Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects & Pc always thinking..


  • This topic is locked This topic is locked
20 replies to this topic

#1 MistyC

MistyC

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 11 September 2012 - 12:37 PM

I tried to run the DDS but it kept locking up the PC. I ran the other one though & it is here.. TY for your help! This is a Windows XP built PC. I can find out whatever you may need to know! We are running Firefox mainly, but also have IE

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-11 13:05:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: J:\DOCUME~1\dad\LOCALS~1\Temp\pxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA3AAE0DA]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA3AAECA6]
SSDT \??\J:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys ZwCreateThread [0xA3C3B5E0]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA3AAEEB8]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xA3AB2714]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xA3AB2756]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xA3AB28FA]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA3AAEDCA]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xA3AAE282]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xA3AAE482]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA3AAE5C2]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xA3AB285E]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA3AB27A8]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xA3AB27EA]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xA3AB2824]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xA3AAE068]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA3AAEF6A]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xA3AB269C]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA3AADFE6]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xA3AADEEE]
SSDT \??\J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xA3AADF46]

---- Kernel code sections - GMER 1.0.15 ----

.text J:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5EDE3A0, 0x5FE082, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414FF0 J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
.text J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
.text J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1188] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022
.text J:\Program Files\Xfire\Xfire.exe[2264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 047837AC J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 04783150 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 04782BC8 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 04782B2D J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 04782A99 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0478329B J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 047833E9 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 047831F7 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!InvalidateRect 7E428FD5 5 Bytes JMP 04782D10 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 04782A05 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 04782EE4 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 04782F7C J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!RedrawWindow 7E429944 5 Bytes JMP 04783017 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0478333F J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!IsWindowVisible 7E429E3D 7 Bytes JMP 0478353A J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!SetFocus 7E42B112 5 Bytes JMP 04782C78 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 04782E4C J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!InvalidateRgn 7E42CDFE 5 Bytes JMP 04782DAE J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 04783481 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 047830B8 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Xfire\Xfire.exe[2264] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 04783702 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011C0C00 J:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028EAFF3 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013F7B4C J:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028EB0F3 J:\Program Files\Xfire\xfire_toucan_44507.dll (Xfire Toucan DLL/Xfire Inc.)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013F7B29 J:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 011C3FAC J:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text J:\Program Files\Mozilla Firefox\firefox.exe[2536] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013F7AAA J:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text J:\program files\real\realplayer\update\realsched.exe[4088] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device InCDFs.sys (InCD File System Driver/Nero AG)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 12 September 2012 - 12:25 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 13 September 2012 - 06:34 AM

Okay here is the first one.. I still can not run DDS. I have turned off everything I can.. It still gets stuck & just sits there. I let it sit for about 30 minutes this time. It would not finish & locked up the pc. I had to do a force restart. Here is the first one though..

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
CCleaner
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 12.0.742.112
Google Chrome 12.0.742.122
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive J:: 2%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 13 September 2012 - 07:10 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 14 September 2012 - 01:52 PM

ok I give up.. I can not get Combofix to run.. I left it alone, no one touching the computer, and it still would not run. I do have to say that the computer doesnt seem to be running non-stop any more. And it seems to be going to the links like it should be.. dont want to jinx it too bad.. But what would you like me to do?

Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 14 September 2012 - 05:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 15 September 2012 - 12:36 PM

