 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:06:41.0581 4496 amdsbs - ok
16:06:41.0607 4496 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
16:06:41.0608 4496 amdxata - ok
16:06:41.0707 4496 ApfiltrService (fd6d4bc1cf7d1fec5a17588007ecafb5) C:\windows\system32\DRIVERS\Apfiltr.sys
16:06:41.0709 4496 ApfiltrService - ok
16:06:41.0774 4496 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
16:06:41.0775 4496 AppID - ok
16:06:41.0806 4496 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
16:06:41.0807 4496 AppIDSvc - ok
16:06:41.0878 4496 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
16:06:41.0879 4496 Appinfo - ok
16:06:41.0975 4496 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:06:41.0976 4496 arc - ok
16:06:42.0016 4496 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:06:42.0017 4496 arcsas - ok
16:06:42.0064 4496 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:06:42.0068 4496 AsyncMac - ok
16:06:42.0158 4496 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
16:06:42.0159 4496 atapi - ok
16:06:42.0255 4496 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
16:06:42.0274 4496 AudioEndpointBuilder - ok
16:06:42.0286 4496 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
16:06:42.0292 4496 Audiosrv - ok
16:06:42.0365 4496 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
16:06:42.0367 4496 AxInstSV - ok
16:06:42.0460 4496 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:06:42.0466 4496 b06bdrv - ok
16:06:42.0555 4496 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys
16:06:42.0563 4496 b57nd60x - ok
16:06:42.0791 4496 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
16:06:42.0868 4496 BCM43XX - ok
16:06:43.0030 4496 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
16:06:43.0031 4496 BDESVC - ok
16:06:43.0111 4496 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:06:43.0111 4496 Beep - ok
16:06:43.0228 4496 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
16:06:43.0233 4496 BFE - ok
16:06:43.0317 4496 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
16:06:43.0326 4496 BITS - ok
16:06:43.0351 4496 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:06:43.0352 4496 blbdrive - ok
16:06:43.0399 4496 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
16:06:43.0400 4496 bowser - ok
16:06:43.0428 4496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:06:43.0429 4496 BrFiltLo - ok
16:06:43.0451 4496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:06:43.0451 4496 BrFiltUp - ok
16:06:43.0526 4496 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
16:06:43.0526 4496 Bridge0 - ok
16:06:43.0606 4496 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
16:06:43.0607 4496 BridgeMP - ok
16:06:43.0665 4496 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
16:06:43.0666 4496 Browser - ok
16:06:43.0771 4496 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:06:43.0774 4496 Brserid - ok
16:06:43.0815 4496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:06:43.0816 4496 BrSerWdm - ok
16:06:43.0853 4496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:06:43.0854 4496 BrUsbMdm - ok
16:06:43.0866 4496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:06:43.0867 4496 BrUsbSer - ok
16:06:43.0953 4496 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
16:06:43.0954 4496 BthEnum - ok
16:06:43.0980 4496 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:06:43.0981 4496 BTHMODEM - ok
16:06:44.0000 4496 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
16:06:44.0001 4496 BthPan - ok
16:06:44.0075 4496 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
16:06:44.0081 4496 BTHPORT - ok
16:06:44.0164 4496 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
16:06:44.0165 4496 bthserv - ok
16:06:44.0238 4496 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
16:06:44.0241 4496 BTHUSB - ok
16:06:44.0316 4496 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:06:44.0317 4496 cdfs - ok
16:06:44.0409 4496 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
16:06:44.0411 4496 cdrom - ok
16:06:44.0474 4496 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
16:06:44.0475 4496 CertPropSvc - ok
16:06:44.0503 4496 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:06:44.0504 4496 circlass - ok
16:06:44.0546 4496 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:06:44.0550 4496 CLFS - ok
16:06:44.0668 4496 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:06:44.0669 4496 clr_optimization_v2.0.50727_32 - ok
16:06:44.0804 4496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:06:44.0805 4496 clr_optimization_v4.0.30319_32 - ok
16:06:44.0836 4496 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:06:44.0836 4496 CmBatt - ok
16:06:44.0891 4496 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
16:06:44.0892 4496 cmdide - ok
16:06:44.0958 4496 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
16:06:44.0982 4496 CNG - ok
16:06:45.0101 4496 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys
16:06:45.0108 4496 CnxtHdAudService - ok
16:06:45.0169 4496 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:06:45.0170 4496 Compbatt - ok
16:06:45.0248 4496 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
16:06:45.0249 4496 CompositeBus - ok
16:06:45.0273 4496 COMSysApp - ok
16:06:45.0303 4496 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:06:45.0304 4496 crcdisk - ok
16:06:45.0369 4496 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
16:06:45.0371 4496 CryptSvc - ok
16:06:45.0459 4496 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
16:06:45.0464 4496 DcomLaunch - ok
16:06:46.0213 4496 DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
16:06:46.0215 4496 DDNIMSGService - ok
16:06:46.0323 4496 DDNIService (a767a85632556477021d43259397b21a) C:\Program Files\DDNI\DIBS\DDNIService.exe
16:06:46.0324 4496 DDNIService - ok
16:06:46.0370 4496 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
16:06:46.0380 4496 defragsvc - ok
16:06:46.0455 4496 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
16:06:46.0456 4496 DfsC - ok
16:06:46.0536 4496 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
16:06:46.0540 4496 Dhcp - ok
16:06:46.0853 4496 Digital Lifeboat Backup Service (c85e4057fc46985dcbcd1f488db8e640) C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionService.exe
16:06:46.0854 4496 Digital Lifeboat Backup Service - ok
16:06:46.0947 4496 Digital Lifeboat Update Service (6741cb90ac54bfa46e4ff99ecd27b2c5) C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe
16:06:46.0949 4496 Digital Lifeboat Update Service - ok
16:06:47.0231 4496 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:06:47.0232 4496 discache - ok
16:06:47.0305 4496 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:06:47.0306 4496 Disk - ok
16:06:47.0386 4496 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
16:06:47.0388 4496 Dnscache - ok
16:06:47.0536 4496 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
16:06:47.0539 4496 dot3svc - ok
16:06:47.0605 4496 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
16:06:47.0634 4496 DPS - ok
16:06:47.0683 4496 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:06:47.0683 4496 drmkaud - ok
16:06:47.0921 4496 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
16:06:47.0953 4496 DXGKrnl - ok
16:06:48.0033 4496 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
16:06:48.0034 4496 EapHost - ok
16:06:48.0338 4496 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:06:48.0428 4496 ebdrv - ok
16:06:48.0562 4496 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
16:06:48.0564 4496 EFS - ok
16:06:48.0667 4496 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
16:06:48.0683 4496 ehRecvr - ok
16:06:48.0720 4496 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
16:06:48.0721 4496 ehSched - ok
16:06:48.0911 4496 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:06:48.0916 4496 elxstor - ok
16:06:48.0999 4496 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
16:06:49.0000 4496 ErrDev - ok
16:06:49.0236 4496 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
16:06:49.0238 4496 EventSystem - ok
16:06:49.0287 4496 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:06:49.0298 4496 exfat - ok
16:06:49.0335 4496 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:06:49.0338 4496 fastfat - ok
16:06:49.0437 4496 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
16:06:49.0479 4496 Fax - ok
16:06:49.0518 4496 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:06:49.0519 4496 fdc - ok
16:06:49.0558 4496 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
16:06:49.0560 4496 fdPHost - ok
16:06:49.0579 4496 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
16:06:49.0580 4496 FDResPub - ok
16:06:49.0618 4496 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:06:49.0619 4496 FileInfo - ok
16:06:49.0639 4496 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:06:49.0640 4496 Filetrace - ok
16:06:49.0659 4496 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:06:49.0662 4496 flpydisk - ok
16:06:49.0722 4496 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:06:49.0734 4496 FltMgr - ok
16:06:49.0985 4496 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
16:06:49.0995 4496 FontCache - ok
16:06:50.0371 4496 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:06:50.0372 4496 FontCache3.0.0.0 - ok
16:06:50.0438 4496 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:06:50.0439 4496 FsDepends - ok
16:06:50.0494 4496 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
16:06:50.0495 4496 Fs_Rec - ok
16:06:50.0596 4496 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
16:06:50.0598 4496 funfrm - ok
16:06:50.0671 4496 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
16:06:50.0682 4496 fvevol - ok
16:06:50.0754 4496 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:06:50.0755 4496 gagp30kx - ok
16:06:50.0806 4496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:06:50.0807 4496 GEARAspiWDM - ok
16:06:50.0903 4496 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
16:06:50.0910 4496 gpsvc - ok
16:06:51.0039 4496 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:06:51.0040 4496 gusvc - ok
16:06:51.0081 4496 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:06:51.0082 4496 hcw85cir - ok
16:06:51.0175 4496 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
16:06:51.0178 4496 HdAudAddService - ok
16:06:51.0206 4496 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
16:06:51.0208 4496 HDAudBus - ok
16:06:51.0231 4496 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:06:51.0232 4496 HidBatt - ok
16:06:51.0263 4496 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:06:51.0265 4496 HidBth - ok
16:06:51.0312 4496 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:06:51.0313 4496 HidIr - ok
16:06:51.0344 4496 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
16:06:51.0345 4496 hidserv - ok
