Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, Websites Phishing, Respawning Malware


  • This topic is locked This topic is locked
35 replies to this topic

#1 jmillerdls

jmillerdls

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 September 2012 - 03:23 PM

Started with redirects. Then I ran Hitman and it found a random, 7-letter exe file in system32. However, once it is removed, a new one replaces it seconds later. Now websites start putting up a phishing form that you have to fill out to access the sites that asks for credit card number, social security number, name, address, etc. I can't use these sites until I get rid of this thing. I downloaded Microsoft Security Essentials and ran that and it immediately placed the file in "Excluded files and locations." When I removed it, it got flagged as a Trojan, but then a new file just immediately replaced it in the folder, and the "Excluded files and locations." Have no idea what else I can do to get rid of this thing, but am desperate to do so as soon as possible so I can use my banking sites again.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Jonathan at 13:52:33 on 2012-09-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1505 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Jonathan\Desktop\My Stuff\Shortcuts\procexp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\allSnap\allSnap.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.EXE
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Sysinternals Process Explorer] c:\documents and settings\jonathan\desktop\my stuff\shortcuts\procexp.exe
uRun: [speedfan] c:\program files\speedfan\speedfan.exe
uRun: [SkinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Torrent] c:\program files\utorrent\uTorrent.exe
uRun: [UltraMon] c:\program files\ultramon\UltraMon.exe
uRun: [xXfmCVM] c:\windows\system32\xXfmCVM.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IME JPN 2007 Migration] c:\progra~1\common~1\micros~1\ime12\imejp\IMJPKLMG.EXE /Preload
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\jonathan\startm~1\programs\startup\allsnap.lnk - c:\program files\allsnap\allSnap.exe
StartupFolder: c:\docume~1\jonathan\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: Interfaces\{418073D1-D593-4088-99A9-348C2012D6A6} : NameServer = 68.105.28.11,68.105.29.11
TCP: Interfaces\{5D4F83CE-F388-4DD0-B6B9-668AA635FA6A} : NameServer = 8.8.8.8,68.105.28.11,68.105.29.11
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\nlz161hz.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61798
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\wolfram research\browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-10-2 13696]
R1 MpKsl0628f47e;MpKsl0628f47e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86852981-8b19-4dc7-93e9-127f97e1841c}\MpKsl0628f47e.sys [2012-9-13 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-10-3 123712]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S2 3021;3021;\??\c:\windows\temp\3021.sys --> c:\windows\temp\3021.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-28 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-2 1691480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 114144]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 477696]
.
=============== Created Last 30 ================
.
2012-09-13 11:15:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86852981-8b19-4dc7-93e9-127f97e1841c}\MpKsl0628f47e.sys
2012-09-13 11:13:59 54272 ----a-w- c:\windows\system32\xXfmCVM.exe
2012-09-13 11:12:39 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86852981-8b19-4dc7-93e9-127f97e1841c}\offreg.dll
2012-09-13 11:10:45 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{86852981-8b19-4dc7-93e9-127f97e1841c}\mpengine.dll
2012-09-13 11:10:38 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-13 11:08:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-13 09:38:12 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-13 09:37:54 536576 ----a-w- c:\program files\common files\system\ado\SET120.tmp
2012-09-13 09:37:32 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-13 09:37:31 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-13 09:37:31 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-13 07:17:04 -------- d-----w- C:\_OTM
2012-09-13 06:05:49 -------- d-----w- c:\program files\ESET
2012-09-13 04:47:07 -------- d-----w- C:\MGtools
2012-09-13 04:42:27 -------- d-----w- c:\program files\HitmanPro
2012-09-13 04:41:56 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-09-13 04:22:37 1670468 ----a-w- C:\MGtools.exe
2012-09-07 00:43:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-28 22:27:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 16:36:52 -------- d-----w- c:\program files\iPod
2012-08-21 16:36:21 -------- d-----w- c:\program files\Bonjour
2012-08-18 11:11:10 -------- d-----w- c:\documents and settings\jonathan\local settings\application data\MathematicaPlayer
2012-08-18 11:11:10 -------- d-----w- c:\documents and settings\jonathan\application data\MathematicaPlayer
2012-08-18 11:11:10 -------- d-----w- c:\documents and settings\all users\application data\MathematicaPlayer
2012-08-18 11:05:27 -------- d-----w- c:\program files\common files\Wolfram Research
2012-08-18 11:05:27 -------- d-----w- c:\program files\common files\ResearchSoft
2012-08-18 11:05:27 -------- d-----w- c:\documents and settings\all users\application data\Mathematica
2012-08-18 11:04:42 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2012-08-18 11:04:42 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2012-08-18 11:04:42 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2012-08-18 11:04:42 370704 ----a-w- c:\windows\system32\ml32i3.dll
2012-08-18 11:04:42 334352 ----a-w- c:\windows\system32\mltcpip32.mlp
2012-08-18 11:04:42 260112 ----a-w- c:\windows\system32\ml32i2.dll
2012-08-18 11:04:42 253968 ----a-w- c:\windows\system32\ml32i1.dll
2012-08-18 11:04:42 163344 ----a-w- c:\windows\system32\mlmodule32.dll
2012-08-18 11:04:10 -------- d-----w- c:\program files\Wolfram Research
.
==================== Find3M ====================
.
2012-09-13 04:12:23 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 15:01:43 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-28 22:32:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 15:41:30 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58:52 337920 ----a-w- c:\windows\system32\SET2D7.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\SET2D8.tmp
2012-07-06 03:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 03:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 12:19:12 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:53:54.14 ===============