12:13:57.0656 7792 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:13:58.0015 7792 ============================================================
12:13:58.0015 7792 Current date / time: 2012/09/15 12:13:58.0015
12:13:58.0015 7792 SystemInfo:
12:13:58.0015 7792
12:13:58.0015 7792 OS Version: 5.1.2600 ServicePack: 3.0
12:13:58.0015 7792 Product type: Workstation
12:13:58.0015 7792 ComputerName: DADS
12:13:58.0015 7792 UserName: dad
12:13:58.0015 7792 Windows directory: J:\WINDOWS
12:13:58.0015 7792 System windows directory: J:\WINDOWS
12:13:58.0015 7792 Processor architecture: Intel x86
12:13:58.0015 7792 Number of processors: 4
12:13:58.0015 7792 Page size: 0x1000
12:13:58.0015 7792 Boot type: Normal boot
12:13:58.0015 7792 ============================================================
12:13:58.0531 7792 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
12:13:58.0546 7792 ============================================================
12:13:58.0546 7792 \Device\Harddisk0\DR0:
12:13:58.0546 7792 MBR partitions:
12:13:58.0546 7792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
12:13:58.0546 7792 ============================================================
12:13:58.0578 7792 J: <-> \Device\Harddisk0\DR0\Partition1
12:13:58.0578 7792 ============================================================
12:13:58.0578 7792 Initialize success
12:13:58.0578 7792 ============================================================
12:14:08.0343 7864 ============================================================
12:14:08.0343 7864 Scan started
12:14:08.0343 7864 Mode: Manual;
12:14:08.0343 7864 ============================================================
12:14:08.0578 7864 ================ Scan system memory ========================
12:14:08.0593 7864 System memory - ok
12:14:08.0593 7864 ================ Scan services =============================
12:14:08.0718 7864 Abiosdsk - ok
12:14:08.0718 7864 abp480n5 - ok
12:14:08.0859 7864 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI J:\WINDOWS\system32\DRIVERS\ACPI.sys
12:14:08.0859 7864 ACPI - ok
12:14:08.0937 7864 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC J:\WINDOWS\system32\drivers\ACPIEC.sys
12:14:08.0937 7864 ACPIEC - ok
12:14:09.0000 7864 [ EE97365199D656DDF3197FFDB091EADF ] ADIDTSFiltService J:\WINDOWS\system32\drivers\adidts.sys
12:14:09.0000 7864 ADIDTSFiltService - ok
12:14:09.0062 7864 [ 0158F4027C0808FF65ED3B3D683339C9 ] ADIHdAudAddService J:\WINDOWS\system32\drivers\ADIHdAud.sys
12:14:09.0078 7864 ADIHdAudAddService - ok
12:14:09.0156 7864 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc J:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:14:09.0156 7864 AdobeFlashPlayerUpdateSvc - ok
12:14:09.0156 7864 adpu160m - ok
12:14:09.0171 7864 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudio J:\WINDOWS\system32\drivers\AEAudio.sys
12:14:09.0171 7864 AEAudio - ok
12:14:09.0218 7864 [ 8BED39E3C35D6A489438B8141717A557 ] aec J:\WINDOWS\system32\drivers\aec.sys
12:14:09.0218 7864 aec - ok
12:14:09.0281 7864 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD J:\WINDOWS\System32\drivers\afd.sys
12:14:09.0296 7864 AFD - ok
12:14:09.0296 7864 Aha154x - ok
12:14:09.0296 7864 aic78u2 - ok
12:14:09.0312 7864 aic78xx - ok
12:14:09.0406 7864 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter J:\WINDOWS\system32\alrsvc.dll
12:14:09.0406 7864 Alerter - ok
12:14:09.0406 7864 [ 8C515081584A38AA007909CD02020B3D ] ALG J:\WINDOWS\System32\alg.exe
12:14:09.0406 7864 ALG - ok
12:14:09.0421 7864 AliIde - ok
12:14:09.0484 7864 [ 6F6021CAD9822AAD1B249ED23204E590 ] Amfilter J:\WINDOWS\system32\DRIVERS\Amfilter.sys
12:14:09.0484 7864 Amfilter - ok
12:14:09.0484 7864 amsint - ok
12:14:09.0515 7864 [ 430375398FB4271F6883B7F4C59EECC3 ] Amusbprt J:\WINDOWS\system32\DRIVERS\Amusbprt.sys
12:14:09.0515 7864 Amusbprt - ok
12:14:09.0625 7864 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:14:09.0625 7864 Apple Mobile Device - ok
12:14:09.0640 7864 AppMgmt - ok
12:14:09.0671 7864 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 J:\WINDOWS\system32\DRIVERS\arp1394.sys
12:14:09.0671 7864 Arp1394 - ok
12:14:09.0671 7864 asc - ok
12:14:09.0687 7864 asc3350p - ok
12:14:09.0687 7864 asc3550 - ok
12:14:09.0781 7864 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:14:09.0781 7864 aspnet_state - ok
12:14:09.0781 7864 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac J:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:14:09.0781 7864 AsyncMac - ok
12:14:09.0796 7864 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi J:\WINDOWS\system32\DRIVERS\atapi.sys
12:14:09.0796 7864 atapi - ok
12:14:09.0796 7864 Atdisk - ok
12:14:09.0859 7864 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc J:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:14:09.0859 7864 Atmarpc - ok
12:14:09.0875 7864 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv J:\WINDOWS\System32\audiosrv.dll
12:14:09.0875 7864 AudioSrv - ok
12:14:09.0921 7864 [ D9F724AA26C010A217C97606B160ED68 ] audstub J:\WINDOWS\system32\DRIVERS\audstub.sys
12:14:09.0921 7864 audstub - ok
12:14:09.0937 7864 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt J:\WINDOWS\System32\Drivers\BANTExt.sys
12:14:09.0937 7864 BANTExt - ok
12:14:10.0000 7864 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep J:\WINDOWS\system32\drivers\Beep.sys
12:14:10.0000 7864 Beep - ok
12:14:10.0046 7864 [ 574738F61FCA2935F5265DC4E5691314 ] BITS J:\WINDOWS\system32\qmgr.dll
12:14:10.0125 7864 BITS - ok
12:14:10.0140 7864 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service J:\Program Files\Bonjour\mDNSResponder.exe
12:14:10.0156 7864 Bonjour Service - ok
12:14:10.0203 7864 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser J:\WINDOWS\System32\browser.dll
12:14:10.0203 7864 Browser - ok
12:14:10.0250 7864 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k J:\WINDOWS\system32\drivers\cbidf2k.sys
12:14:10.0250 7864 cbidf2k - ok
12:14:10.0250 7864 cd20xrnt - ok
12:14:10.0265 7864 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio J:\WINDOWS\system32\drivers\Cdaudio.sys
12:14:10.0265 7864 Cdaudio - ok
12:14:10.0265 7864 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs J:\WINDOWS\system32\drivers\Cdfs.sys
12:14:10.0281 7864 Cdfs - ok
12:14:10.0359 7864 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom J:\WINDOWS\system32\DRIVERS\cdrom.sys
12:14:10.0359 7864 Cdrom - ok
12:14:10.0375 7864 Changer - ok
12:14:10.0421 7864 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc J:\WINDOWS\system32\cisvc.exe
12:14:10.0421 7864 CiSvc - ok
12:14:10.0468 7864 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv J:\WINDOWS\system32\clipsrv.exe
12:14:10.0468 7864 ClipSrv - ok
12:14:10.0578 7864 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 J:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:14:10.0656 7864 clr_optimization_v2.0.50727_32 - ok
12:14:10.0718 7864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:14:10.0718 7864 clr_optimization_v4.0.30319_32 - ok
12:14:10.0734 7864 CmdIde - ok
12:14:10.0734 7864 COMSysApp - ok
12:14:10.0750 7864 Cpqarray - ok
12:14:10.0750 7864 crhqlj - ok
12:14:10.0750 7864 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc J:\WINDOWS\System32\cryptsvc.dll
12:14:10.0765 7864 CryptSvc - ok
12:14:10.0765 7864 dac2w2k - ok
12:14:10.0765 7864 dac960nt - ok
12:14:10.0828 7864 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch J:\WINDOWS\system32\rpcss.dll
12:14:10.0828 7864 DcomLaunch - ok
12:14:10.0843 7864 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp J:\WINDOWS\System32\dhcpcsvc.dll
12:14:10.0843 7864 Dhcp - ok
12:14:10.0859 7864 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk J:\WINDOWS\system32\DRIVERS\disk.sys
12:14:10.0859 7864 Disk - ok
12:14:10.0875 7864 dmadmin - ok
12:14:10.0921 7864 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot J:\WINDOWS\system32\drivers\dmboot.sys
12:14:10.0937 7864 dmboot - ok
12:14:10.0937 7864 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio J:\WINDOWS\system32\drivers\dmio.sys
12:14:10.0953 7864 dmio - ok
12:14:10.0953 7864 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload J:\WINDOWS\system32\drivers\dmload.sys
12:14:10.0953 7864 dmload - ok
12:14:11.0031 7864 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver J:\WINDOWS\System32\dmserver.dll
12:14:11.0031 7864 dmserver - ok
12:14:11.0062 7864 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic J:\WINDOWS\system32\drivers\DMusic.sys
12:14:11.0062 7864 DMusic - ok
12:14:11.0109 7864 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache J:\WINDOWS\System32\dnsrslvr.dll
12:14:11.0109 7864 Dnscache - ok
12:14:11.0125 7864 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc J:\WINDOWS\System32\dot3svc.dll
12:14:11.0125 7864 Dot3svc - ok
12:14:11.0125 7864 dpti2o - ok
12:14:11.0156 7864 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud J:\WINDOWS\system32\drivers\drmkaud.sys
12:14:11.0156 7864 drmkaud - ok
12:14:11.0203 7864 [ AEF8587C4B0ED482F466B5E76802D383 ] DwProt J:\WINDOWS\system32\drivers\dwprot.sys
12:14:11.0203 7864 DwProt - ok
12:14:11.0234 7864 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost J:\WINDOWS\System32\eapsvc.dll
12:14:11.0234 7864 EapHost - ok
12:14:11.0250 7864 eehpmrla - ok
12:14:11.0250 7864 egqfdaly - ok
12:14:11.0296 7864 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc J:\WINDOWS\System32\ersvc.dll
12:14:11.0296 7864 ERSvc - ok
12:14:11.0359 7864 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog J:\WINDOWS\system32\services.exe
12:14:11.0359 7864 Eventlog - ok
12:14:11.0375 7864 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem J:\WINDOWS\system32\es.dll
12:14:11.0390 7864 EventSystem - ok
12:14:11.0390 7864 [ 38D332A6D56AF32635675F132548343E ] Fastfat J:\WINDOWS\system32\drivers\Fastfat.sys
12:14:11.0390 7864 Fastfat - ok
12:14:11.0421 7864 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility J:\WINDOWS\System32\shsvcs.dll
12:14:11.0421 7864 FastUserSwitchingCompatibility - ok
12:14:11.0437 7864 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc J:\WINDOWS\system32\DRIVERS\fdc.sys
12:14:11.0437 7864 Fdc - ok
12:14:11.0453 7864 ffnqanqj - ok
12:14:11.0515 7864 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips J:\WINDOWS\system32\drivers\Fips.sys
12:14:11.0515 7864 Fips - ok
12:14:11.0531 7864 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk J:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:14:11.0531 7864 Flpydisk - ok
12:14:11.0562 7864 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr J:\WINDOWS\system32\drivers\fltmgr.sys
12:14:11.0562 7864 FltMgr - ok
12:14:11.0671 7864 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 j:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:14:11.0687 7864 FontCache3.0.0.0 - ok
12:14:11.0687 7864 fqvtdmsa - ok
12:14:11.0687 7864 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec J:\WINDOWS\system32\drivers\Fs_Rec.sys
12:14:11.0687 7864 Fs_Rec - ok
12:14:11.0703 7864 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk J:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:14:11.0703 7864 Ftdisk - ok
12:14:11.0703 7864 gckumtdb - ok
12:14:11.0765 7864 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM J:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:14:11.0765 7864 GEARAspiWDM - ok
12:14:11.0781 7864 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc J:\WINDOWS\system32\DRIVERS\msgpc.sys
12:14:11.0796 7864 Gpc - ok
12:14:11.0828 7864 gupdate - ok
12:14:11.0843 7864 gupdatem - ok
12:14:11.0843 7864 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus J:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:14:11.0843 7864 HDAudBus - ok
12:14:11.0906 7864 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc J:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:14:11.0906 7864 helpsvc - ok
12:14:11.0968 7864 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ J:\WINDOWS\System32\hidserv.dll
12:14:11.0968 7864 HidServ - ok
12:14:12.0000 7864 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb J:\WINDOWS\system32\DRIVERS\hidusb.sys
12:14:12.0000 7864 hidusb - ok
12:14:12.0031 7864 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc J:\WINDOWS\System32\kmsvc.dll
12:14:12.0031 7864 hkmsvc - ok
12:14:12.0046 7864 hpn - ok
12:14:12.0062 7864 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 J:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:14:12.0062 7864 HPZid412 - ok
12:14:12.0062 7864 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 J:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:14:12.0062 7864 HPZipr12 - ok
12:14:12.0078 7864 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 J:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:14:12.0078 7864 HPZius12 - ok
12:14:12.0109 7864 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP J:\WINDOWS\system32\Drivers\HTTP.sys
12:14:12.0109 7864 HTTP - ok
12:14:12.0125 7864 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter J:\WINDOWS\System32\w3ssl.dll
12:14:12.0140 7864 HTTPFilter - ok
12:14:12.0156 7864 i2omgmt - ok
12:14:12.0156 7864 i2omp - ok
12:14:12.0171 7864 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt J:\WINDOWS\system32\drivers\i8042prt.sys
12:14:12.0171 7864 i8042prt - ok
12:14:12.0218 7864 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc j:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:14:12.0234 7864 idsvc - ok
12:14:12.0250 7864 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi J:\WINDOWS\system32\DRIVERS\imapi.sys
12:14:12.0250 7864 Imapi - ok
12:14:12.0281 7864 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService J:\WINDOWS\system32\imapi.exe
12:14:12.0296 7864 ImapiService - ok
12:14:12.0343 7864 [ 580A81790CD0A48D85DA322267DA7AC4 ] InCDfs J:\WINDOWS\system32\drivers\InCDFs.sys
12:14:12.0343 7864 InCDfs - ok