16:06:51.0430 4496 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
16:06:51.0431 4496 HidUsb - ok
16:06:51.0504 4496 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
16:06:51.0514 4496 hkmsvc - ok
16:06:51.0571 4496 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
16:06:51.0574 4496 HomeGroupListener - ok
16:06:51.0612 4496 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
16:06:51.0616 4496 HomeGroupProvider - ok
16:06:51.0675 4496 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
16:06:51.0677 4496 HpSAMD - ok
16:06:51.0729 4496 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
16:06:51.0736 4496 HTTP - ok
16:06:51.0778 4496 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
16:06:51.0779 4496 hwpolicy - ok
16:06:51.0845 4496 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
16:06:51.0846 4496 i8042prt - ok
16:06:51.0982 4496 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:06:51.0984 4496 IAANTMON - ok
16:06:52.0060 4496 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
16:06:52.0063 4496 iaStor - ok
16:06:52.0139 4496 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
16:06:52.0157 4496 iaStorV - ok
16:06:52.0348 4496 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:06:52.0367 4496 idsvc - ok
16:06:52.0780 4496 igfx (45d1a22c0e932768729dd422e175a448) C:\windows\system32\DRIVERS\igdkmd32.sys
16:06:52.0933 4496 igfx - ok
16:06:53.0122 4496 IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
16:06:53.0123 4496 IGRS - ok
16:06:53.0278 4496 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:06:53.0279 4496 iirsp - ok
16:06:53.0381 4496 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
16:06:53.0389 4496 IKEEXT - ok
16:06:53.0601 4496 ImmunetProtect (fef3d0b45bc4fc42344f0c4cfa48180b) C:\Program Files\Immunet\3.0.5\agent.exe
16:06:53.0607 4496 ImmunetProtect - ok
16:06:53.0840 4496 ImmunetProtectDriver (9daae83b20ffac6cc1aaab88a9af5f79) C:\windows\system32\DRIVERS\ImmunetProtect.sys
16:06:53.0842 4496 ImmunetProtectDriver - ok
16:06:53.0870 4496 ImmunetSelfProtectDriver (8363a2823dfe61d2a8a8811d6261da26) C:\windows\system32\DRIVERS\ImmunetSelfProtect.sys
16:06:53.0871 4496 ImmunetSelfProtectDriver - ok
16:06:53.0924 4496 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
16:06:53.0926 4496 intelide - ok
16:06:53.0986 4496 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:06:53.0987 4496 intelppm - ok
16:06:54.0024 4496 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
16:06:54.0026 4496 IPBusEnum - ok
16:06:54.0120 4496 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
16:06:54.0127 4496 iphlpsvc - ok
16:06:54.0175 4496 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
16:06:54.0177 4496 IPMIDRV - ok
16:06:54.0249 4496 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:06:54.0251 4496 IPNAT - ok
16:06:54.0439 4496 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
16:06:54.0445 4496 iPod Service - ok
16:06:54.0491 4496 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:06:54.0492 4496 IRENUM - ok
16:06:54.0563 4496 is3srv (dccbdfd30bbeca6d74d9133981429b94) C:\windows\system32\drivers\is3srv.sys
16:06:54.0565 4496 is3srv - ok
16:06:54.0636 4496 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
16:06:54.0657 4496 isapnp - ok
16:06:54.0723 4496 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
16:06:54.0732 4496 iScsiPrt - ok
16:06:54.0781 4496 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
16:06:54.0790 4496 k57nd60x - ok
16:06:54.0845 4496 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
16:06:54.0846 4496 kbdclass - ok
16:06:54.0912 4496 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
16:06:54.0913 4496 kbdhid - ok
16:06:55.0006 4496 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:06:55.0008 4496 KeyIso - ok
16:06:55.0029 4496 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
16:06:55.0032 4496 KSecDD - ok
16:06:55.0064 4496 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
16:06:55.0066 4496 KSecPkg - ok
16:06:55.0120 4496 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
16:06:55.0125 4496 KtmRm - ok
16:06:55.0212 4496 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
16:06:55.0225 4496 LanmanServer - ok
16:06:55.0279 4496 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
16:06:55.0282 4496 LanmanWorkstation - ok
16:06:55.0469 4496 Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
16:06:55.0488 4496 Lenovo ReadyComm AppSvc - ok
16:06:55.0539 4496 Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
16:06:55.0552 4496 Lenovo ReadyComm ConnSvc - ok
16:06:55.0658 4496 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:06:55.0659 4496 lltdio - ok
16:06:55.0706 4496 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
16:06:55.0709 4496 lltdsvc - ok
16:06:55.0723 4496 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
16:06:55.0724 4496 lmhosts - ok
16:06:55.0789 4496 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:06:55.0791 4496 LSI_FC - ok
16:06:55.0827 4496 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:06:55.0829 4496 LSI_SAS - ok
16:06:55.0863 4496 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:06:55.0864 4496 LSI_SAS2 - ok
16:06:55.0904 4496 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:06:55.0905 4496 LSI_SCSI - ok
16:06:55.0936 4496 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:06:55.0938 4496 luafv - ok
16:06:56.0036 4496 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
16:06:56.0039 4496 MBAMSwissArmy - ok
16:06:56.0084 4496 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
16:06:56.0086 4496 Mcx2Svc - ok
16:06:56.0133 4496 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:06:56.0136 4496 megasas - ok
16:06:56.0168 4496 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:06:56.0178 4496 MegaSR - ok
16:06:56.0204 4496 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
16:06:56.0206 4496 MMCSS - ok
16:06:56.0233 4496 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:06:56.0235 4496 Modem - ok
16:06:56.0274 4496 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:06:56.0274 4496 monitor - ok
16:06:56.0339 4496 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
16:06:56.0340 4496 mouclass - ok
16:06:56.0376 4496 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:06:56.0378 4496 mouhid - ok
16:06:56.0430 4496 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
16:06:56.0431 4496 mountmgr - ok
16:06:56.0575 4496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:06:56.0577 4496 MozillaMaintenance - ok
16:06:56.0633 4496 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
16:06:56.0635 4496 mpio - ok
16:06:56.0668 4496 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:06:56.0670 4496 mpsdrv - ok
16:06:56.0757 4496 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
16:06:56.0779 4496 MpsSvc - ok
16:06:56.0838 4496 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
16:06:56.0840 4496 MRxDAV - ok
16:06:56.0901 4496 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
16:06:56.0904 4496 mrxsmb - ok
16:06:56.0963 4496 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:06:56.0966 4496 mrxsmb10 - ok
16:06:57.0013 4496 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:06:57.0016 4496 mrxsmb20 - ok
16:06:57.0072 4496 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
16:06:57.0073 4496 msahci - ok
16:06:57.0138 4496 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
16:06:57.0142 4496 msdsm - ok
16:06:57.0188 4496 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
16:06:57.0191 4496 MSDTC - ok
16:06:57.0260 4496 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:06:57.0261 4496 Msfs - ok
16:06:57.0284 4496 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:06:57.0287 4496 mshidkmdf - ok
16:06:57.0308 4496 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
16:06:57.0309 4496 msisadrv - ok
16:06:57.0375 4496 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
16:06:57.0377 4496 MSiSCSI - ok
16:06:57.0389 4496 msiserver - ok
16:06:57.0439 4496 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:06:57.0440 4496 MSKSSRV - ok
16:06:57.0487 4496 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:06:57.0488 4496 MSPCLOCK - ok
16:06:57.0504 4496 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:06:57.0505 4496 MSPQM - ok
16:06:57.0543 4496 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:06:57.0546 4496 MsRPC - ok
16:06:57.0599 4496 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
16:06:57.0599 4496 mssmbios - ok
16:06:57.0619 4496 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:06:57.0623 4496 MSTEE - ok
16:06:57.0660 4496 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:06:57.0661 4496 MTConfig - ok
16:06:57.0689 4496 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:06:57.0691 4496 Mup - ok
16:06:57.0758 4496 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
16:06:57.0773 4496 napagent - ok
16:06:57.0849 4496 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:06:57.0852 4496 NativeWifiP - ok
16:06:57.0945 4496 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
16:06:57.0953 4496 NDIS - ok
16:06:58.0008 4496 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:06:58.0010 4496 NdisCap - ok
16:06:58.0051 4496 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:06:58.0052 4496 NdisTapi - ok
16:06:58.0114 4496 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
16:06:58.0115 4496 Ndisuio - ok
16:06:58.0174 4496 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
16:06:58.0176 4496 NdisWan - ok
16:06:58.0202 4496 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
16:06:58.0203 4496 NDProxy - ok
16:06:58.0231 4496 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:06:58.0231 4496 NetBIOS - ok
16:06:58.0289 4496 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
16:06:58.0291 4496 NetBT - ok
16:06:58.0351 4496 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:06:58.0353 4496 Netlogon - ok
16:06:58.0440 4496 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
16:06:58.0480 4496 Netman - ok
16:06:58.0513 4496 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
16:06:58.0520 4496 netprofm - ok
16:06:58.0645 4496 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:58.0647 4496 NetTcpPortSharing - ok
16:06:58.0916 4496 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
16:06:59.0028 4496 netw5v32 - ok
16:06:59.0191 4496 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:06:59.0192 4496 nfrd960 - ok
16:06:59.0261 4496 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
16:06:59.0266 4496 NlaSvc - ok
16:06:59.0305 4496 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:06:59.0306 4496 Npfs - ok
16:06:59.0341 4496 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
16:06:59.0343 4496 nsi - ok
16:06:59.0364 4496 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:06:59.0366 4496 nsiproxy - ok
16:06:59.0493 4496 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