ark.txt is too big to attach. It is 1.17mb. If I try to cut and paste it, it says the post is too long. What should I do?

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 13 September 2012 - 04:01 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 September 2012 - 04:35 PM

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
TuneUp Utilities 2008
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````




# AdwCleaner v2.001 - Logfile created 09/13/2012 at 16:23:59
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jonathan - JBOY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jonathan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKU\S-1-5-21-1229272821-2077806209-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1229272821-2077806209-682003330-1006\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\nlz161hz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1693 octets] - [13/09/2012 04:13:57]
AdwCleaner[S2].txt - [1022 octets] - [13/09/2012 16:23:59]

########## EOF - C:\AdwCleaner[S2].txt - [1082 octets] ##########




RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jonathan [Admin rights]
Mode : Remove -- Date : 09/13/2012 16:31:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\3021 (\??\C:\WINDOWS\TEMP\3021.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\3021 (\??\C:\WINDOWS\TEMP\3021.sys) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{418073D1-D593-4088-99A9-348C2012D6A6} : NameServer (68.105.28.11,68.105.29.11) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{5D4F83CE-F388-4DD0-B6B9-668AA635FA6A} : NameServer (8.8.8.8,68.105.28.11,68.105.29.11) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{418073D1-D593-4088-99A9-348C2012D6A6} : NameServer (68.105.28.11,68.105.29.11) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{5D4F83CE-F388-4DD0-B6B9-668AA635FA6A} : NameServer (8.8.8.8,68.105.28.11,68.105.29.11) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\UltraMon.scr) -> REPLACED (C:\WINDOWS\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$bb6357585364e003cc17f1e7e13d6160\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1229272821-2077806209-682003330-1004\$bb6357585364e003cc17f1e7e13d6160\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$bb6357585364e003cc17f1e7e13d6160\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1229272821-2077806209-682003330-1004\$bb6357585364e003cc17f1e7e13d6160\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$bb6357585364e003cc17f1e7e13d6160\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1229272821-2077806209-682003330-1004\$bb6357585364e003cc17f1e7e13d6160\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARS-00MVWB0 +++++
--- User ---
[MBR] 86cb3b3d00955e0fe544cfaddc4f0ce1
[BSP] 00400bbc872e2ac86490fd9b9bee9eaa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00B4A0 +++++
--- User ---
[MBR] 81e1aec1bed703f20cb8bad215a4ae93
[BSP] 04d056b814ea6b6682d31524b204b5ab : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARS-00MVWB0 +++++
--- User ---
[MBR] 2a24135452adb6b8128a5c031d25ab85
[BSP] 92dd1f978b7aaf127a4f9ab30ccd8350 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt





After running RogueKiller, a page popped up saying: [Rootkit] ZeroAccess (Max++), and the 7-letter .exe in system32 is still there.