12:14:12.0343 7864 [ AAA2789D2CE21B31BE9406BA1CEB7285 ] InCDPass J:\WINDOWS\system32\drivers\InCDPass.sys
12:14:12.0343 7864 InCDPass - ok
12:14:12.0359 7864 [ 4D022577E9072B5D22E0A383A7806BBB ] InCDrec J:\WINDOWS\system32\drivers\InCDrec.sys
12:14:12.0359 7864 InCDrec - ok
12:14:12.0359 7864 [ C258E57321A3C3737F4FA815FA69EE0B ] incdrm J:\WINDOWS\system32\drivers\InCDRm.sys
12:14:12.0359 7864 incdrm - ok
12:14:12.0453 7864 [ 9792B85E32E058CD6A43DB274BA47D57 ] InCDsrv J:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
12:14:12.0468 7864 InCDsrv - ok
12:14:12.0468 7864 ini910u - ok
12:14:12.0484 7864 IntelIde - ok
12:14:12.0515 7864 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm J:\WINDOWS\system32\DRIVERS\intelppm.sys
12:14:12.0515 7864 intelppm - ok
12:14:12.0593 7864 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw J:\WINDOWS\system32\drivers\ip6fw.sys
12:14:12.0593 7864 Ip6Fw - ok
12:14:12.0640 7864 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:14:12.0640 7864 IpFilterDriver - ok
12:14:12.0656 7864 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp J:\WINDOWS\system32\DRIVERS\ipinip.sys
12:14:12.0656 7864 IpInIp - ok
12:14:12.0687 7864 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat J:\WINDOWS\system32\DRIVERS\ipnat.sys
12:14:12.0687 7864 IpNat - ok
12:14:12.0687 7864 iPod Service - ok
12:14:12.0703 7864 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec J:\WINDOWS\system32\DRIVERS\ipsec.sys
12:14:12.0703 7864 IPSec - ok
12:14:12.0703 7864 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM J:\WINDOWS\system32\DRIVERS\irenum.sys
12:14:12.0703 7864 IRENUM - ok
12:14:12.0718 7864 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp J:\WINDOWS\system32\DRIVERS\isapnp.sys
12:14:12.0718 7864 isapnp - ok
12:14:12.0718 7864 izxslhtv - ok
12:14:12.0750 7864 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService J:\Program Files\Java\jre6\bin\jqs.exe
12:14:12.0750 7864 JavaQuickStarterService - ok
12:14:12.0750 7864 jcbeyubm - ok
12:14:12.0765 7864 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass J:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:14:12.0765 7864 Kbdclass - ok
12:14:12.0765 7864 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid J:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:14:12.0765 7864 kbdhid - ok
12:14:12.0812 7864 [ 692BCF44383D056AED41B045A323D378 ] kmixer J:\WINDOWS\system32\drivers\kmixer.sys
12:14:12.0812 7864 kmixer - ok
12:14:12.0859 7864 [ B467646C54CC746128904E1654C750C1 ] KSecDD J:\WINDOWS\system32\drivers\KSecDD.sys
12:14:12.0859 7864 KSecDD - ok
12:14:12.0859 7864 kzrvkxft - ok
12:14:12.0921 7864 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver J:\WINDOWS\System32\srvsvc.dll
12:14:12.0921 7864 lanmanserver - ok
12:14:12.0937 7864 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation J:\WINDOWS\System32\wkssvc.dll
12:14:12.0937 7864 lanmanworkstation - ok
12:14:12.0937 7864 lbrtfdc - ok
12:14:12.0968 7864 [ 53710476495886D9961BE46983A6A33F ] LightScribeService J:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:14:12.0968 7864 LightScribeService - ok
12:14:12.0968 7864 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts J:\WINDOWS\System32\lmhsvc.dll
12:14:12.0968 7864 LmHosts - ok
12:14:12.0984 7864 lmimirr - ok
12:14:12.0984 7864 lotmdjfq - ok
12:14:13.0015 7864 [ 6C1B3C47915A8BF6BD752C9D476B1CA5 ] mbamchameleon J:\WINDOWS\system32\drivers\mbamchameleon.sys
12:14:13.0015 7864 mbamchameleon - ok
12:14:13.0031 7864 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector J:\WINDOWS\system32\drivers\mbam.sys
12:14:13.0031 7864 MBAMProtector - ok
12:14:13.0078 7864 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler J:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:14:13.0078 7864 MBAMScheduler - ok
12:14:13.0109 7864 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService J:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:14:13.0109 7864 MBAMService - ok
12:14:13.0156 7864 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger J:\WINDOWS\System32\msgsvc.dll
12:14:13.0156 7864 Messenger - ok
12:14:13.0156 7864 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd J:\WINDOWS\system32\drivers\mnmdd.sys
12:14:13.0156 7864 mnmdd - ok
12:14:13.0187 7864 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc J:\WINDOWS\system32\mnmsrvc.exe
12:14:13.0187 7864 mnmsrvc - ok
12:14:13.0203 7864 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem J:\WINDOWS\system32\drivers\Modem.sys
12:14:13.0203 7864 Modem - ok
12:14:13.0203 7864 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass J:\WINDOWS\system32\DRIVERS\mouclass.sys
12:14:13.0203 7864 Mouclass - ok
12:14:13.0265 7864 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid J:\WINDOWS\system32\DRIVERS\mouhid.sys
12:14:13.0265 7864 mouhid - ok
12:14:13.0265 7864 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr J:\WINDOWS\system32\drivers\MountMgr.sys
12:14:13.0281 7864 MountMgr - ok
12:14:13.0312 7864 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance J:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:14:13.0312 7864 MozillaMaintenance - ok
12:14:13.0312 7864 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter J:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:14:13.0312 7864 MpFilter - ok
12:14:13.0375 7864 MpKsl21cbbbd9 - ok
12:14:13.0390 7864 mraid35x - ok
12:14:13.0437 7864 MREMP50 - ok
12:14:13.0437 7864 MREMPR5 - ok
12:14:13.0453 7864 MRENDIS5 - ok
12:14:13.0453 7864 MRESP50 - ok
12:14:13.0468 7864 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV J:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:14:13.0468 7864 MRxDAV - ok
12:14:13.0531 7864 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:14:13.0546 7864 MRxSmb - ok
12:14:13.0546 7864 msdsnteh - ok
12:14:13.0593 7864 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC J:\WINDOWS\system32\msdtc.exe
12:14:13.0593 7864 MSDTC - ok
12:14:13.0609 7864 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs J:\WINDOWS\system32\drivers\Msfs.sys
12:14:13.0609 7864 Msfs - ok
12:14:13.0609 7864 MSIServer - ok
12:14:13.0640 7864 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV J:\WINDOWS\system32\drivers\MSKSSRV.sys
12:14:13.0640 7864 MSKSSRV - ok
12:14:13.0671 7864 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc j:\Program Files\Microsoft Security Client\MsMpEng.exe
12:14:13.0671 7864 MsMpSvc - ok
12:14:13.0703 7864 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK J:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:14:13.0703 7864 MSPCLOCK - ok
12:14:13.0718 7864 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM J:\WINDOWS\system32\drivers\MSPQM.sys
12:14:13.0718 7864 MSPQM - ok
12:14:13.0734 7864 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios J:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:14:13.0734 7864 mssmbios - ok
12:14:13.0781 7864 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor J:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:14:13.0781 7864 MTsensor - ok
12:14:13.0828 7864 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup J:\WINDOWS\system32\drivers\Mup.sys
12:14:13.0843 7864 Mup - ok
12:14:13.0906 7864 [ 0102140028FAD045756796E1C685D695 ] napagent J:\WINDOWS\System32\qagentrt.dll
12:14:13.0906 7864 napagent - ok
12:14:13.0984 7864 [ B498A14133BD09AD0817590ACE4470AD ] NBService J:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:14:14.0000 7864 NBService - ok
12:14:14.0000 7864 [ 1DF7F42665C94B825322FAE71721130D ] NDIS J:\WINDOWS\system32\drivers\NDIS.sys
12:14:14.0000 7864 NDIS - ok
12:14:14.0046 7864 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi J:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:14:14.0046 7864 NdisTapi - ok
12:14:14.0078 7864 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio J:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:14:14.0078 7864 Ndisuio - ok
12:14:14.0078 7864 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan J:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:14:14.0078 7864 NdisWan - ok
12:14:14.0093 7864 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy J:\WINDOWS\system32\drivers\NDProxy.sys
12:14:14.0093 7864 NDProxy - ok
12:14:14.0109 7864 Net Driver HPZ12 - ok
12:14:14.0109 7864 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS J:\WINDOWS\system32\DRIVERS\netbios.sys
12:14:14.0109 7864 NetBIOS - ok
12:14:14.0140 7864 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT J:\WINDOWS\system32\DRIVERS\netbt.sys
12:14:14.0140 7864 NetBT - ok
12:14:14.0187 7864 [ B857BA82860D7FF85AE29B095645563B ] NetDDE J:\WINDOWS\system32\netdde.exe
12:14:14.0187 7864 NetDDE - ok
12:14:14.0187 7864 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm J:\WINDOWS\system32\netdde.exe
12:14:14.0187 7864 NetDDEdsdm - ok
12:14:14.0218 7864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon J:\WINDOWS\system32\lsass.exe
12:14:14.0218 7864 Netlogon - ok
12:14:14.0296 7864 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman J:\WINDOWS\System32\netman.dll
12:14:14.0296 7864 Netman - ok
12:14:14.0359 7864 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing j:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:14:14.0359 7864 NetTcpPortSharing - ok
12:14:14.0375 7864 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 J:\WINDOWS\system32\DRIVERS\nic1394.sys
12:14:14.0375 7864 NIC1394 - ok
12:14:14.0406 7864 [ 943337D786A56729263071623BBB9DE5 ] Nla J:\WINDOWS\System32\mswsock.dll
12:14:14.0421 7864 Nla - ok
12:14:14.0531 7864 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService J:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:14:14.0531 7864 NMIndexingService - ok
12:14:14.0546 7864 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs J:\WINDOWS\system32\drivers\Npfs.sys
12:14:14.0546 7864 Npfs - ok
12:14:14.0546 7864 npggsvc - ok
12:14:14.0562 7864 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs J:\WINDOWS\system32\drivers\Ntfs.sys
12:14:14.0578 7864 Ntfs - ok
12:14:14.0578 7864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp J:\WINDOWS\system32\lsass.exe
12:14:14.0578 7864 NtLmSsp - ok
12:14:14.0625 7864 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc J:\WINDOWS\system32\ntmssvc.dll
12:14:14.0625 7864 NtmsSvc - ok
12:14:14.0640 7864 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null J:\WINDOWS\system32\drivers\Null.sys
12:14:14.0656 7864 Null - ok
12:14:14.0875 7864 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv J:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:14:15.0031 7864 nv - ok
12:14:15.0062 7864 [ CCD0C2A9A9C4C59441072564B011B546 ] NVENETFD J:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:14:15.0062 7864 NVENETFD - ok
12:14:15.0078 7864 [ FA740E97A0FE36E368C2299D9F3C01C1 ] nvgts J:\WINDOWS\system32\DRIVERS\nvgts.sys
12:14:15.0078 7864 nvgts - ok
12:14:15.0078 7864 [ A4931D96F111B5A8F3129507AE7BDF12 ] nvnetbus J:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:14:15.0078 7864 nvnetbus - ok
12:14:15.0125 7864 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] NVSvc J:\WINDOWS\system32\nvsvc32.exe
12:14:15.0125 7864 NVSvc - ok
12:14:15.0187 7864 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:14:15.0187 7864 NwlnkFlt - ok
12:14:15.0234 7864 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:14:15.0234 7864 NwlnkFwd - ok
12:14:15.0234 7864 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 J:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:14:15.0234 7864 ohci1394 - ok
12:14:15.0296 7864 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport J:\WINDOWS\system32\drivers\Parport.sys
12:14:15.0296 7864 Parport - ok
12:14:15.0296 7864 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr J:\WINDOWS\system32\drivers\PartMgr.sys
12:14:15.0296 7864 PartMgr - ok
12:14:15.0343 7864 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm J:\WINDOWS\system32\drivers\ParVdm.sys
12:14:15.0343 7864 ParVdm - ok
12:14:15.0359 7864 [ A219903CCF74233761D92BEF471A07B1 ] PCI J:\WINDOWS\system32\DRIVERS\pci.sys
12:14:15.0359 7864 PCI - ok
12:14:15.0359 7864 PCIDump - ok
12:14:15.0375 7864 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde J:\WINDOWS\system32\DRIVERS\pciide.sys
12:14:15.0375 7864 PCIIde - ok
12:14:15.0390 7864 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia J:\WINDOWS\system32\drivers\Pcmcia.sys
12:14:15.0390 7864 Pcmcia - ok
12:14:15.0390 7864 PDCOMP - ok
12:14:15.0406 7864 PDFRAME - ok
12:14:15.0406 7864 PDRELI - ok
12:14:15.0406 7864 PDRFRAME - ok
12:14:15.0421 7864 perc2 - ok
12:14:15.0421 7864 perc2hib - ok
12:14:15.0625 7864 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart J:\ComboFix\pev.3XE
12:14:15.0640 7864 PEVSystemStart - ok
12:14:15.0656 7864 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay J:\WINDOWS\system32\services.exe
12:14:15.0656 7864 PlugPlay - ok
12:14:15.0671 7864 Pml Driver HPZ12 - ok
12:14:15.0671 7864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent J:\WINDOWS\system32\lsass.exe
12:14:15.0671 7864 PolicyAgent - ok
12:14:15.0671 7864 ppftnput - ok
12:14:15.0687 7864 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport J:\WINDOWS\system32\DRIVERS\raspptp.sys
12:14:15.0687 7864 PptpMiniport - ok
12:14:15.0687 7864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage J:\WINDOWS\system32\lsass.exe
12:14:15.0687 7864 ProtectedStorage - ok
12:14:15.0703 7864 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched J:\WINDOWS\system32\DRIVERS\psched.sys
12:14:15.0703 7864 PSched - ok
12:14:15.0718 7864 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink J:\WINDOWS\system32\DRIVERS\ptilink.sys
12:14:15.0718 7864 Ptilink - ok
12:14:15.0734 7864 ptrummvq - ok
12:14:15.0734 7864 ql1080 - ok
12:14:15.0750 7864 Ql10wnt - ok
12:14:15.0750 7864 ql12160 - ok
12:14:15.0750 7864 ql1240 - ok
12:14:15.0765 7864 ql1280 - ok