16:06:59.0531 4496 Ntfs - ok
16:06:59.0553 4496 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:06:59.0556 4496 Null - ok
16:06:59.0615 4496 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
16:06:59.0617 4496 nvraid - ok
16:06:59.0694 4496 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
16:06:59.0703 4496 nvstor - ok
16:06:59.0724 4496 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
16:06:59.0726 4496 nv_agp - ok
16:06:59.0782 4496 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
16:06:59.0783 4496 ohci1394 - ok
16:06:59.0867 4496 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:06:59.0870 4496 ose - ok
16:06:59.0930 4496 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
16:06:59.0934 4496 p2pimsvc - ok
16:07:00.0018 4496 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
16:07:00.0023 4496 p2psvc - ok
16:07:00.0062 4496 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:07:00.0063 4496 Parport - ok
16:07:00.0107 4496 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
16:07:00.0108 4496 partmgr - ok
16:07:00.0136 4496 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:07:00.0137 4496 Parvdm - ok
16:07:00.0175 4496 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
16:07:00.0179 4496 PcaSvc - ok
16:07:00.0256 4496 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
16:07:00.0259 4496 pci - ok
16:07:00.0278 4496 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
16:07:00.0279 4496 pciide - ok
16:07:00.0323 4496 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:07:00.0325 4496 pcmcia - ok
16:07:00.0367 4496 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:07:00.0369 4496 pcw - ok
16:07:00.0447 4496 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:07:00.0485 4496 PEAUTH - ok
16:07:00.0659 4496 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
16:07:00.0704 4496 pla - ok
16:07:00.0885 4496 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
16:07:00.0891 4496 PlugPlay - ok
16:07:00.0930 4496 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
16:07:00.0935 4496 PNRPAutoReg - ok
16:07:01.0009 4496 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
16:07:01.0012 4496 PNRPsvc - ok
16:07:01.0077 4496 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
16:07:01.0082 4496 PolicyAgent - ok
16:07:01.0145 4496 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
16:07:01.0149 4496 Power - ok
16:07:01.0246 4496 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:07:01.0248 4496 PptpMiniport - ok
16:07:01.0278 4496 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:07:01.0280 4496 Processor - ok
16:07:01.0359 4496 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
16:07:01.0363 4496 ProfSvc - ok
16:07:01.0407 4496 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:07:01.0409 4496 ProtectedStorage - ok
16:07:01.0462 4496 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:07:01.0463 4496 Psched - ok
16:07:01.0474 4496 PS_MDP - ok
16:07:01.0598 4496 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:07:01.0642 4496 ql2300 - ok
16:07:01.0815 4496 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:07:01.0817 4496 ql40xx - ok
16:07:01.0863 4496 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
16:07:01.0867 4496 QWAVE - ok
16:07:01.0909 4496 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:07:01.0911 4496 QWAVEdrv - ok
16:07:01.0932 4496 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:07:01.0934 4496 RasAcd - ok
16:07:01.0994 4496 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:07:01.0996 4496 RasAgileVpn - ok
16:07:02.0024 4496 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
16:07:02.0027 4496 RasAuto - ok
16:07:02.0053 4496 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:07:02.0055 4496 Rasl2tp - ok
16:07:02.0134 4496 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
16:07:02.0150 4496 RasMan - ok
16:07:02.0184 4496 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:07:02.0185 4496 RasPppoe - ok
16:07:02.0234 4496 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:07:02.0235 4496 RasSstp - ok
16:07:02.0283 4496 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
16:07:02.0285 4496 rdbss - ok
16:07:02.0320 4496 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:07:02.0321 4496 rdpbus - ok
16:07:02.0370 4496 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
16:07:02.0371 4496 RDPCDD - ok
16:07:02.0424 4496 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:07:02.0425 4496 RDPENCDD - ok
16:07:02.0445 4496 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:07:02.0446 4496 RDPREFMP - ok
16:07:02.0536 4496 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
16:07:02.0547 4496 RDPWD - ok
16:07:02.0631 4496 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
16:07:02.0633 4496 rdyboost - ok
16:07:02.0645 4496 ReadyComm.DirectRouter - ok
16:07:02.0719 4496 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
16:07:02.0723 4496 RemoteAccess - ok
16:07:02.0764 4496 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
16:07:02.0777 4496 RemoteRegistry - ok
16:07:02.0850 4496 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
16:07:02.0853 4496 RFCOMM - ok
16:07:02.0901 4496 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
16:07:02.0903 4496 RpcEptMapper - ok
16:07:02.0939 4496 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
16:07:02.0941 4496 RpcLocator - ok
16:07:03.0005 4496 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
16:07:03.0013 4496 RpcSs - ok
16:07:03.0067 4496 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:07:03.0068 4496 rspndr - ok
16:07:03.0104 4496 RSUSBSTOR - ok
16:07:03.0128 4496 RtsUIR - ok
16:07:03.0163 4496 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:07:03.0164 4496 SamSs - ok
16:07:03.0234 4496 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
16:07:03.0236 4496 sbp2port - ok
16:07:03.0322 4496 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\windows\system32\drivers\SBREdrv.sys
16:07:03.0324 4496 SBRE - ok
16:07:03.0523 4496 scan (9797749eb2287f92a4b13df7766eaf18) C:\Program Files\Immunet\tetra\scan.dll
16:07:03.0526 4496 scan - ok
16:07:03.0564 4496 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
16:07:03.0567 4496 SCardSvr - ok
16:07:03.0620 4496 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
16:07:03.0622 4496 scfilter - ok
16:07:03.0717 4496 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
16:07:03.0735 4496 Schedule - ok
16:07:03.0766 4496 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
16:07:03.0767 4496 SCPolicySvc - ok
16:07:03.0828 4496 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
16:07:03.0832 4496 SDRSVC - ok
16:07:03.0993 4496 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:07:04.0000 4496 SeaPort - ok
16:07:04.0061 4496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:07:04.0063 4496 secdrv - ok
16:07:04.0099 4496 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
16:07:04.0102 4496 seclogon - ok
16:07:04.0151 4496 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
16:07:04.0154 4496 SENS - ok
16:07:04.0207 4496 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
16:07:04.0210 4496 SensrSvc - ok
16:07:04.0244 4496 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:07:04.0245 4496 Serenum - ok
16:07:04.0292 4496 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:07:04.0293 4496 Serial - ok
16:07:04.0341 4496 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:07:04.0342 4496 sermouse - ok
16:07:04.0422 4496 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
16:07:04.0425 4496 SessionEnv - ok
16:07:04.0476 4496 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
16:07:04.0477 4496 sffdisk - ok
16:07:04.0499 4496 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
16:07:04.0501 4496 sffp_mmc - ok
16:07:04.0521 4496 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
16:07:04.0522 4496 sffp_sd - ok
16:07:04.0562 4496 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:07:04.0563 4496 sfloppy - ok
16:07:04.0647 4496 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
16:07:04.0663 4496 SharedAccess - ok
16:07:04.0758 4496 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
16:07:04.0784 4496 ShellHWDetection - ok
16:07:04.0861 4496 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
16:07:04.0865 4496 sisagp - ok
16:07:04.0938 4496 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:07:04.0939 4496 SiSRaid2 - ok
16:07:04.0977 4496 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:07:04.0979 4496 SiSRaid4 - ok
16:07:05.0065 4496 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:07:05.0067 4496 Smb - ok
16:07:05.0164 4496 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
16:07:05.0170 4496 SNMPTRAP - ok
16:07:05.0204 4496 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:07:05.0206 4496 spldr - ok
16:07:05.0273 4496 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
16:07:05.0290 4496 Spooler - ok
16:07:05.0552 4496 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
16:07:05.0576 4496 sppsvc - ok
16:07:05.0702 4496 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
16:07:05.0704 4496 sppuinotify - ok
16:07:05.0828 4496 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:07:05.0830 4496 SQLWriter - ok
16:07:05.0927 4496 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
16:07:05.0943 4496 srv - ok
16:07:06.0000 4496 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
16:07:06.0015 4496 srv2 - ok
16:07:06.0050 4496 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
16:07:06.0051 4496 srvnet - ok
16:07:06.0088 4496 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
16:07:06.0101 4496 SSDPSRV - ok
16:07:06.0145 4496 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
16:07:06.0155 4496 SstpSvc - ok
16:07:06.0260 4496 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:07:06.0261 4496 stexstor - ok
16:07:06.0367 4496 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
16:07:06.0372 4496 StiSvc - ok
16:07:06.0438 4496 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
16:07:06.0439 4496 swenum - ok
16:07:06.0494 4496 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
16:07:06.0499 4496 swprv - ok
16:07:06.0649 4496 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
16:07:06.0688 4496 SysMain - ok
16:07:06.0766 4496 szkg5 (dccbdfd30bbeca6d74d9133981429b94) C:\windows\system32\DRIVERS\szkg.sys
16:07:06.0769 4496 szkg5 - ok
16:07:06.0789 4496 szkgfs (c24f3e0fa465fd91daaee0f1816744d1) C:\windows\system32\drivers\szkgfs.sys
16:07:06.0791 4496 szkgfs - ok
16:07:06.0898 4496 szserver (f1ad6b22ffcccba68b3a6d6e70fcb105) c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
16:07:06.0899 4496 szserver - ok
16:07:06.0957 4496 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
16:07:06.0960 4496 TabletInputService - ok
16:07:06.0997 4496 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