Edited by jmillerdls, 13 September 2012 - 04:36 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 13 September 2012 - 04:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 September 2012 - 05:37 PM

Didn't have any problems with Combofix. However, the .exe file is still there in the system32 folder and when I go to Amazon.com, I still cannot access it without the phishing form blocking my access to it.


ComboFix 12-09-13.03 - Jonathan 09/13/2012 17:18:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2509 [GMT -5:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jonathan\Application Data\inst.exe
c:\documents and settings\Jonathan\Application Data\vso_ts_preview.xml
c:\documents and settings\Jonathan\WINDOWS
C:\Install.exe
c:\program files\LP
c:\program files\LP\2C88\4C9.tmp
c:\windows\$NtUninstallKB62177$
c:\windows\$NtUninstallKB62177$\3489855022
c:\windows\$NtUninstallKB62177$\3706727953\@
c:\windows\$NtUninstallKB62177$\3706727953\cfg.ini
c:\windows\$NtUninstallKB62177$\3706727953\Desktop.ini
c:\windows\$NtUninstallKB62177$\3706727953\L\iyjsmuja
c:\windows\$NtUninstallKB62177$\3706727953\U\00000001.@
c:\windows\$NtUninstallKB62177$\3706727953\U\00000002.@
c:\windows\$NtUninstallKB62177$\3706727953\U\00000004.@
c:\windows\$NtUninstallKB62177$\3706727953\U\80000000.@
c:\windows\$NtUninstallKB62177$\3706727953\U\80000004.@
c:\windows\$NtUninstallKB62177$\3706727953\U\80000032.@
c:\windows\$NtUninstallKB62177$\3706727953\version
c:\windows\system32\AutoRun.inf
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 11:13 . 2012-09-13 11:14 54272 ----a-w- c:\windows\system32\xXfmCVM.exe
2012-09-13 11:12 . 2012-09-13 11:12 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86852981-8B19-4DC7-93E9-127F97E1841C}\offreg.dll
2012-09-13 11:10 . 2012-08-23 05:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86852981-8B19-4DC7-93E9-127F97E1841C}\mpengine.dll
2012-09-13 11:10 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-13 11:08 . 2012-09-13 11:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-13 09:38 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-13 09:37 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-13 09:37 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-13 09:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-13 07:17 . 2012-09-13 07:17 -------- d-----w- C:\_OTM
2012-09-13 06:05 . 2012-09-13 06:05 -------- d-----w- c:\program files\ESET
2012-09-13 04:47 . 2012-09-13 07:26 -------- d-----w- C:\MGtools
2012-09-13 04:42 . 2012-09-13 04:42 -------- d-----w- c:\program files\HitmanPro
2012-09-13 04:41 . 2012-09-13 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-09-07 00:43 . 2012-09-13 04:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-06 22:07 . 2012-09-06 22:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-08-28 22:27 . 2012-08-28 22:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 16:36 . 2012-08-21 16:36 -------- d-----w- c:\program files\iPod
2012-08-21 16:36 . 2012-08-21 16:36 -------- d-----w- c:\program files\Bonjour
2012-08-18 11:11 . 2012-08-18 11:11 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\MathematicaPlayer
2012-08-18 11:11 . 2012-08-18 11:11 -------- d-----w- c:\documents and settings\Jonathan\Application Data\MathematicaPlayer
2012-08-18 11:05 . 2012-08-18 11:05 -------- d-----w- c:\program files\Common Files\Wolfram Research
2012-08-18 11:05 . 2012-08-18 11:05 -------- d-----w- c:\program files\Common Files\ResearchSoft
2012-08-18 11:05 . 2012-08-18 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Mathematica
2012-08-18 11:04 . 2011-10-03 23:45 334352 ----a-w- c:\windows\system32\mltcpip32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 163344 ----a-w- c:\windows\system32\mlmodule32.dll
2012-08-18 11:04 . 2011-10-03 23:45 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 370704 ----a-w- c:\windows\system32\ml32i3.dll
2012-08-18 11:04 . 2011-10-03 23:45 260112 ----a-w- c:\windows\system32\ml32i2.dll
2012-08-18 11:04 . 2011-10-03 23:45 253968 ----a-w- c:\windows\system32\ml32i1.dll
2012-08-18 11:04 . 2012-08-18 11:04 -------- d-----w- c:\program files\Wolfram Research
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 07:26 . 2012-09-13 04:47 719504 ----a-w- C:\MGlogs.zip