12:14:15.0812 7864 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 J:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
12:14:15.0828 7864 RapportCerberus_42020 - ok
12:14:15.0875 7864 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI J:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
12:14:15.0875 7864 RapportEI - ok
12:14:15.0890 7864 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL J:\WINDOWS\system32\Drivers\RapportKELL.sys
12:14:15.0890 7864 RapportKELL - ok
12:14:15.0906 7864 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
12:14:15.0921 7864 RapportMgmtService - ok
12:14:15.0937 7864 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
12:14:15.0937 7864 RapportPG - ok
12:14:15.0953 7864 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd J:\WINDOWS\system32\DRIVERS\rasacd.sys
12:14:15.0953 7864 RasAcd - ok
12:14:15.0984 7864 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto J:\WINDOWS\System32\rasauto.dll
12:14:15.0984 7864 RasAuto - ok
12:14:16.0000 7864 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:14:16.0000 7864 Rasl2tp - ok
12:14:16.0015 7864 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan J:\WINDOWS\System32\rasmans.dll
12:14:16.0031 7864 RasMan - ok
12:14:16.0031 7864 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe J:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:14:16.0031 7864 RasPppoe - ok
12:14:16.0031 7864 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti J:\WINDOWS\system32\DRIVERS\raspti.sys
12:14:16.0031 7864 Raspti - ok
12:14:16.0062 7864 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss J:\WINDOWS\system32\DRIVERS\rdbss.sys
12:14:16.0062 7864 Rdbss - ok
12:14:16.0062 7864 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:14:16.0062 7864 RDPCDD - ok
12:14:16.0125 7864 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD J:\WINDOWS\system32\drivers\RDPWD.sys
12:14:16.0125 7864 RDPWD - ok
12:14:16.0140 7864 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr J:\WINDOWS\system32\sessmgr.exe
12:14:16.0156 7864 RDSessMgr - ok
12:14:16.0171 7864 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook J:\WINDOWS\system32\DRIVERS\redbook.sys
12:14:16.0171 7864 redbook - ok
12:14:16.0203 7864 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess J:\WINDOWS\System32\mprdim.dll
12:14:16.0203 7864 RemoteAccess - ok
12:14:16.0250 7864 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator J:\WINDOWS\system32\locator.exe
12:14:16.0250 7864 RpcLocator - ok
12:14:16.0312 7864 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs J:\WINDOWS\system32\rpcss.dll
12:14:16.0328 7864 RpcSs - ok
12:14:16.0343 7864 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP J:\WINDOWS\system32\rsvp.exe
12:14:16.0343 7864 RSVP - ok
12:14:16.0343 7864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs J:\WINDOWS\system32\lsass.exe
12:14:16.0359 7864 SamSs - ok
12:14:16.0359 7864 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr J:\WINDOWS\System32\SCardSvr.exe
12:14:16.0359 7864 SCardSvr - ok
12:14:16.0421 7864 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule J:\WINDOWS\system32\schedsvc.dll
12:14:16.0421 7864 Schedule - ok
12:14:16.0437 7864 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv J:\WINDOWS\system32\DRIVERS\secdrv.sys
12:14:16.0453 7864 Secdrv - ok
12:14:16.0468 7864 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon J:\WINDOWS\System32\seclogon.dll
12:14:16.0468 7864 seclogon - ok
12:14:16.0468 7864 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS J:\WINDOWS\system32\sens.dll
12:14:16.0484 7864 SENS - ok
12:14:16.0500 7864 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum J:\WINDOWS\system32\DRIVERS\serenum.sys
12:14:16.0500 7864 serenum - ok
12:14:16.0500 7864 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial J:\WINDOWS\system32\DRIVERS\serial.sys
12:14:16.0500 7864 Serial - ok
12:14:16.0578 7864 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy J:\WINDOWS\system32\drivers\Sfloppy.sys
12:14:16.0578 7864 Sfloppy - ok
12:14:16.0593 7864 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess J:\WINDOWS\System32\ipnathlp.dll
12:14:16.0593 7864 SharedAccess - ok
12:14:16.0609 7864 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection J:\WINDOWS\System32\shsvcs.dll
12:14:16.0609 7864 ShellHWDetection - ok
12:14:16.0609 7864 Simbad - ok
12:14:16.0625 7864 Sparrow - ok
12:14:16.0640 7864 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter J:\WINDOWS\system32\drivers\splitter.sys
12:14:16.0640 7864 splitter - ok
12:14:16.0671 7864 [ 60784F891563FB1B767F70117FC2428F ] Spooler J:\WINDOWS\system32\spoolsv.exe
12:14:16.0671 7864 Spooler - ok
12:14:16.0671 7864 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr J:\WINDOWS\system32\DRIVERS\sr.sys
12:14:16.0671 7864 sr - ok
12:14:16.0687 7864 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice J:\WINDOWS\system32\srsvc.dll
12:14:16.0687 7864 srservice - ok
12:14:16.0703 7864 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv J:\WINDOWS\system32\DRIVERS\srv.sys
12:14:16.0718 7864 Srv - ok
12:14:16.0734 7864 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV J:\WINDOWS\System32\ssdpsrv.dll
12:14:16.0750 7864 SSDPSRV - ok
12:14:16.0781 7864 Steam Client Service - ok
12:14:16.0796 7864 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc J:\WINDOWS\system32\wiaservc.dll
12:14:16.0796 7864 stisvc - ok
12:14:16.0812 7864 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum J:\WINDOWS\system32\DRIVERS\swenum.sys
12:14:16.0812 7864 swenum - ok
12:14:16.0812 7864 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi J:\WINDOWS\system32\drivers\swmidi.sys
12:14:16.0812 7864 swmidi - ok
12:14:16.0812 7864 SwPrv - ok
12:14:16.0828 7864 sxlhqqqx - ok
12:14:16.0828 7864 symc810 - ok
12:14:16.0843 7864 symc8xx - ok
12:14:16.0843 7864 sym_hi - ok
12:14:16.0843 7864 sym_u3 - ok
12:14:16.0859 7864 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio J:\WINDOWS\system32\drivers\sysaudio.sys
12:14:16.0859 7864 sysaudio - ok
12:14:16.0875 7864 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog J:\WINDOWS\system32\smlogsvc.exe
12:14:16.0875 7864 SysmonLog - ok
12:14:16.0906 7864 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv J:\WINDOWS\System32\tapisrv.dll
12:14:16.0906 7864 TapiSrv - ok
12:14:16.0937 7864 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip J:\WINDOWS\system32\DRIVERS\tcpip.sys
12:14:16.0937 7864 Tcpip - ok
12:14:16.0953 7864 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE J:\WINDOWS\system32\drivers\TDPIPE.sys
12:14:16.0953 7864 TDPIPE - ok
12:14:16.0968 7864 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP J:\WINDOWS\system32\drivers\TDTCP.sys
12:14:16.0968 7864 TDTCP - ok
12:14:17.0000 7864 [ 88155247177638048422893737429D9E ] TermDD J:\WINDOWS\system32\DRIVERS\termdd.sys
12:14:17.0000 7864 TermDD - ok
12:14:17.0031 7864 [ FF3477C03BE7201C294C35F684B3479F ] TermService J:\WINDOWS\System32\termsrv.dll
12:14:17.0031 7864 TermService - ok
12:14:17.0031 7864 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes J:\WINDOWS\System32\shsvcs.dll
12:14:17.0031 7864 Themes - ok
12:14:17.0046 7864 TosIde - ok
12:14:17.0046 7864 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks J:\WINDOWS\system32\trkwks.dll
12:14:17.0062 7864 TrkWks - ok
12:14:17.0078 7864 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs J:\WINDOWS\system32\drivers\Udfs.sys
12:14:17.0078 7864 Udfs - ok
12:14:17.0078 7864 ufkzlmdm - ok
12:14:17.0093 7864 ultra - ok
12:14:17.0093 7864 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update J:\WINDOWS\system32\DRIVERS\update.sys
12:14:17.0109 7864 Update - ok
12:14:17.0109 7864 upeqxemv - ok
12:14:17.0125 7864 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost J:\WINDOWS\System32\upnphost.dll
12:14:17.0140 7864 upnphost - ok
12:14:17.0156 7864 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS J:\WINDOWS\System32\ups.exe
12:14:17.0156 7864 UPS - ok
12:14:17.0187 7864 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL J:\WINDOWS\system32\Drivers\usbaapl.sys
12:14:17.0187 7864 USBAAPL - ok
12:14:17.0218 7864 [ E919708DB44ED8543A7C017953148330 ] usbaudio J:\WINDOWS\system32\drivers\usbaudio.sys
12:14:17.0218 7864 usbaudio - ok
12:14:17.0265 7864 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp J:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:14:17.0281 7864 usbccgp - ok
12:14:17.0281 7864 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci J:\WINDOWS\system32\DRIVERS\usbehci.sys
12:14:17.0281 7864 usbehci - ok
12:14:17.0296 7864 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub J:\WINDOWS\system32\DRIVERS\usbhub.sys
12:14:17.0296 7864 usbhub - ok
12:14:17.0359 7864 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci J:\WINDOWS\system32\DRIVERS\usbohci.sys
12:14:17.0359 7864 usbohci - ok
12:14:17.0421 7864 [ A717C8721046828520C9EDF31288FC00 ] usbprint J:\WINDOWS\system32\DRIVERS\usbprint.sys
12:14:17.0421 7864 usbprint - ok
12:14:17.0468 7864 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan J:\WINDOWS\system32\DRIVERS\usbscan.sys
12:14:17.0468 7864 usbscan - ok
12:14:17.0546 7864 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:14:17.0546 7864 usbstor - ok
12:14:17.0609 7864 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave J:\WINDOWS\System32\drivers\vga.sys
12:14:17.0609 7864 VgaSave - ok
12:14:17.0609 7864 ViaIde - ok
12:14:17.0656 7864 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap J:\WINDOWS\system32\drivers\VolSnap.sys
12:14:17.0656 7864 VolSnap - ok
12:14:17.0687 7864 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS J:\WINDOWS\System32\vssvc.exe
12:14:17.0687 7864 VSS - ok
12:14:17.0703 7864 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time J:\WINDOWS\system32\w32time.dll
12:14:17.0703 7864 W32Time - ok
12:14:17.0718 7864 waauqzja - ok
12:14:17.0718 7864 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp J:\WINDOWS\system32\DRIVERS\wanarp.sys
12:14:17.0718 7864 Wanarp - ok
12:14:17.0843 7864 [ 6A1AEF46AC445EF4013E494BAC9D66C2 ] WDBackup J:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
12:14:17.0843 7864 WDBackup - ok
12:14:17.0859 7864 [ 46DA6F2C6B084069EC9C4A1C79BFE8C7 ] WDDriveService J:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
12:14:17.0875 7864 WDDriveService - ok
12:14:17.0875 7864 WDICA - ok
12:14:17.0921 7864 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud J:\WINDOWS\system32\drivers\wdmaud.sys
12:14:17.0921 7864 wdmaud - ok
12:14:18.0000 7864 [ B1C9682B3AC27567BDBA4DEDAFB6FA79 ] WDRulesService J:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
12:14:18.0000 7864 WDRulesService - ok
12:14:18.0015 7864 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient J:\WINDOWS\System32\webclnt.dll
12:14:18.0015 7864 WebClient - ok
12:14:18.0093 7864 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt J:\WINDOWS\system32\wbem\WMIsvc.dll
12:14:18.0109 7864 winmgmt - ok
12:14:18.0109 7864 wjthnnvd - ok
12:14:18.0171 7864 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc J:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:14:18.0187 7864 wlidsvc - ok
12:14:18.0265 7864 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN J:\WINDOWS\system32\MsPMSNSv.dll
12:14:18.0265 7864 WmdmPmSN - ok
12:14:18.0296 7864 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv J:\WINDOWS\system32\wbem\wmiapsrv.exe
12:14:18.0296 7864 WmiApSrv - ok
12:14:18.0359 7864 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc J:\Program Files\Windows Media Player\WMPNetwk.exe
12:14:18.0375 7864 WMPNetworkSvc - ok
12:14:18.0390 7864 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb J:\WINDOWS\system32\Drivers\wpdusb.sys
12:14:18.0390 7864 WpdUsb - ok
12:14:18.0437 7864 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 J:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:14:18.0453 7864 WPFFontCache_v0400 - ok
12:14:18.0484 7864 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL J:\WINDOWS\System32\drivers\ws2ifsl.sys
12:14:18.0484 7864 WS2IFSL - ok
12:14:18.0531 7864 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc J:\WINDOWS\system32\wscsvc.dll
12:14:18.0531 7864 wscsvc - ok
12:14:18.0578 7864 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv J:\WINDOWS\system32\wuauserv.dll
12:14:18.0578 7864 wuauserv - ok
12:14:18.0671 7864 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC J:\WINDOWS\System32\wzcsvc.dll
12:14:18.0734 7864 WZCSVC - ok
12:14:18.0765 7864 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov J:\WINDOWS\System32\xmlprov.dll
12:14:18.0781 7864 xmlprov - ok
12:14:18.0796 7864 xxitlisd - ok
12:14:18.0796 7864 zfmisqmv - ok
12:14:18.0812 7864 ================ Scan global ===============================
12:14:18.0906 7864 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] J:\WINDOWS\system32\basesrv.dll
12:14:18.0937 7864 [ 8C7DCA4B158BF16894120786A7A5F366 ] J:\WINDOWS\system32\winsrv.dll
12:14:18.0937 7864 [ 8C7DCA4B158BF16894120786A7A5F366 ] J:\WINDOWS\system32\winsrv.dll
12:14:18.0968 7864 [ 65DF52F5B8B6E9BBD183505225C37315 ] J:\WINDOWS\system32\services.exe
12:14:18.0968 7864 [Global] - ok
12:14:18.0968 7864 ================ Scan MBR ==================================
12:14:18.0984 7864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:14:19.0093 7864 \Device\Harddisk0\DR0 - ok
12:14:19.0093 7864 ================ Scan VBR ==================================
12:14:19.0093 7864 [ 7CACAE212F140539364D91D6C07E6A73 ] \Device\Harddisk0\DR0\Partition1
12:14:19.0109 7864 \Device\Harddisk0\DR0\Partition1 - ok
12:14:19.0109 7864 ============================================================
12:14:19.0109 7864 Scan finished
12:14:19.0109 7864 ============================================================
12:14:19.0125 7120 Detected object count: 0
12:14:19.0125 7120 Actual detected object count: 0
12:14:40.0203 8576 Deinitialize success