16:07:07.0001 4496 TapiSrv - ok
16:07:07.0039 4496 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
16:07:07.0042 4496 TBS - ok
16:07:07.0190 4496 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
16:07:07.0236 4496 Tcpip - ok
16:07:07.0256 4496 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
16:07:07.0267 4496 TCPIP6 - ok
16:07:07.0355 4496 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
16:07:07.0356 4496 tcpipreg - ok
16:07:07.0425 4496 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
16:07:07.0426 4496 TDPIPE - ok
16:07:07.0481 4496 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
16:07:07.0482 4496 TDTCP - ok
16:07:07.0540 4496 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
16:07:07.0542 4496 tdx - ok
16:07:07.0597 4496 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
16:07:07.0598 4496 TermDD - ok
16:07:07.0672 4496 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
16:07:07.0678 4496 TermService - ok
16:07:07.0722 4496 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
16:07:07.0725 4496 Themes - ok
16:07:07.0771 4496 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
16:07:07.0773 4496 THREADORDER - ok
16:07:07.0799 4496 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
16:07:07.0802 4496 TrkWks - ok
16:07:07.0898 4496 Trufos (d391f1171a2e3a7080df6faae7a20c0b) C:\windows\system32\DRIVERS\Trufos.sys
16:07:07.0914 4496 Trufos - ok
16:07:08.0001 4496 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
16:07:08.0003 4496 TrustedInstaller - ok
16:07:08.0063 4496 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
16:07:08.0064 4496 tssecsrv - ok
16:07:08.0145 4496 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
16:07:08.0146 4496 TsUsbFlt - ok
16:07:08.0219 4496 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
16:07:08.0221 4496 tunnel - ok
16:07:08.0261 4496 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:07:08.0262 4496 uagp35 - ok
16:07:08.0331 4496 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
16:07:08.0339 4496 udfs - ok
16:07:08.0389 4496 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
16:07:08.0392 4496 UI0Detect - ok
16:07:08.0471 4496 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
16:07:08.0472 4496 uliagpkx - ok
16:07:08.0543 4496 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
16:07:08.0544 4496 umbus - ok
16:07:08.0583 4496 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:07:08.0583 4496 UmPass - ok
16:07:08.0634 4496 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
16:07:08.0640 4496 upnphost - ok
16:07:08.0726 4496 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
16:07:08.0727 4496 USBAAPL - ok
16:07:08.0799 4496 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
16:07:08.0801 4496 usbaudio - ok
16:07:08.0829 4496 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
16:07:08.0830 4496 usbccgp - ok
16:07:08.0840 4496 USBCCID - ok
16:07:08.0902 4496 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
16:07:08.0904 4496 usbcir - ok
16:07:08.0935 4496 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
16:07:08.0937 4496 usbehci - ok
16:07:09.0004 4496 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
16:07:09.0011 4496 usbhub - ok
16:07:09.0038 4496 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
16:07:09.0039 4496 usbohci - ok
16:07:09.0102 4496 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:07:09.0103 4496 usbprint - ok
16:07:09.0149 4496 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
16:07:09.0150 4496 usbscan - ok
16:07:09.0253 4496 usbsmi (6e90fc65f27ae98fffb0741cefe75679) C:\windows\system32\DRIVERS\SMIksdrv.sys
16:07:09.0256 4496 usbsmi - ok
16:07:09.0287 4496 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:07:09.0289 4496 USBSTOR - ok
16:07:09.0313 4496 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
16:07:09.0313 4496 usbuhci - ok
16:07:09.0373 4496 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
16:07:09.0376 4496 usbvideo - ok
16:07:09.0409 4496 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
16:07:09.0412 4496 UxSms - ok
16:07:09.0463 4496 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:07:09.0464 4496 VaultSvc - ok
16:07:09.0520 4496 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
16:07:09.0521 4496 vdrvroot - ok
16:07:09.0593 4496 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
16:07:09.0600 4496 vds - ok
16:07:09.0644 4496 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:07:09.0645 4496 vga - ok
16:07:09.0671 4496 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:07:09.0672 4496 VgaSave - ok
16:07:09.0709 4496 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
16:07:09.0711 4496 vhdmp - ok
16:07:09.0767 4496 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
16:07:09.0769 4496 viaagp - ok
16:07:09.0799 4496 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:07:09.0800 4496 ViaC7 - ok
16:07:09.0825 4496 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
16:07:09.0826 4496 viaide - ok
16:07:09.0856 4496 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
16:07:09.0857 4496 volmgr - ok
16:07:09.0914 4496 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:07:09.0930 4496 volmgrx - ok
16:07:09.0972 4496 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
16:07:09.0980 4496 volsnap - ok
16:07:10.0047 4496 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:07:10.0049 4496 vsmraid - ok
16:07:10.0179 4496 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
16:07:10.0214 4496 VSS - ok
16:07:10.0256 4496 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:07:10.0257 4496 vwifibus - ok
16:07:10.0311 4496 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:07:10.0312 4496 vwififlt - ok
16:07:10.0375 4496 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
16:07:10.0393 4496 W32Time - ok
16:07:10.0426 4496 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:07:10.0429 4496 WacomPen - ok
16:07:10.0486 4496 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:07:10.0488 4496 WANARP - ok
16:07:10.0499 4496 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:07:10.0500 4496 Wanarpv6 - ok
16:07:10.0664 4496 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
16:07:10.0699 4496 WatAdminSvc - ok
16:07:10.0841 4496 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
16:07:10.0878 4496 wbengine - ok
16:07:10.0914 4496 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
16:07:10.0918 4496 WbioSrvc - ok
16:07:10.0981 4496 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
16:07:10.0986 4496 wcncsvc - ok
16:07:11.0010 4496 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
16:07:11.0013 4496 WcsPlugInService - ok
16:07:11.0085 4496 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:07:11.0086 4496 Wd - ok
16:07:11.0152 4496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:07:11.0169 4496 Wdf01000 - ok
16:07:11.0215 4496 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
16:07:11.0219 4496 WdiServiceHost - ok
16:07:11.0230 4496 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
16:07:11.0233 4496 WdiSystemHost - ok
16:07:11.0294 4496 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
16:07:11.0295 4496 wdmirror - ok
16:07:11.0357 4496 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
16:07:11.0362 4496 WebClient - ok
16:07:11.0400 4496 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
16:07:11.0406 4496 Wecsvc - ok
16:07:11.0430 4496 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
16:07:11.0433 4496 wercplsupport - ok
16:07:11.0501 4496 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
16:07:11.0505 4496 WerSvc - ok
16:07:11.0556 4496 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:07:11.0557 4496 WfpLwf - ok
16:07:11.0635 4496 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
16:07:11.0637 4496 WimFltr - ok
16:07:11.0671 4496 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:07:11.0672 4496 WIMMount - ok
16:07:11.0841 4496 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:07:11.0850 4496 WinDefend - ok
16:07:11.0864 4496 WinHttpAutoProxySvc - ok
16:07:11.0944 4496 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
16:07:11.0951 4496 Winmgmt - ok
16:07:11.0991 4496 WinRing0_1_2_0 - ok
16:07:12.0111 4496 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
16:07:12.0151 4496 WinRM - ok
16:07:12.0270 4496 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
16:07:12.0271 4496 WinUsb - ok
16:07:12.0354 4496 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
16:07:12.0365 4496 Wlansvc - ok
16:07:12.0616 4496 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:07:12.0666 4496 wlidsvc - ok
16:07:12.0827 4496 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
16:07:12.0828 4496 WmiAcpi - ok
16:07:12.0914 4496 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
16:07:12.0916 4496 wmiApSrv - ok
16:07:13.0075 4496 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:07:13.0083 4496 WMPNetworkSvc - ok
16:07:13.0114 4496 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
16:07:13.0117 4496 WPCSvc - ok
16:07:13.0144 4496 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
16:07:13.0148 4496 WPDBusEnum - ok
16:07:13.0226 4496 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:07:13.0227 4496 ws2ifsl - ok
16:07:13.0296 4496 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
16:07:13.0299 4496 wscsvc - ok
16:07:13.0312 4496 WSearch - ok
16:07:13.0382 4496 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
16:07:13.0386 4496 wsvd - ok
16:07:13.0542 4496 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
16:07:13.0602 4496 wuauserv - ok
16:07:13.0745 4496 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
16:07:13.0746 4496 WudfPf - ok
16:07:13.0778 4496 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
16:07:13.0781 4496 WUDFRd - ok
16:07:13.0826 4496 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
16:07:13.0829 4496 wudfsvc - ok
16:07:13.0867 4496 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
16:07:13.0872 4496 WwanSvc - ok
16:07:13.0926 4496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:07:14.0106 4496 \Device\Harddisk0\DR0 - ok
16:07:14.0110 4496 Boot (0x1200) (0e0274571391247f5e93aae0ef6a6179) \Device\Harddisk0\DR0\Partition0
16:07:14.0111 4496 \Device\Harddisk0\DR0\Partition0 - ok
16:07:14.0127 4496 Boot (0x1200) (61ad49590e6cf4ee480e2f11df26a053) \Device\Harddisk0\DR0\Partition1
16:07:14.0129 4496 \Device\Harddisk0\DR0\Partition1 - ok
16:07:14.0158 4496 Boot (0x1200) (cae1e819900f9a1eddaf95b56575fda4) \Device\Harddisk0\DR0\Partition2
16:07:14.0159 4496 \Device\Harddisk0\DR0\Partition2 - ok
16:07:14.0160 4496 ============================================================
16:07:14.0160 4496 Scan finished
16:07:14.0160 4496 ============================================================
16:07:14.0181 5208 Detected object count: 0
16:07:14.0181 5208 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 PM