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-15 12:17:05
-----------------------------
12:17:05.140 OS Version: Windows 5.1.2600 Service Pack 3
12:17:05.140 Number of processors: 4 586 0xF0B
12:17:05.140 ComputerName: DADS UserName: dad
12:17:07.781 Initialize success
12:21:23.203 AVAST engine defs: 12091400
12:29:43.734 Service scanning
12:29:56.343 Modules scanning
12:30:00.531 Disk 0 trace - called modules:
12:30:00.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
12:30:00.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af61ab8]
12:30:00.578 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8affef18]
12:30:00.578 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port4Path0Target0Lun0[0x8afbba38]
12:30:03.515 AVAST engine scan J:\WINDOWS
12:30:19.531 AVAST engine scan J:\WINDOWS\system32
12:34:04.406 AVAST engine scan J:\WINDOWS\system32\drivers
12:35:32.250 AVAST engine scan J:\Documents and Settings\dad
13:24:19.750 AVAST engine scan J:\Documents and Settings\All Users
13:33:34.015 Scan finished successfully
13:36:24.843 The log file has been saved successfully to "J:\Documents and Settings\dad\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 15 September 2012 - 03:52 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 16 September 2012 - 06:20 AM

Thank you so much for your help.. Here is the log!

ComboFix 12-09-15.02 - dad 09/16/2012 7:07.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1977 [GMT -4:00]
Running from: j:\documents and settings\dad\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
j:\documents and settings\All Users\Application Data\TEMP
j:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\{6a88e94e-e881-452e-a27e-42285faf6d1d}
j:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\{6a88e94e-e881-452e-a27e-42285faf6d1d}\chrome.manifest
j:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\{6a88e94e-e881-452e-a27e-42285faf6d1d}\chrome\xulcache.jar
j:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\{6a88e94e-e881-452e-a27e-42285faf6d1d}\install.rdf
j:\documents and settings\dad\WINDOWS
j:\windows\system32\dllcache\dlimport.exe
j:\windows\system32\drivers\etc\hosts.ics
j:\windows\system32\drivers\tcpip.copy
j:\windows\system32\PowerToyReadme.htm
j:\windows\system32\SET1F1.tmp
j:\windows\system32\SET1F6.tmp
j:\windows\system32\SET1FD.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 10:14 . 2012-08-23 07:15 7022536 ----a-w- j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBB0D97F-3715-42A2-8DE6-2EFC44514A67}\mpengine.dll
2012-09-15 10:14 . 2012-08-23 07:15 7022536 ----a-w- j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-11 19:39 . 2012-09-11 19:39 -------- d--h--w- j:\windows\PIF
2012-09-09 14:05 . 2012-09-09 14:05 -------- d-----w- j:\documents and settings\NetworkService\Application Data\Xfire
2012-09-09 14:05 . 2012-09-09 14:05 -------- d-----w- j:\documents and settings\dad\Local Settings\Application Data\Funcom
2012-09-09 14:04 . 2010-06-02 08:55 74072 ----a-w- j:\windows\system32\XAPOFX1_5.dll
2012-09-09 14:04 . 2010-06-02 08:55 527192 ----a-w- j:\windows\system32\XAudio2_7.dll
2012-09-09 14:04 . 2010-06-02 08:55 239960 ----a-w- j:\windows\system32\xactengine3_7.dll
2012-09-09 14:04 . 2010-05-26 15:41 470880 ----a-w- j:\windows\system32\d3dx10_43.dll
2012-09-09 14:04 . 2010-05-26 15:41 248672 ----a-w- j:\windows\system32\d3dx11_43.dll
2012-09-09 14:04 . 2010-05-26 15:41 1868128 ----a-w- j:\windows\system32\d3dcsx_43.dll
2012-09-09 14:04 . 2010-02-04 14:01 74072 ----a-w- j:\windows\system32\XAPOFX1_4.dll
2012-09-09 14:04 . 2010-02-04 14:01 528216 ----a-w- j:\windows\system32\XAudio2_6.dll
2012-09-09 14:04 . 2010-02-04 14:01 238936 ----a-w- j:\windows\system32\xactengine3_6.dll
2012-09-09 14:04 . 2010-02-04 14:01 22360 ----a-w- j:\windows\system32\X3DAudio1_7.dll
2012-09-09 14:03 . 2012-09-09 14:04 -------- d--h--w- j:\windows\msdownld.tmp
2012-09-09 14:03 . 2012-09-09 14:03 -------- d-----w- j:\documents and settings\All Users\Application Data\media center programs
2012-09-09 14:03 . 2012-09-09 14:03 -------- d-----w- j:\program files\Funcom
2012-09-06 04:47 . 2012-09-06 04:47 -------- d-----w- j:\documents and settings\All Users\Application Data\rionix
2012-09-04 08:31 . 2012-09-04 08:32 -------- d-----w- j:\program files\Rescue Team 2
2012-09-04 08:30 . 2012-09-04 08:31 -------- d-----w- j:\program files\Cooking Academy 3 - Recipe for Success
2012-09-04 08:25 . 2012-09-04 09:03 -------- d-----w- j:\program files\Pet Pals - New Leash on Life
2012-09-02 01:46 . 2012-09-02 01:46 -------- d-sh--w- j:\documents and settings\dad\IECompatCache
2012-08-30 22:58 . 2012-09-07 03:25 73696 ----a-w- j:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-30 22:58 . 2012-09-07 03:25 266720 ----a-w- j:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-30 22:58 . 2012-09-07 03:25 18912 ----a-w- j:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-08-30 22:58 . 2012-09-07 03:25 118240 ----a-w- j:\program files\Mozilla Firefox\crashreporter.exe
2012-08-30 22:58 . 2012-08-30 22:58 2106216 ----a-w- j:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-08-30 22:58 . 2012-09-07 03:25 917984 ----a-w- j:\program files\Mozilla Firefox\firefox.exe
2012-08-30 22:58 . 2012-09-07 03:25 82400 ----a-w- j:\program files\Mozilla Firefox\libEGL.dll
2012-08-30 22:58 . 2012-09-07 03:25 258528 ----a-w- j:\program files\Mozilla Firefox\freebl3.dll
2012-08-30 22:58 . 2012-09-07 03:25 2288608 ----a-w- j:\program files\Mozilla Firefox\gkmedias.dll
2012-08-30 22:58 . 2012-08-30 22:58 1998168 ----a-w- j:\program files\Mozilla Firefox\d3dx9_43.dll
2012-08-30 22:58 . 2012-09-07 03:25 425952 ----a-w- j:\program files\Mozilla Firefox\libGLESv2.dll
2012-08-30 22:58 . 2012-09-07 03:25 114144 ----a-w- j:\program files\Mozilla Firefox\maintenanceservice.exe
2012-08-30 20:20 . 2012-08-30 20:20 35144 ----a-w- j:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 20:19 . 2012-08-30 20:19 -------- d-----w- j:\program files\Yontoo
2012-08-30 20:17 . 2012-08-30 20:19 -------- d-----w- j:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-26 18:23 . 2012-08-26 18:23 -------- d-----w- j:\documents and settings\All Users\Application Data\Playrix Entertainment
2012-08-26 11:52 . 2012-08-26 11:52 -------- d-----w- j:\program files\Playrix Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 00:22 . 2012-07-27 23:28 43520 ----a-w- j:\windows\system32\CmdLineExt03.dll
2012-09-07 21:04 . 2011-03-11 06:26 22856 ----a-w- j:\windows\system32\drivers\mbam.sys
2012-08-25 22:07 . 2012-04-13 11:22 696520 ----a-w- j:\windows\system32\FlashPlayerApp.exe
2012-08-25 22:07 . 2011-06-06 21:38 73416 -c--a-w- j:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 18:33 . 2011-04-10 03:18 230840 ----a-r- j:\windows\system32\cpnprt2.cid
2012-07-30 00:52 . 2012-07-30 00:52 65848 ----a-w- j:\windows\system32\drivers\RapportKELL.sys
2012-07-20 17:34 . 2012-07-20 17:34 1198557 ----a-w- j:\windows\system32\Object Browser For Trainz ScreenSaver.scr
2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- j:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-03-09 16:28 139784 ----a-w- j:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-02-28 12:00 1866112 ----a-w- j:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-02-28 12:00 916992 ----a-w- j:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-02-28 12:00 43520 ------w- j:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-02-28 12:00 1469440 ------w- j:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-02-28 12:00 385024 ------w- j:\windows\system32\html.iec
2012-09-07 03:25 . 2012-08-30 22:58 266720 ----a-w- j:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- j:\documents and settings\dad\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- j:\documents and settings\dad\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- j:\documents and settings\dad\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- j:\documents and settings\dad\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="j:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="j:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"SoundMAXPnP"="j:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"nwiz"="j:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="j:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"HP Software Update"="j:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe ARM"="j:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="j:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"KMAP"="j:\documents and settings\All Users\Documents\hzlp\snap.exe" [2011-03-28 16384]
"QuickTime Task"="j:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"MSC"="j:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"WD Quick View"="j:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-04-30 5235608]
"TkBellExe"="j:\program files\real\realplayer\update\realsched.exe" [2012-05-29 296056]
.
j:\documents and settings\Administrator.DADS\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - j:\documents and settings\Administrator.DADS\Application Data\lpuninstall.exe [2011-9-28 9925160]
.
j:\documents and settings\dad\Start Menu\Programs\Startup\
Dropbox.lnk - j:\documents and settings\dad\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
j:\documents and settings\All Users\Start Menu\Programs\Startup\
STPStartUp.lnk - j:\documents and settings\All Users\Documents\hzlp\snap.exe [2011-4-13 16384]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\J:^Documents and Settings^dad^Start Menu^Programs^Startup^Dropbox.lnk]
path=j:\documents and settings\dad\Start Menu\Programs\Startup\Dropbox.lnk
backup=j:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- j:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- j:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]
2011-09-20 17:47 1001 ----a-w- j:\program files\Intel\IntelAppStore\bin\ismagent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center_Nagware]
2011-09-20 17:47 1878 ----a-w- j:\program files\Intel\IntelAppStore\bin\AppUp.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 00:05 421736 ----a-w- j:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 -c--a-w- j:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-06-17 09:10 107000 ----a-w- j:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- j:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-10 00:32 1353080 ----a-w- j:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"j:\\Documents and Settings\\dad\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"j:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"j:\\Program Files\\Steam\\Steam.exe"=
"j:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"j:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"j:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"j:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"j:\\Program Files\\iTunes\\iTunes.exe"=
"j:\\Program Files\\Steam\\steamapps\\common\\railworks\\RailWorks.exe"=
"j:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57991:TCP"= 57991:TCP:Pando Media Booster
"57991:UDP"= 57991:UDP:Pando Media Booster
.
R0 RapportKELL;RapportKELL;j:\windows\system32\drivers\RapportKELL.sys [7/29/2012 8:52 PM 65848]
R1 RapportCerberus_42020;RapportCerberus_42020;j:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [8/9/2012 6:49 PM 228376]
R1 RapportEI;RapportEI;j:\program files\Trusteer\Rapport\bin\RapportEI.sys [7/29/2012 8:52 PM 71480]
R1 RapportPG;RapportPG;j:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/29/2012 8:52 PM 166840]
R2 MBAMScheduler;MBAMScheduler;j:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 1:36 PM 399432]
R2 MBAMService;MBAMService;j:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/11/2011 2:26 AM 676936]
R2 RapportMgmtService;Rapport Management Service;j:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/29/2012 8:52 PM 976728]
R2 WDBackup;WD Backup;j:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [4/24/2012 9:31 AM 1150368]
R2 WDDriveService;WD Drive Manager;j:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [4/11/2012 12:01 PM 247704]
R2 WDRulesService;WD Rules;j:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [4/11/2012 12:09 PM 1177496]
R3 MBAMProtector;MBAMProtector;j:\windows\system32\drivers\mbam.sys [3/11/2011 2:26 AM 22856]
S0 crhqlj;crhqlj;j:\windows\system32\drivers\henrdkh.sys --> j:\windows\system32\drivers\henrdkh.sys [?]
S0 DwProt;DrWeb Protection;j:\windows\system32\drivers\dwprot.sys [4/15/2011 7:23 AM 135032]
S0 ffnqanqj;ffnqanqj;j:\windows\system32\drivers\nhbgstd.sys --> j:\windows\system32\drivers\nhbgstd.sys [?]
S1 eehpmrla;eehpmrla;\??\j:\windows\system32\drivers\eehpmrla.sys --> j:\windows\system32\drivers\eehpmrla.sys [?]
S1 egqfdaly;egqfdaly;\??\j:\windows\system32\drivers\egqfdaly.sys --> j:\windows\system32\drivers\egqfdaly.sys [?]
S1 fqvtdmsa;fqvtdmsa;\??\j:\windows\system32\drivers\fqvtdmsa.sys --> j:\windows\system32\drivers\fqvtdmsa.sys [?]
S1 gckumtdb;gckumtdb;\??\j:\windows\system32\drivers\gckumtdb.sys --> j:\windows\system32\drivers\gckumtdb.sys [?]
S1 izxslhtv;izxslhtv;\??\j:\windows\system32\drivers\izxslhtv.sys --> j:\windows\system32\drivers\izxslhtv.sys [?]
S1 jcbeyubm;jcbeyubm;\??\j:\windows\system32\drivers\jcbeyubm.sys --> j:\windows\system32\drivers\jcbeyubm.sys [?]
S1 kzrvkxft;kzrvkxft;\??\j:\windows\system32\drivers\kzrvkxft.sys --> j:\windows\system32\drivers\kzrvkxft.sys [?]
S1 lotmdjfq;lotmdjfq;\??\j:\windows\system32\drivers\lotmdjfq.sys --> j:\windows\system32\drivers\lotmdjfq.sys [?]
S1 MpKsl21cbbbd9;MpKsl21cbbbd9;\??\j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AFCE4C-435A-4423-BBA0-5F7F4D164F0A}\MpKsl21cbbbd9.sys --> j:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AFCE4C-435A-4423-BBA0-5F7F4D164F0A}\MpKsl21cbbbd9.sys [?]
S1 msdsnteh;msdsnteh;\??\j:\windows\system32\drivers\msdsnteh.sys --> j:\windows\system32\drivers\msdsnteh.sys [?]
S1 ppftnput;ppftnput;\??\j:\windows\system32\drivers\ppftnput.sys --> j:\windows\system32\drivers\ppftnput.sys [?]
S1 ptrummvq;ptrummvq;\??\j:\windows\system32\drivers\ptrummvq.sys --> j:\windows\system32\drivers\ptrummvq.sys [?]
S1 sxlhqqqx;sxlhqqqx;\??\j:\windows\system32\drivers\sxlhqqqx.sys --> j:\windows\system32\drivers\sxlhqqqx.sys [?]
S1 ufkzlmdm;ufkzlmdm;\??\j:\windows\system32\drivers\ufkzlmdm.sys --> j:\windows\system32\drivers\ufkzlmdm.sys [?]
S1 upeqxemv;upeqxemv;\??\j:\windows\system32\drivers\upeqxemv.sys --> j:\windows\system32\drivers\upeqxemv.sys [?]
S1 waauqzja;waauqzja;\??\j:\windows\system32\drivers\waauqzja.sys --> j:\windows\system32\drivers\waauqzja.sys [?]
S1 wjthnnvd;wjthnnvd;\??\j:\windows\system32\drivers\wjthnnvd.sys --> j:\windows\system32\drivers\wjthnnvd.sys [?]
S1 xxitlisd;xxitlisd;\??\j:\windows\system32\drivers\xxitlisd.sys --> j:\windows\system32\drivers\xxitlisd.sys [?]
S1 zfmisqmv;zfmisqmv;\??\j:\windows\system32\drivers\zfmisqmv.sys --> j:\windows\system32\drivers\zfmisqmv.sys [?]
S2 gupdate;Google Update Service (gupdate);j:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 3:19 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;j:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/13/2012 7:22 AM 250568]
S3 gupdatem;Google Update Service (gupdatem);j:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 3:19 AM 136176]
S3 mbamchameleon;mbamchameleon;j:\windows\system32\drivers\mbamchameleon.sys [8/30/2012 4:20 PM 35144]
S3 MozillaMaintenance;Mozilla Maintenance Service;j:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 6:54 AM 114144]
S3 npggsvc;nProtect GameGuard Service;j:\windows\system32\GameMon.des -service --> j:\windows\system32\GameMon.des -service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38073441
*NewlyCreated* - ASWMBR
*Deregistered* - 38073441
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 -c--a-w- j:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 j:\windows\Tasks\Adobe Flash Player Updater.job
- j:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 22:07]
.
2012-09-15 j:\windows\Tasks\AppleSoftwareUpdate.job
- j:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-15 j:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- j:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 07:19]
.
2012-09-16 j:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- j:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 07:19]
.
2012-09-14 j:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-562591055-725345543-1004.job
- j:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2012-09-11 j:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-562591055-725345543-1004.job
- j:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.diamondcandles.com/collections/all
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - j:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 8ec04e75-3f5f-4c1f-86fe-c1b301334415
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage/Lite,PageRage/Global,PageRageTeases,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
Toolbar-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
MSConfigStartUp-swg - j:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 07:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="j:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-562591055-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-09-16 07:18:01
ComboFix-quarantined-files.txt 2012-09-16 11:17
.
Pre-Run: 922,054,512,640 bytes free
Post-Run: 922,399,723,520 bytes free
.
- - End Of File - - 4B6DD83243182AD0C88C103D440BD7AD

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 16 September 2012 - 08:03 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 16 September 2012 - 05:35 PM

OTL logfile created on: 9/16/2012 5:10:15 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = J:\Documents and Settings\dad\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.05% Memory free
4.84 Gb Paging File | 4.01 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Program Files
Drive J: | 1863.01 Gb Total Space | 859.43 Gb Free Space | 46.13% Space Free | Partition Type: NTFS

Computer Name: DADS | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - J:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - J:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - J:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - J:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - J:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - J:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - J:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - j:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - J:\Documents and Settings\All Users\Documents\hzlp\halth.exe (PB Software, LLC.)
PRC - J:\Documents and Settings\All Users\Documents\hzlp\it.exe (PB Software,LLC)
PRC - J:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - J:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - J:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - J:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - J:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll ()
MOD - J:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - J:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - J:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (Pml Driver HPZ12) -- J:\WINDOWS\system32\HPZipm12.dll File not found
SRV - (Net Driver HPZ12) -- J:\WINDOWS\system32\HPZinw12.dll File not found
SRV - (iPod Service) -- J:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMService) -- J:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- J:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- J:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- J:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- J:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (WDBackup) -- J:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDRulesService) -- J:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDDriveService) -- J:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (MsMpSvc) -- j:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- J:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- J:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (InCDsrv) -- J:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (zfmisqmv) -- J:\WINDOWS\system32\drivers\zfmisqmv.sys File not found
DRV - (xxitlisd) -- J:\WINDOWS\system32\drivers\xxitlisd.sys File not found
DRV - (wjthnnvd) -- J:\WINDOWS\system32\drivers\wjthnnvd.sys File not found
DRV - (WDICA) -- File not found
DRV - (waauqzja) -- J:\WINDOWS\system32\drivers\waauqzja.sys File not found
DRV - (upeqxemv) -- J:\WINDOWS\system32\drivers\upeqxemv.sys File not found
DRV - (ufkzlmdm) -- J:\WINDOWS\system32\drivers\ufkzlmdm.sys File not found
DRV - (sxlhqqqx) -- J:\WINDOWS\system32\drivers\sxlhqqqx.sys File not found
DRV - (ptrummvq) -- J:\WINDOWS\system32\drivers\ptrummvq.sys File not found
DRV - (ppftnput) -- J:\WINDOWS\system32\drivers\ppftnput.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (msdsnteh) -- J:\WINDOWS\system32\drivers\msdsnteh.sys File not found
DRV - (MRESP50) -- J:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- J:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- J:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50) -- J:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (MpKsl21cbbbd9) -- j:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AFCE4C-435A-4423-BBA0-5F7F4D164F0A}\MpKsl21cbbbd9.sys File not found
DRV - (lotmdjfq) -- J:\WINDOWS\system32\drivers\lotmdjfq.sys File not found
DRV - (lmimirr) -- system32\DRIVERS\lmimirr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (kzrvkxft) -- J:\WINDOWS\system32\drivers\kzrvkxft.sys File not found
DRV - (jcbeyubm) -- J:\WINDOWS\system32\drivers\jcbeyubm.sys File not found
DRV - (izxslhtv) -- J:\WINDOWS\system32\drivers\izxslhtv.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (gckumtdb) -- J:\WINDOWS\system32\drivers\gckumtdb.sys File not found
DRV - (fqvtdmsa) -- J:\WINDOWS\system32\drivers\fqvtdmsa.sys File not found
DRV - (ffnqanqj) -- System32\drivers\nhbgstd.sys File not found
DRV - (egqfdaly) -- J:\WINDOWS\system32\drivers\egqfdaly.sys File not found
DRV - (eehpmrla) -- J:\WINDOWS\system32\drivers\eehpmrla.sys File not found
DRV - (crhqlj) -- System32\drivers\henrdkh.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- J:\DOCUME~1\dad\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- J:\DOCUME~1\dad\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (MBAMProtector) -- J:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- J:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (RapportCerberus_42020) -- J:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys ()
DRV - (RapportPG) -- J:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- J:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- J:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (BANTExt) -- J:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (DwProt) -- J:\WINDOWS\system32\drivers\dwprot.sys ()
DRV - (nvgts) -- J:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- J:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- J:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (incdrm) -- J:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- J:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDrec) -- J:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)
DRV - (InCDfs) -- J:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (ADIDTSFiltService) -- J:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (Amusbprt) -- J:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard Mouse Types))
DRV - (Amfilter) -- J:\WINDOWS\system32\drivers\Amfilter.sys ((Standard Mouse Types))
DRV - (MTsensor) -- J:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.diamondcandles.com/collections/all
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes,DefaultScope = {07932205-DED2-428B-9FC5-23E8FECFB285}
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{07932205-DED2-428B-9FC5-23E8FECFB285}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGHP_en
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&type=scenic2_0yach&q={searchTerms}&ei=UTF-8
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={B162A82F-FB96-4053-9B4F-D2ACCC7CDA88}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z125&form=ZGAIDF&install_date=20111013&iesrc={referrer:source}
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: multilinks@plugin:3.0.0.19
FF - prefs.js..extensions.enabledAddons: {BD836E8F-9236-11E1-826D-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: wvrotdxgdr@wvrotdxgdr.org:2.5
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: J:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: J:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: j:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: j:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: J:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: j:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: j:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: J:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: J:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: j:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: J:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: J:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: J:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: J:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: J:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/06/17 05:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: J:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 18:39:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components [2012/09/06 23:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins [2012/08/19 15:51:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BD836E8F-9236-11E1-826D-B8AC6F996F26}: J:\Documents and Settings\dad\Local Settings\Application Data\{BD836E8F-9236-11E1-826D-B8AC6F996F26}\ [2012/04/29 16:06:10 | 000,000,000 | ---D | M]