Posted 05 June 2012 - 03:47 PM

Hello carolannh

That report looks great but there is another scan that I asked for - aswMBR, so go ahead and run it and let me have that report when it is complete


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 07:48 PM

i can't tell if it (aswMBR) is hung. it is still in scan mode.have not saved log yet. no completion message n the scan. want me to post what it has so far?

#11 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 08:21 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 16:10:31
-----------------------------
16:10:31.789 OS Version: Windows 6.1.7601 Service Pack 1
16:10:31.789 Number of processors: 1 586 0x170A
16:10:31.791 ComputerName: MOMMY-PC UserName: mommy
16:10:55.614 Initialize success
16:22:00.070 AVAST engine defs: 12060501
20:19:02.801 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:19:02.804 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
20:19:02.816 Disk 0 MBR read successfully
20:19:02.819 Disk 0 MBR scan
20:19:03.098 Disk 0 Windows 7 default MBR code
20:19:03.121 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
20:19:03.141 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 106345 MB offset 411648
20:19:03.148 Disk 0 Partition - 00 0F Extended LBA 30973 MB offset 218206208
20:19:03.180 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 281638912
20:19:03.249 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30972 MB offset 218208256
20:19:03.273 Disk 0 scanning sectors +312581808
20:19:03.856 Disk 0 scanning C:\windows\system32\drivers
20:19:19.451 Service scanning
20:21:12.953 Modules scanning
20:22:02.776 Disk 0 trace - called modules:
20:22:02.819 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:22:02.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ce9358]
20:22:02.836 3 CLASSPNP.SYS[8ba7b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862aa028]
20:22:08.404 AVAST engine scan C:\windows
20:22:19.378 AVAST engine scan C:\windows\system32
20:28:35.556 AVAST engine scan C:\windows\system32\drivers
20:29:16.427 AVAST engine scan C:\Users\mommy
20:47:57.524 AVAST engine scan C:\ProgramData
20:54:57.232 Scan finished successfully
21:07:41.931 Disk 0 MBR has been saved successfully to "C:\Users\mommy\Desktop\MBR.dat"
21:07:41.947 The log file has been saved successfully to "C:\Users\mommy\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 PM

Posted 05 June 2012 - 09:33 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 June 2012 - 10:49 PM

running OLT now. i am getting popups and text is linked to ads where it should not be with a double yellow underline.

OTL logfile created on: 6/5/2012 11:40:23 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\mommy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000540A | Country: United States | Language: EST | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 41.58% Memory free
5.92 Gb Paging File | 4.05 Gb Available in Paging File | 68.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.85 Gb Total Space | 25.67 Gb Free Space | 24.72% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 7.64 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive E: | 113.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOMMY-PC | User Name: mommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mommy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DigitalLifeboat\Data Protection Service\DigitalLifeboatClientApp.exe (Digital Lifeboat)
PRC - C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe (Digital Lifeboat, Inc.)
PRC - C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionService.exe (Digital Lifeboat, Inc)
PRC - C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)
PRC - C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f1241239a9b8229f91ce55d230fad38c\System.Messaging.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Immunet\3.0.5\dhr.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\System32\370prop.ax ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Digital Lifeboat Update Service) -- C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe (Digital Lifeboat, Inc.)
SRV - (Digital Lifeboat Backup Service) -- C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionService.exe (Digital Lifeboat, Inc)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L)
SRV - (ImmunetProtect) -- C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (DDNIService) -- C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (DDNIMSGService) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (aswMBR) -- C:\Users\mommy\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (szkgfs) -- C:\Windows\System32\drivers\SZKGFS.sys (iS3, Inc.)
DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (ImmunetProtectDriver) -- C:\Windows\System32\drivers\ImmunetProtect.sys (Windows ® Win 7 DDK provider)
DRV - (ImmunetSelfProtectDriver) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider)
DRV - (szkg5) -- C:\Windows\System32\drivers\SZKG.sys (iS3 Inc.)
DRV - (is3srv) -- C:\Windows\System32\drivers\is3srv.sys (iS3 Inc.)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows ® Codename Longhorn DDK provider)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
IE - HKLM\..\SearchScopes\{5B96EF18-C40E-FC59-EE06-11CA218F3579}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460}
IE - HKCU\..\SearchScopes,DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{5B96EF18-C40E-FC59-EE06-11CA218F3579}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{93C0173A-B512-439B-B0B4-A58339748460}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Yahoo"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?hl=en&shva=1"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mommy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/07 17:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/15 11:22:40 | 000,000,000 | ---D | M]

[2010/09/23 16:45:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Extensions
[2012/06/03 20:38:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions
[2011/04/25 22:17:23 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\chromifox@altmusictv.com
[2012/05/30 18:01:49 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\ffxtlbr@funmoods.com
[2012/05/30 18:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\jetpack\FantapperExtension@brandaffinity.net
[2012/05/30 18:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
[2011/11/01 20:27:34 | 000,001,504 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\imdb.xml
[2011/10/08 16:08:30 | 000,000,705 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster-1.xml
[2010/11/22 21:23:57 | 000,000,705 | -H-- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster.xml
[2011/10/15 00:29:27 | 000,002,057 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\youtube-video-search.xml
[2012/03/05 18:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/12 23:30:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/03 20:38:39 | 000,202,062 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\{AA052FD6-366A-4771-A591-0D8DC551585D}.XPI
[2012/05/30 18:00:21 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012/05/07 17:39:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/26 10:12:41 | 000,304,504 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2012/03/03 19:44:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/03 19:44:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mommy\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\mommy\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mommy\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mommy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: ShopAtHome.com extension = C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.0.0_0\
CHR - Extension: AT_Oscar = C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphgjnagopjcejpncakmojifbeakeilb\3_1\