[2011/03/22 03:44:55 | 000,000,000 | ---D | M] (No name found) -- J:\Documents and Settings\dad\Application Data\Mozilla\Extensions
[2012/09/16 07:15:10 | 000,000,000 | ---D | M] (No name found) -- J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions
[2011/08/10 05:36:27 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\DeviceDetection@logitech.com
[2011/12/27 14:23:55 | 000,038,090 | ---- | M] () (No name found) -- J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\multilinks@plugin.xpi
[2006/02/28 08:00:00 | 000,004,804 | ---- | M] () (No name found) -- J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\wvrotdxgdr@wvrotdxgdr.org.xpi
[2011/06/26 17:43:55 | 000,077,793 | ---- | M] () (No name found) -- J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi
[2011/11/09 16:38:53 | 000,000,000 | ---D | M] (No name found) -- J:\Program Files\Mozilla Firefox\extensions
[2012/04/29 16:06:10 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- J:\DOCUMENTS AND SETTINGS\DAD\LOCAL SETTINGS\APPLICATION DATA\{BD836E8F-9236-11E1-826D-B8AC6F996F26}
[2012/09/06 23:25:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- J:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- J:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- J:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- J:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/29 18:39:31 | 000,129,144 | ---- | M] (RealPlayer) -- J:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/12 11:50:16 | 000,003,661 | ---- | M] () -- J:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 18:58:07 | 000,002,465 | ---- | M] () -- J:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/30 01:10:55 | 000,002,252 | ---- | M] () -- J:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/03/10 12:58:36 | 000,002,201 | ---- | M] () -- J:\Program Files\mozilla firefox\searchplugins\scenicreflectionstb.xml
[2012/08/30 18:58:07 | 000,002,253 | ---- | M] () -- J:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = J:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = J:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = J:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = J:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = J:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = j:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = J:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = J:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = J:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = J:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = J:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = J:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = J:\Program Files\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = J:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = J:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = J:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = J:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = J:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: AppUp (Enabled) = J:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = J:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: iTunes Application Detector (Enabled) = J:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = j:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = J:\Documents and Settings\dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/09/16 07:15:37 | 000,000,027 | ---- | M]) - J:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - J:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - J:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - J:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - J:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] J:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KMAP] J:\Documents and Settings\All Users\Documents\hzlp\snap.exe (NONE)
O4 - HKLM..\Run: [MSC] j:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] J:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] J:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] J:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] J:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Quick View] J:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-602162358-562591055-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] J:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-602162358-562591055-725345543-1005..\RunOnce: [NeroHomeFirstStart] J:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: J:\Documents and Settings\Administrator.DADS\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk = J:\Documents and Settings\Administrator.DADS\Application Data\lpuninstall.exe (LastPass)
O4 - Startup: J:\Documents and Settings\All Users\Start Menu\Programs\Startup\STPStartUp.lnk = J:\Documents and Settings\All Users\Documents\hzlp\snap.exe (NONE)
O4 - Startup: J:\Documents and Settings\dad\Start Menu\Programs\Startup\Dropbox.lnk = J:\Documents and Settings\dad\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-562591055-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-602162358-562591055-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-562591055-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - J:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - J:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - J:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - J:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - J:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - J:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - J:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-602162358-562591055-725345543-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://lp.soe.com/static/plugin/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF734FEE-6BFC-40FE-98BE-BE20E6D850CF}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - J:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (J:\WINDOWS\system32\userinit.exe) - J:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: J:\Documents and Settings\dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: J:\Documents and Settings\dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 07:05:26 | 000,000,000 | ---D | C] -- J:\ComboFix
[2012/09/15 12:15:35 | 004,731,392 | ---- | C] (AVAST Software) -- J:\Documents and Settings\dad\Desktop\aswMBR.exe
[2012/09/15 12:12:40 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- J:\Documents and Settings\dad\Desktop\tdsskiller.exe
[2012/09/13 14:33:39 | 000,000,000 | RHSD | C] -- J:\cmdcons
[2012/09/13 13:00:43 | 000,518,144 | ---- | C] (SteelWerX) -- J:\WINDOWS\SWREG.exe
[2012/09/13 13:00:43 | 000,406,528 | ---- | C] (SteelWerX) -- J:\WINDOWS\SWSC.exe
[2012/09/13 13:00:43 | 000,212,480 | ---- | C] (SteelWerX) -- J:\WINDOWS\SWXCACLS.exe
[2012/09/13 13:00:43 | 000,060,416 | ---- | C] (NirSoft) -- J:\WINDOWS\NIRCMD.exe
[2012/09/13 12:54:39 | 000,000,000 | ---D | C] -- J:\Qoobox
[2012/09/13 12:54:23 | 000,000,000 | ---D | C] -- J:\WINDOWS\erdnt
[2012/09/13 12:52:41 | 004,754,503 | R--- | C] (Swearware) -- J:\Documents and Settings\dad\Desktop\ComboFix.exe
[2012/09/11 15:39:44 | 000,000,000 | -H-D | C] -- J:\WINDOWS\PIF
[2012/09/11 05:59:02 | 000,607,260 | R--- | C] (Swearware) -- J:\Documents and Settings\dad\Desktop\dds.com
[2012/09/09 10:05:15 | 000,000,000 | ---D | C] -- J:\Documents and Settings\NetworkService\Application Data\Xfire
[2012/09/09 10:05:11 | 000,000,000 | ---D | C] -- J:\Documents and Settings\dad\Local Settings\Application Data\Funcom
[2012/09/09 10:04:27 | 000,527,192 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_7.dll
[2012/09/09 10:04:27 | 000,239,960 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_7.dll
[2012/09/09 10:04:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_5.dll
[2012/09/09 10:04:26 | 001,868,128 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dcsx_43.dll
[2012/09/09 10:04:26 | 000,470,880 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx10_43.dll
[2012/09/09 10:04:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\d3dx11_43.dll
[2012/09/09 10:04:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAudio2_6.dll
[2012/09/09 10:04:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\xactengine3_6.dll
[2012/09/09 10:04:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\XAPOFX1_4.dll
[2012/09/09 10:04:24 | 000,022,360 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\X3DAudio1_7.dll
[2012/09/09 10:03:47 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\media center programs
[2012/09/09 10:03:47 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Funcom
[2012/09/09 10:03:32 | 000,000,000 | ---D | C] -- J:\Program Files\Funcom
[2012/09/06 00:47:21 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\rionix
[2012/09/04 04:31:34 | 000,000,000 | ---D | C] -- J:\Program Files\Rescue Team 2
[2012/09/04 04:31:34 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Rescue Team 2
[2012/09/04 04:30:31 | 000,000,000 | ---D | C] -- J:\Program Files\Cooking Academy 3 - Recipe for Success
[2012/09/04 04:30:31 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Cooking Academy 3 - Recipe for Success
[2012/09/04 04:25:33 | 000,000,000 | ---D | C] -- J:\Program Files\Pet Pals - New Leash on Life
[2012/09/04 04:25:33 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Pet Pals - New Leash on Life
[2012/09/01 21:46:41 | 000,000,000 | -HSD | C] -- J:\Documents and Settings\dad\IECompatCache
[2012/08/30 16:19:15 | 000,000,000 | ---D | C] -- J:\Program Files\Yontoo
[2012/08/30 16:17:44 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/08/26 14:23:51 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2012/08/26 07:52:18 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Playrix Entertainment
[2012/08/26 07:52:05 | 000,000,000 | ---D | C] -- J:\Program Files\Playrix Entertainment
[8 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[1 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/16 16:54:00 | 000,000,830 | ---- | M] () -- J:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/16 16:39:00 | 000,000,880 | ---- | M] () -- J:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/16 07:15:37 | 000,000,027 | ---- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts
[2012/09/16 07:04:39 | 004,754,503 | R--- | M] (Swearware) -- J:\Documents and Settings\dad\Desktop\ComboFix.exe
[2012/09/15 19:39:00 | 000,000,876 | ---- | M] () -- J:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 16:59:01 | 000,000,284 | ---- | M] () -- J:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/15 12:15:55 | 004,731,392 | ---- | M] (AVAST Software) -- J:\Documents and Settings\dad\Desktop\aswMBR.exe
[2012/09/15 12:12:45 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- J:\Documents and Settings\dad\Desktop\tdsskiller.exe
[2012/09/14 06:04:44 | 000,000,274 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-562591055-725345543-1004.job
[2012/09/14 06:03:42 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat
[2012/09/13 14:33:47 | 000,000,327 | RHS- | M] () -- J:\boot.ini
[2012/09/13 07:02:09 | 000,854,156 | ---- | M] () -- J:\Documents and Settings\dad\Desktop\SecurityCheck.exe
[2012/09/13 07:00:28 | 000,000,174 | ---- | M] () -- J:\Documents and Settings\dad\Desktop\PC repair.url
[2012/09/12 20:22:50 | 000,043,520 | ---- | M] () -- J:\WINDOWS\System32\CmdLineExt03.dll
[2012/09/11 18:41:00 | 000,000,282 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-562591055-725345543-1004.job
[2012/09/11 16:02:27 | 000,001,374 | ---- | M] () -- J:\WINDOWS\imsins.BAK
[2012/09/11 06:06:38 | 000,013,736 | ---- | M] () -- J:\WINDOWS\System32\wpa.dbl
[2012/09/11 05:59:06 | 000,607,260 | R--- | M] (Swearware) -- J:\Documents and Settings\dad\Desktop\dds.com
[2012/09/11 05:56:59 | 000,050,477 | ---- | M] () -- J:\Documents and Settings\dad\Desktop\Defogger.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbam.sys
[2012/09/06 23:31:10 | 001,316,070 | ---- | M] () -- J:\Documents and Settings\dad\My Documents\cookie.bmp
[2012/09/04 20:20:45 | 000,252,080 | ---- | M] () -- J:\WINDOWS\System32\nvdrsdb1.bin
[2012/09/04 20:20:45 | 000,000,001 | ---- | M] () -- J:\WINDOWS\System32\nvdrssel.bin
[2012/08/30 16:20:00 | 000,035,144 | ---- | M] () -- J:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/08/25 18:07:51 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- J:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/25 18:07:51 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- J:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[8 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[1 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/13 14:33:47 | 000,000,210 | ---- | C] () -- J:\Boot.bak
[2012/09/13 14:33:39 | 000,260,272 | RHS- | C] () -- J:\cmldr
[2012/09/13 13:00:43 | 000,256,000 | ---- | C] () -- J:\WINDOWS\PEV.exe
[2012/09/13 13:00:43 | 000,208,896 | ---- | C] () -- J:\WINDOWS\MBR.exe
[2012/09/13 13:00:43 | 000,098,816 | ---- | C] () -- J:\WINDOWS\sed.exe
[2012/09/13 13:00:43 | 000,080,412 | ---- | C] () -- J:\WINDOWS\grep.exe
[2012/09/13 13:00:43 | 000,068,096 | ---- | C] () -- J:\WINDOWS\zip.exe
[2012/09/13 07:02:04 | 000,854,156 | ---- | C] () -- J:\Documents and Settings\dad\Desktop\SecurityCheck.exe
[2012/09/13 07:00:19 | 000,000,174 | ---- | C] () -- J:\Documents and Settings\dad\Desktop\PC repair.url
[2012/09/11 05:56:59 | 000,050,477 | ---- | C] () -- J:\Documents and Settings\dad\Desktop\Defogger.exe
[2012/09/06 23:31:09 | 001,316,070 | ---- | C] () -- J:\Documents and Settings\dad\My Documents\cookie.bmp
[2012/08/30 16:20:00 | 000,035,144 | ---- | C] () -- J:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/08/02 20:38:24 | 000,000,000 | ---- | C] () -- J:\WINDOWS\popcreg.dat
[2012/08/02 20:38:24 | 000,000,000 | ---- | C] () -- J:\WINDOWS\popcinfot.dat
[2012/07/27 19:28:25 | 000,043,520 | ---- | C] () -- J:\WINDOWS\System32\CmdLineExt03.dll
[2012/03/24 02:03:18 | 000,346,420 | ---- | C] () -- J:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-562591055-725345543-1004-0.dat
[2012/03/24 02:03:16 | 000,104,406 | ---- | C] () -- J:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/20 16:40:54 | 000,003,840 | ---- | C] () -- J:\WINDOWS\System32\drivers\BANTExt.sys
[2012/02/15 05:05:53 | 000,003,072 | ---- | C] () -- J:\WINDOWS\System32\iacenc.dll
[2011/08/04 23:04:17 | 000,000,151 | ---- | C] () -- J:\WINDOWS\PhotoSnapViewer.INI
[2011/07/01 04:45:26 | 000,000,089 | ---- | C] () -- J:\Documents and Settings\dad\default.pls
[2011/06/30 22:39:23 | 000,000,069 | ---- | C] () -- J:\WINDOWS\NeroDigital.ini
[2011/05/31 10:26:13 | 000,002,516 | -HS- | C] () -- J:\WINDOWS\System32\KGyGaAvL.sys
[2011/04/29 10:46:05 | 000,000,022 | -HS- | C] () -- J:\Documents and Settings\dad\Application Data\Sys2662.Config.Repository.bin
[2011/04/26 21:37:12 | 000,000,032 | ---- | C] () -- J:\WINDOWS\CD_Start.INI
[2011/04/15 07:23:41 | 000,135,032 | ---- | C] () -- J:\WINDOWS\System32\drivers\dwprot.sys
[2011/04/14 15:08:41 | 000,000,036 | ---- | C] () -- J:\Documents and Settings\dad\Local Settings\Application Data\housecall.guid.cache
[2011/04/14 14:01:37 | 000,000,000 | ---- | C] () -- J:\Documents and Settings\dad\񀿉
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- J:\WINDOWS\System32\xlive.dll.cat
[2011/03/28 10:53:53 | 000,018,400 | -H-- | C] () -- J:\WINDOWS\System32\mlfcache.dat
[2011/03/22 03:44:47 | 000,000,000 | ---- | C] () -- J:\WINDOWS\nsreg.dat
[2011/03/18 23:12:52 | 001,228,854 | ---- | C] () -- J:\Documents and Settings\dad\fsqwr.bmp
[2011/03/10 08:20:23 | 000,004,161 | ---- | C] () -- J:\WINDOWS\ODBCINST.INI
[2011/03/10 08:17:22 | 000,117,360 | ---- | C] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/10 03:50:43 | 000,000,664 | ---- | C] () -- J:\WINDOWS\System32\d3d9caps.dat
[2011/03/09 12:48:36 | 000,003,276 | R--- | C] () -- J:\WINDOWS\System32\drivers\nvphy.bin
[2011/03/09 12:47:33 | 000,026,666 | ---- | C] () -- J:\WINDOWS\Ascd_log.ini
[2011/03/09 12:46:30 | 000,005,810 | R--- | C] () -- J:\WINDOWS\System32\drivers\ASACPI.sys
[2011/03/09 12:46:20 | 000,026,423 | ---- | C] () -- J:\WINDOWS\Ascd_tmp.ini
[2011/03/09 12:46:20 | 000,010,296 | ---- | C] () -- J:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/03/09 12:35:04 | 000,002,048 | --S- | C] () -- J:\WINDOWS\bootstat.dat
[2011/03/09 12:30:36 | 000,021,640 | ---- | C] () -- J:\WINDOWS\System32\emptyregdb.dat
[2009/01/01 05:49:04 | 000,168,448 | ---- | C] () -- J:\Documents and Settings\dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 03:31:37 | 000,000,000 | ---- | C] () -- J:\Documents and Settings\dad\defogger_reenable