O1 HOSTS File: ([2011/07/25 16:21:32 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Digital Lifeboat Client Application] C:\Program Files\DigitalLifeboat\Data Protection Service\DigitalLifeboatClientApp.exe (Digital Lifeboat)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.2.28.14 63.162.197.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BADB65D-981F-4F80-BFB9-915EDEAB5D6E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}: DhcpNameServer = 71.2.28.14 63.162.197.99
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/06/19 08:56:51 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 23:34:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mommy\Desktop\OTL.exe
[2012/06/05 18:40:59 | 000,000,000 | -H-D | C] -- C:\Lifeboat Restore Working
[2012/06/05 16:08:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mommy\Desktop\aswMBR.exe
[2012/06/05 16:05:53 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mommy\Desktop\tdsskiller.exe
[2012/06/05 15:27:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/05 15:24:56 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/05 15:09:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/05 15:04:36 | 004,538,040 | R--- | C] (Swearware) -- C:\Users\mommy\Desktop\ComboFix.exe
[2012/06/02 01:27:58 | 000,000,000 | ---D | C] -- C:\Users\mommy\Desktop\gmer
[2012/06/02 01:23:43 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/01 23:52:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\mommy\Desktop\dds.scr
[2012/06/01 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/06/01 21:18:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSSTDFMT.DLL
[2012/06/01 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/05/30 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\mommy\Documents\Vuze Downloads
[2012/05/30 18:12:40 | 000,000,000 | ---D | C] -- C:\Users\mommy\.swt
[2012/05/30 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\mommy\AppData\Roaming\Azureus
[2012/05/30 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2012/05/30 18:07:31 | 009,740,728 | ---- | C] (Vuze Inc.) -- C:\Users\mommy\Documents\Vuze_Installer.exe
[2012/05/30 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
[2012/05/30 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/05/29 17:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/05/29 17:47:19 | 006,379,928 | ---- | C] (BitTorrent, Inc.) -- C:\Users\mommy\Documents\BitTorrent.exe
[2012/05/22 16:41:48 | 000,000,000 | ---D | C] -- C:\Users\mommy\Documents\tonybarkercarestimate_files
[2012/05/19 02:22:36 | 000,000,000 | ---D | C] -- C:\Users\mommy\Documents\statistics @SCC 2012
[2012/05/08 17:03:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/08 17:03:38 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/08 17:03:38 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/08 16:56:52 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/07 17:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/07 17:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/06/05 23:47:12 | 000,001,272 | ---- | M] () -- C:\windows\System32\drivers\kgpfr2.cfg
[2012/06/05 23:47:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005UA.job
[2012/06/05 23:47:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005Core.job
[2012/06/05 23:35:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mommy\Desktop\OTL.exe
[2012/06/05 23:32:23 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012/06/05 23:16:20 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/05 21:07:41 | 000,000,512 | ---- | M] () -- C:\Users\mommy\Desktop\MBR.dat
[2012/06/05 20:57:09 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005UA.job
[2012/06/05 17:56:03 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005Core.job
[2012/06/05 16:10:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mommy\Desktop\aswMBR.exe
[2012/06/05 16:06:23 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mommy\Desktop\tdsskiller.exe
[2012/06/05 15:36:22 | 000,009,920 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 15:36:22 | 000,009,920 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 15:35:34 | 000,001,960 | ---- | M] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/06/05 15:26:23 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/05 15:05:49 | 004,538,040 | R--- | M] (Swearware) -- C:\Users\mommy\Desktop\ComboFix.exe
[2012/06/05 14:01:21 | 000,853,862 | ---- | M] () -- C:\Users\mommy\Desktop\SecurityCheck.exe
[2012/06/05 05:35:28 | 000,000,298 | ---- | M] () -- C:\windows\tasks\Immunet Scan 1551726.job
[2012/06/02 12:31:20 | 000,294,216 | ---- | M] () -- C:\Users\mommy\Desktop\gmer.zip
[2012/06/02 01:27:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/02 01:23:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 23:52:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\mommy\Desktop\dds.scr
[2012/06/01 21:18:37 | 000,001,041 | ---- | M] () -- C:\Users\mommy\Desktop\SpywareBlaster.lnk
[2012/05/31 10:28:13 | 000,511,400 | ---- | M] () -- C:\Users\mommy\Desktop\OfficeInstaller.exe
[2012/05/31 10:19:46 | 000,001,859 | ---- | M] () -- C:\Users\mommy\Desktop\Download Microsoft_Office_Word_2007.lnk
[2012/05/30 20:14:52 | 000,348,071 | ---- | M] () -- C:\Users\mommy\Documents\Top10Booksgraph.png
[2012/05/30 18:12:00 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/05/30 18:12:00 | 000,001,798 | ---- | M] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/30 18:09:17 | 009,740,728 | ---- | M] (Vuze Inc.) -- C:\Users\mommy\Documents\Vuze_Installer.exe
[2012/05/30 18:00:40 | 000,302,425 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx
[2012/05/30 18:00:40 | 000,031,470 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods.crx
[2012/05/29 17:49:53 | 000,000,961 | ---- | M] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/29 17:49:53 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/29 17:48:37 | 006,379,928 | ---- | M] (BitTorrent, Inc.) -- C:\Users\mommy\Documents\BitTorrent.exe
[2012/05/26 16:24:37 | 000,000,355 | ---- | M] () -- C:\Users\mommy\Documents\Computer - Shortcut.lnk
[2012/05/22 16:41:48 | 000,151,591 | ---- | M] () -- C:\Users\mommy\Documents\tonybarkercarestimate.htm
[2012/05/21 21:36:29 | 000,011,408 | ---- | M] () -- C:\Users\mommy\Documents\serenade of hell.odt
[2012/05/15 11:50:03 | 000,624,412 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/15 11:50:03 | 000,106,756 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/10 22:28:31 | 000,021,683 | ---- | M] () -- C:\Users\mommy\Documents\Joey Cats.odt
[2012/05/09 03:47:00 | 000,471,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/07 22:30:26 | 000,018,984 | ---- | M] () -- C:\Users\mommy\Documents\Regeneration Rough Draft.odt

========== Files Created - No Company Name ==========

[2012/06/05 21:07:41 | 000,000,512 | ---- | C] () -- C:\Users\mommy\Desktop\MBR.dat
[2012/06/05 15:27:41 | 000,001,184 | ---- | C] () -- C:\windows\System32\drivers\kgpfr2.cfg
[2012/06/05 15:27:36 | 000,001,960 | ---- | C] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/06/05 14:00:30 | 000,853,862 | ---- | C] () -- C:\Users\mommy\Desktop\SecurityCheck.exe
[2012/06/02 01:22:13 | 000,294,216 | ---- | C] () -- C:\Users\mommy\Desktop\gmer.zip
[2012/06/01 21:18:37 | 000,001,041 | ---- | C] () -- C:\Users\mommy\Desktop\SpywareBlaster.lnk
[2012/05/31 10:28:05 | 000,511,400 | ---- | C] () -- C:\Users\mommy\Desktop\OfficeInstaller.exe
[2012/05/30 20:12:23 | 000,348,071 | ---- | C] () -- C:\Users\mommy\Documents\Top10Booksgraph.png
[2012/05/30 18:12:00 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/05/30 18:12:00 | 000,001,798 | ---- | C] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/30 18:12:00 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012/05/30 18:00:43 | 000,302,425 | ---- | C] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx
[2012/05/30 18:00:43 | 000,031,470 | ---- | C] () -- C:\Users\mommy\AppData\Local\funmoods.crx
[2012/05/30 18:00:18 | 000,001,859 | ---- | C] () -- C:\Users\mommy\Desktop\Download Microsoft_Office_Word_2007.lnk
[2012/05/29 17:49:53 | 000,000,961 | ---- | C] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/29 17:49:53 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/26 16:24:37 | 000,000,355 | ---- | C] () -- C:\Users\mommy\Documents\Computer - Shortcut.lnk
[2012/05/22 16:41:47 | 000,151,591 | ---- | C] () -- C:\Users\mommy\Documents\tonybarkercarestimate.htm
[2012/05/21 21:36:27 | 000,011,408 | ---- | C] () -- C:\Users\mommy\Documents\serenade of hell.odt
[2012/05/07 21:19:17 | 000,018,984 | ---- | C] () -- C:\Users\mommy\Documents\Regeneration Rough Draft.odt
[2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\Users\mommy\AppData\Local\660m8dr7khcg
[2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\ProgramData\660m8dr7khcg
[2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\Users\mommy\AppData\Local\31w2v585n3rjh8b84r8ro
[2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\ProgramData\31w2v585n3rjh8b84r8ro
[2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\Users\mommy\AppData\Local\v6ty32s6fy3mfn
[2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\ProgramData\v6ty32s6fy3mfn
[2011/07/06 23:58:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/07/03 14:37:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/07/03 14:37:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/07/03 14:37:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\Users\mommy\AppData\Local\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
[2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
[2011/06/06 17:39:47 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~26140408r
[2010/12/10 19:52:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/07 00:56:58 | 000,056,320 | -H-- | C] () -- C:\Users\mommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:067BF339
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 PM

Posted 05 June 2012 - 11:17 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182>
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460}
    IE - HKCU\..\SearchScopes,DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460}
    IE - HKCU\..\SearchScopes\{93C0173A-B512-439B-B0B4-A58339748460}: "URL" = <http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182>
    [2012/05/30 18:01:49 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\ffxtlbr@funmoods.com
    [2011/11/01 20:27:34 | 000,001,504 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\imdb.xml
    [2011/10/08 16:08:30 | 000,000,705 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster-1.xml
    [2010/11/22 21:23:57 | 000,000,705 | -H-- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster.xml
    [2011/10/15 00:29:27 | 000,002,057 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\youtube-video-search.xml
    [2012/06/03 20:38:39 | 000,202,062 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\{AA052FD6-366A-4771-A591-0D8DC551585D}.XPI
    [2012/05/30 18:00:21 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
    [2012/05/30 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
    [2012/05/30 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
    [2012/05/30 18:00:40 | 000,302,425 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx
    [2012/05/30 18:00:40 | 000,031,470 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods.crx
    [2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\Users\mommy\AppData\Local\660m8dr7khcg
    [2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\ProgramData\660m8dr7khcg
    [2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\Users\mommy\AppData\Local\31w2v585n3rjh8b84r8ro
    [2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\ProgramData\31w2v585n3rjh8b84r8ro
    [2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\Users\mommy\AppData\Local\v6ty32s6fy3mfn
    [2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\ProgramData\v6ty32s6fy3mfn
    [2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\Users\mommy\AppData\Local\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
    [2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:067BF339
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 carolannh

carolannh
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 06 June 2012 - 03:14 PM

OTL logfile created on: 6/6/2012 3:55:59 PM - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\mommy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000540A | Country: United States | Language: EST | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 44.23% Memory free
5.92 Gb Paging File | 3.85 Gb Available in Paging File | 65.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.85 Gb Total Space | 24.81 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 7.63 Gb Free Space | 25.21% Space Free | Partition Type: NTFS
Drive E: | 113.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOMMY-PC | User Name: mommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mommy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DigitalLifeboat\Data Protection Service\DigitalLifeboatClientApp.exe (Digital Lifeboat)
PRC - C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe (Digital Lifeboat, Inc.)
PRC - C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)
PRC - C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f1241239a9b8229f91ce55d230fad38c\System.Messaging.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Immunet\3.0.5\dhr.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\System32\370prop.ax ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Digital Lifeboat Update Service) -- C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe (Digital Lifeboat, Inc.)
SRV - (Digital Lifeboat Backup Service) -- C:\Program Files\DigitalLifeboat\Data Protection Service\DataProtectionService.exe (Digital Lifeboat, Inc)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L)
SRV - (ImmunetProtect) -- C:\Program Files\Immunet\3.0.5\agent.exe (Sourcefire, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (DDNIService) -- C:\Program Files\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (DDNIMSGService) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (aswMBR) -- C:\Users\mommy\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (szkgfs) -- C:\Windows\System32\drivers\SZKGFS.sys (iS3, Inc.)
DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (ImmunetProtectDriver) -- C:\Windows\System32\drivers\ImmunetProtect.sys (Windows ® Win 7 DDK provider)
DRV - (ImmunetSelfProtectDriver) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider)
DRV - (szkg5) -- C:\Windows\System32\drivers\SZKG.sys (iS3 Inc.)
DRV - (is3srv) -- C:\Windows\System32\drivers\is3srv.sys (iS3 Inc.)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows ® Codename Longhorn DDK provider)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
IE - HKLM\..\SearchScopes\{5B96EF18-C40E-FC59-EE06-11CA218F3579}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460}
IE - HKCU\..\SearchScopes,DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{5B96EF18-C40E-FC59-EE06-11CA218F3579}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{93C0173A-B512-439B-B0B4-A58339748460}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Yahoo"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?hl=en&shva=1"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mommy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/07 17:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/15 11:22:40 | 000,000,000 | ---D | M]

[2010/09/23 16:45:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Extensions
[2012/06/03 20:38:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions
[2011/04/25 22:17:23 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\chromifox@altmusictv.com
[2012/05/30 18:01:49 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\ffxtlbr@funmoods.com
[2012/05/30 18:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\jetpack\FantapperExtension@brandaffinity.net
[2012/05/30 18:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
[2011/11/01 20:27:34 | 000,001,504 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\imdb.xml
[2011/10/08 16:08:30 | 000,000,705 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster-1.xml
[2010/11/22 21:23:57 | 000,000,705 | -H-- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster.xml
[2011/10/15 00:29:27 | 000,002,057 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\youtube-video-search.xml
[2012/03/05 18:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/12 23:30:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/03 20:38:39 | 000,202,062 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\{AA052FD6-366A-4771-A591-0D8DC551585D}.XPI
[2012/05/30 18:00:21 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012/05/07 17:39:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/26 10:12:41 | 000,304,504 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2012/03/03 19:44:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/03 19:44:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mommy\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\mommy\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mommy\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mommy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: ShopAtHome.com extension = C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.0.0_0\
CHR - Extension: AT_Oscar = C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphgjnagopjcejpncakmojifbeakeilb\3_1\

O1 HOSTS File: ([2011/07/25 16:21:32 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Digital Lifeboat Client Application] C:\Program Files\DigitalLifeboat\Data Protection Service\DigitalLifeboatClientApp.exe (Digital Lifeboat)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet\3.0.5\iptray.exe (Immunet)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.2.28.14 63.162.197.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BADB65D-981F-4F80-BFB9-915EDEAB5D6E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A914467C-124F-4594-9691-EAEB78AF21AF}: DhcpNameServer = 71.2.28.14 63.162.197.99
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/06/19 08:56:51 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 23:34:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mommy\Desktop\OTL.exe
[2012/06/05 18:40:59 | 000,000,000 | -H-D | C] -- C:\Lifeboat Restore Working
[2012/06/05 16:08:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mommy\Desktop\aswMBR.exe
[2012/06/05 16:05:53 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mommy\Desktop\tdsskiller.exe
[2012/06/05 15:27:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/05 15:24:56 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/05 15:09:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/05 15:04:36 | 004,538,040 | R--- | C] (Swearware) -- C:\Users\mommy\Desktop\ComboFix.exe
[2012/06/02 01:27:58 | 000,000,000 | ---D | C] -- C:\Users\mommy\Desktop\gmer
[2012/06/02 01:23:43 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/01 23:52:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\mommy\Desktop\dds.scr
[2012/06/01 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/06/01 21:18:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSSTDFMT.DLL
[2012/06/01 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/05/30 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\mommy\Documents\Vuze Downloads
[2012/05/30 18:12:40 | 000,000,000 | ---D | C] -- C:\Users\mommy\.swt
[2012/05/30 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\mommy\AppData\Roaming\Azureus
[2012/05/30 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2012/05/30 18:07:31 | 009,740,728 | ---- | C] (Vuze Inc.) -- C:\Users\mommy\Documents\Vuze_Installer.exe
[2012/05/30 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
[2012/05/30 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/05/29 17:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/05/29 17:47:19 | 006,379,928 | ---- | C] (BitTorrent, Inc.) -- C:\Users\mommy\Documents\BitTorrent.exe
[2012/05/22 16:41:48 | 000,000,000 | ---D | C] -- C:\Users\mommy\Documents\tonybarkercarestimate_files
[2012/05/19 02:22:36 | 000,000,000 | ---D | C] -- C:\Users\mommy\Documents\statistics @SCC 2012
[2012/05/08 17:03:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/08 17:03:38 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/08 17:03:38 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/08 16:56:52 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/07 17:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/07 17:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/06/06 16:01:37 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 15:51:07 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005UA.job
[2012/06/06 15:51:02 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005UA.job
[2012/06/06 15:49:51 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012/06/06 12:04:15 | 000,000,298 | ---- | M] () -- C:\windows\tasks\Immunet Scan 1551726.job
[2012/06/05 23:52:31 | 000,002,088 | ---- | M] () -- C:\windows\System32\drivers\kgpfr2.cfg
[2012/06/05 23:52:30 | 000,003,784 | ---- | M] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/06/05 23:47:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005Core.job
[2012/06/05 23:35:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mommy\Desktop\OTL.exe
[2012/06/05 21:07:41 | 000,000,512 | ---- | M] () -- C:\Users\mommy\Desktop\MBR.dat
[2012/06/05 17:56:03 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3120601830-1121106676-2442682348-1005Core.job
[2012/06/05 16:10:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mommy\Desktop\aswMBR.exe
[2012/06/05 16:06:23 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mommy\Desktop\tdsskiller.exe
[2012/06/05 15:36:22 | 000,009,920 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 15:36:22 | 000,009,920 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 15:26:23 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/05 15:05:49 | 004,538,040 | R--- | M] (Swearware) -- C:\Users\mommy\Desktop\ComboFix.exe
[2012/06/05 14:01:21 | 000,853,862 | ---- | M] () -- C:\Users\mommy\Desktop\SecurityCheck.exe
[2012/06/02 12:31:20 | 000,294,216 | ---- | M] () -- C:\Users\mommy\Desktop\gmer.zip
[2012/06/02 01:27:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/02 01:23:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 23:52:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\mommy\Desktop\dds.scr
[2012/06/01 21:18:37 | 000,001,041 | ---- | M] () -- C:\Users\mommy\Desktop\SpywareBlaster.lnk
[2012/05/31 10:28:13 | 000,511,400 | ---- | M] () -- C:\Users\mommy\Desktop\OfficeInstaller.exe
[2012/05/31 10:19:46 | 000,001,859 | ---- | M] () -- C:\Users\mommy\Desktop\Download Microsoft_Office_Word_2007.lnk
[2012/05/30 20:14:52 | 000,348,071 | ---- | M] () -- C:\Users\mommy\Documents\Top10Booksgraph.png
[2012/05/30 18:12:00 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/05/30 18:12:00 | 000,001,798 | ---- | M] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/30 18:09:17 | 009,740,728 | ---- | M] (Vuze Inc.) -- C:\Users\mommy\Documents\Vuze_Installer.exe
[2012/05/30 18:00:40 | 000,302,425 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx
[2012/05/30 18:00:40 | 000,031,470 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods.crx
[2012/05/29 17:49:53 | 000,000,961 | ---- | M] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/29 17:49:53 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/29 17:48:37 | 006,379,928 | ---- | M] (BitTorrent, Inc.) -- C:\Users\mommy\Documents\BitTorrent.exe
[2012/05/26 16:24:37 | 000,000,355 | ---- | M] () -- C:\Users\mommy\Documents\Computer - Shortcut.lnk
[2012/05/22 16:41:48 | 000,151,591 | ---- | M] () -- C:\Users\mommy\Documents\tonybarkercarestimate.htm
[2012/05/21 21:36:29 | 000,011,408 | ---- | M] () -- C:\Users\mommy\Documents\serenade of hell.odt
[2012/05/15 11:50:03 | 000,624,412 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/15 11:50:03 | 000,106,756 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/10 22:28:31 | 000,021,683 | ---- | M] () -- C:\Users\mommy\Documents\Joey Cats.odt
[2012/05/09 03:47:00 | 000,471,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/07 22:30:26 | 000,018,984 | ---- | M] () -- C:\Users\mommy\Documents\Regeneration Rough Draft.odt