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 16 September 2012 - 05:44 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
    O3 - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    IE - HKU\S-1-5-21-602162358-562591055-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
    FF - prefs.js..extensions.enabledAddons: wvrotdxgdr@wvrotdxgdr.org:2.5
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q="
    [2006/02/28 08:00:00 | 000,004,804 | ---- | M] () (No name found) -- J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\wvrotdxgdr@wvrotdxgdr.org.xpi
    [2012/08/30 16:19:15 | 000,000,000 | ---D | C] -- J:\Program Files\Yontoo
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 17 September 2012 - 05:56 AM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-562591055-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
J:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-602162358-562591055-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: wvrotdxgdr@wvrotdxgdr.org:2.5 removed from extensions.enabledAddons
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001716&SearchSource=2&q=" removed from keyword.URL
J:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\etu0su5j.default\extensions\wvrotdxgdr@wvrotdxgdr.org.xpi moved successfully.
J:\Program Files\Yontoo folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
J:\Documents and Settings\dad\My Documents\Downloads\cmd.bat deleted successfully.
J:\Documents and Settings\dad\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.DADS

User: All Users

User: dad
->Java cache emptied: 70417525 bytes

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Java Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.DADS

User: All Users

User: dad
->Flash cache emptied: 13145973 bytes

User: Default User
->Flash cache emptied: 56468 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 56468 bytes

User: NetworkService

Total Flash Files Cleaned = 13.00 mb


OTL by OldTimer - Version 3.2.61.5 log created on 09172012_065341



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The harddrive is no longer spinning at warp speed all day lol. So that is great! I have not been up enough to click on anything.. but I will. I know yesterday we were still having issues with the redirect.. but not bad at all. Just a few things. I will go & test it now.. Thank you again for all your help!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 17 September 2012 - 08:19 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:02:47 AM

Posted 17 September 2012 - 08:30 AM

18 Wheels of Steel Big City Rigs
18 Wheels of Steel: American Long Haul
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Age of Conan: Unchained
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Baldur's Gate
Belarc Advisor 8.2
Big Fish Games: Game Manager
Bonjour
CCleaner
Cooking Academy 3: Recipe for Success
Cosmic Bugs
Coupon Printer for Windows
Dolphin Futures XPS Viewer version 1.1.0
Dropbox
DVD Shrink 3.2
DVDFab 8.1.0.5 (04/07/2011) Qt
DX-Ball 1.09
ESET Online Scanner v3
Farm Frenzy
Farm Frenzy - Pizza Party!
Farm Frenzy 2
Farm Frenzy 3
Farm Frenzy 3: American Pie
Farm Frenzy 3: Ice Age
Farm Frenzy 3: Madagascar
Farm Frenzy 3: Russian Roulette
Farm Frenzy: Ancient Rome
Farm Frenzy: Gone Fishing
Fishdom - Spooky Splash
Free Realms
From The Word v2.60 Screen Saver
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Product Detection
HP Smart Web Printing
HP Update
HPDiagnosticAlert
Image Resizer Powertoy for Windows XP
ImgBurn
Inpaint 3.0
Insaniquarium Deluxe 1.1
Intel AppUp(SM) center
iTunes
Java™ 6 Update 26
jv16 PowerTools 2011
Kidzui
LightScribe System Software 1.10.13.1
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Monopoly City
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Origin
Pando Media Booster
Peggle Deluxe
Pet Pals: New Leash on Life
Pictureka! - Museum Mayhem
Plants vs. Zombies
Portal
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rescue Team 2
Road to Riches
RoboForm 7-3-2 (All Users)
RollerCoaster Tycoon 3 Platinum
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sheep's Quest
Sid Meier's Railroads!
Sid Meier's Railroads! Holiday Scenario
SmartWebPrintingOC
SoundMAX
Spirits of Metropolis v1.10
Splash
Steam
Sunshine Acres
swMSM
The Game Of Life
The Sims 2 Double Deluxe
The Sims 3
The Sims 3 Fast Lane Stuff
The Sims 3 Generations
The Sims 3 High-End Loft Stuff
The Sims 3 Outdoor Living Stuff
The Sims 3 Pets
The Sims 3 Town Life Stuff
Toddler Keys
Train Simulator 2012
Trainz
Trainz: Engineer's Edition
TRS2004
TRS2006
Uncharted Waters Online
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WD SmartWare
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
WinX DVD Ripper Platinum 6.3.1
XnView 1.97.6
Yahoo! Detect
Yontoo 1.10.02
Zuma's Revenge! - Adventure
Zuma Deluxe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users