========== Files Created - No Company Name ==========

[2012/06/05 21:07:41 | 000,000,512 | ---- | C] () -- C:\Users\mommy\Desktop\MBR.dat
[2012/06/05 15:27:41 | 000,002,088 | ---- | C] () -- C:\windows\System32\drivers\kgpfr2.cfg
[2012/06/05 15:27:36 | 000,003,784 | ---- | C] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/06/05 14:00:30 | 000,853,862 | ---- | C] () -- C:\Users\mommy\Desktop\SecurityCheck.exe
[2012/06/02 01:22:13 | 000,294,216 | ---- | C] () -- C:\Users\mommy\Desktop\gmer.zip
[2012/06/01 21:18:37 | 000,001,041 | ---- | C] () -- C:\Users\mommy\Desktop\SpywareBlaster.lnk
[2012/05/31 10:28:05 | 000,511,400 | ---- | C] () -- C:\Users\mommy\Desktop\OfficeInstaller.exe
[2012/05/30 20:12:23 | 000,348,071 | ---- | C] () -- C:\Users\mommy\Documents\Top10Booksgraph.png
[2012/05/30 18:12:00 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/05/30 18:12:00 | 000,001,798 | ---- | C] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/30 18:12:00 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012/05/30 18:00:43 | 000,302,425 | ---- | C] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx
[2012/05/30 18:00:43 | 000,031,470 | ---- | C] () -- C:\Users\mommy\AppData\Local\funmoods.crx
[2012/05/30 18:00:18 | 000,001,859 | ---- | C] () -- C:\Users\mommy\Desktop\Download Microsoft_Office_Word_2007.lnk
[2012/05/29 17:49:53 | 000,000,961 | ---- | C] () -- C:\Users\mommy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/29 17:49:53 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/26 16:24:37 | 000,000,355 | ---- | C] () -- C:\Users\mommy\Documents\Computer - Shortcut.lnk
[2012/05/22 16:41:47 | 000,151,591 | ---- | C] () -- C:\Users\mommy\Documents\tonybarkercarestimate.htm
[2012/05/21 21:36:27 | 000,011,408 | ---- | C] () -- C:\Users\mommy\Documents\serenade of hell.odt
[2012/05/07 21:19:17 | 000,018,984 | ---- | C] () -- C:\Users\mommy\Documents\Regeneration Rough Draft.odt
[2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\Users\mommy\AppData\Local\660m8dr7khcg
[2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\ProgramData\660m8dr7khcg
[2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\Users\mommy\AppData\Local\31w2v585n3rjh8b84r8ro
[2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\ProgramData\31w2v585n3rjh8b84r8ro
[2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\Users\mommy\AppData\Local\v6ty32s6fy3mfn
[2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\ProgramData\v6ty32s6fy3mfn
[2011/07/06 23:58:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/07/03 14:37:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/07/03 14:37:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/07/03 14:37:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\Users\mommy\AppData\Local\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
[2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
[2011/06/06 17:39:47 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~26140408r
[2010/12/10 19:52:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/07 00:56:58 | 000,056,320 | -H-- | C] () -- C:\Users\mommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< :OTL >

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182> >
Invalid Switch: ?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182>

< IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460} >

< IE - HKCU\..\SearchScopes,DefaultScope = {93C0173A-B512-439B-B0B4-A58339748460} >

< IE - HKCU\..\SearchScopes\{93C0173A-B512-439B-B0B4-A58339748460}: "URL" = <http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtBtD0CtB0E0C0F0AzytDtN0D0TzutBtDtCtBtDyDtAtD&cr=1693681182> >

< [2012/05/30 18:01:49 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\ffxtlbr@funmoods.com >
Invalid Switch: 30 18:01:49 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\extensions\ffxtlbr@funmoods.com

< [2011/11/01 20:27:34 | 000,001,504 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\imdb.xml >
Invalid Switch: 01 20:27:34 | 000,001,504 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\imdb.xml

< [2011/10/08 16:08:30 | 000,000,705 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster-1.xml >
Invalid Switch: 08 16:08:30 | 000,000,705 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster-1.xml

< [2010/11/22 21:23:57 | 000,000,705 | -H-- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster.xml >
Invalid Switch: 22 21:23:57 | 000,000,705 | -H-- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\webster.xml

< [2011/10/15 00:29:27 | 000,002,057 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\youtube-video-search.xml >
Invalid Switch: 15 00:29:27 | 000,002,057 | ---- | M] () -- C:\Users\mommy\AppData\Roaming\Mozilla\Firefox\Profiles\qrjwhz67.default\searchplugins\youtube-video-search.xml

< [2012/06/03 20:38:39 | 000,202,062 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\{AA052FD6-366A-4771-A591-0D8DC551585D}.XPI >
Invalid Switch: 03 20:38:39 | 000,202,062 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\{AA052FD6-366A-4771-A591-0D8DC551585D}.XPI

< [2012/05/30 18:00:21 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI >
Invalid Switch: 30 18:00:21 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\MOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QRJWHZ67.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI

< [2012/05/30 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods >
Invalid Switch: 30 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods

< [2012/05/30 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload >
Invalid Switch: 30 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload

< [2012/05/30 18:00:40 | 000,302,425 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx >
Invalid Switch: 30 18:00:40 | 000,302,425 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods-speeddial.crx

< [2012/05/30 18:00:40 | 000,031,470 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods.crx >
Invalid Switch: 30 18:00:40 | 000,031,470 | ---- | M] () -- C:\Users\mommy\AppData\Local\funmoods.crx

< [2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\Users\mommy\AppData\Local\660m8dr7khcg >
Invalid Switch: 29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\Users\mommy\AppData\Local\660m8dr7khcg

< [2011/12/29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\ProgramData\660m8dr7khcg >
Invalid Switch: 29 10:10:06 | 000,009,336 | -HS- | C] () -- C:\ProgramData\660m8dr7khcg

< [2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\Users\mommy\AppData\Local\31w2v585n3rjh8b84r8ro >
Invalid Switch: 20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\Users\mommy\AppData\Local\31w2v585n3rjh8b84r8ro

< [2011/12/20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\ProgramData\31w2v585n3rjh8b84r8ro >
Invalid Switch: 20 01:11:21 | 000,001,688 | -HS- | C] () -- C:\ProgramData\31w2v585n3rjh8b84r8ro

< [2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\Users\mommy\AppData\Local\v6ty32s6fy3mfn >
Invalid Switch: 05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\Users\mommy\AppData\Local\v6ty32s6fy3mfn

< [2011/12/05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\ProgramData\v6ty32s6fy3mfn >
Invalid Switch: 05 18:17:38 | 000,009,416 | -HS- | C] () -- C:\ProgramData\v6ty32s6fy3mfn

< [2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\Users\mommy\AppData\Local\deow1vg58852bdtc3g62w37712kpxb620d03722ipd >
Invalid Switch: 13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\Users\mommy\AppData\Local\deow1vg58852bdtc3g62w37712kpxb620d03722ipd

< [2011/06/13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd >
Invalid Switch: 13 02:05:06 | 000,010,240 | -HS- | C] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd

< @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:067BF339 >

< @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34 >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< :Commands >

< [PURITY] >

< [emptyjava] >

< [EMPTYFLASH] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:067BF339
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users