2012-09-13 04:12 . 2010-09-12 20:36 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-09-07 22:04 . 2011-02-15 21:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 15:01 . 2004-08-04 04:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-28 22:32 . 2011-05-18 18:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 15:41 . 2008-11-08 02:09 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 13:58 . 2004-08-04 05:56 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 03:06 . 2012-08-10 15:42 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 03:06 . 2010-07-19 18:41 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2008-11-07 13:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 15:07 . 2004-08-04 05:56 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07 . 2004-08-04 05:56 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07 . 2004-08-04 05:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07 . 2004-08-04 05:56 17408 ------w- c:\windows\system32\corpol.dll
2012-07-03 12:19 . 2004-08-04 03:59 389120 ----a-w- c:\windows\system32\html.iec
2012-09-09 03:04 . 2012-09-09 03:04 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysinternals Process Explorer"="c:\documents and settings\Jonathan\Desktop\My Stuff\Shortcuts\procexp.exe" [2008-08-06 3520552]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2008-08-19 3562496]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-22 1134592]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-21 2923192]
"Torrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-07 270128]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2008-01-15 694040]
"xXfmCVM"="c:\windows\system32\xXfmCVM.exe" [2012-09-13 54272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2006-10-26 59184]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
allSnap.lnk - c:\program files\allSnap\allSnap.exe [2008-11-7 90112]
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2007-2-12 1111552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RBTray"=c:\program files\RBTray\RBTray.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [10/2/2009 11:57 PM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [10/3/2009 12:15 AM 123712]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/7/2008 9:51 AM 47360]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/28/2012 5:27 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/2/2009 11:59 PM 1691480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 4:38 PM 114144]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [8/24/2006 5:44 AM 477696]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP111
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
TMKEmu
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 22:32]
.
2012-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-09-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{418073D1-D593-4088-99A9-348C2012D6A6}: NameServer = 68.105.28.11,68.105.29.11
TCP: Interfaces\{5D4F83CE-F388-4DD0-B6B9-668AA635FA6A}: NameServer = 8.8.8.8,68.105.28.11,68.105.29.11
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\nlz161hz.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61798
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
SafeBoot-33148154.sys
SafeBoot-48875685.sys
SafeBoot-51160871.sys
SafeBoot-93023233.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1229272821-2077806209-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:a8,a8,0e,5c,78,74,d9,e2,87,2b,c8,2e,f9,68,ba,54,4f,99,94,3e,d3,
45,62,d8,65,2f,02,58,7a,86,ee,c9,61,bd,b9,d3,8c,ea,5e,44,b2,e5,45,be,d3,63,\
"rkeysecu"=hex:6b,e1,ff,58,a1,78,d0,5c,6c,d3,c9,98,87,56,0a,b6
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\wininet.dll
.
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\program files\allSnap\snap_libW.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'csrss.exe'(832)
c:\windows\system32\wininet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-09-13 17:34:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-13 22:34
.
Pre-Run: 91,439,214,592 bytes free
Post-Run: 91,473,063,936 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 6C2D9A99E93DF5519FA4D155E14C3351

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 13 September 2012 - 05:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 September 2012 - 06:07 PM

17:52:53.0656 0668 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:52:54.0187 0668 ============================================================
17:52:54.0187 0668 Current date / time: 2012/09/13 17:52:54.0187
17:52:54.0187 0668 SystemInfo:
17:52:54.0187 0668
17:52:54.0187 0668 OS Version: 5.1.2600 ServicePack: 3.0
17:52:54.0187 0668 Product type: Workstation
17:52:54.0187 0668 ComputerName: JBOY
17:52:54.0218 0668 UserName: Jonathan
17:52:54.0218 0668 Windows directory: C:\WINDOWS
17:52:54.0218 0668 System windows directory: C:\WINDOWS
17:52:54.0218 0668 Processor architecture: Intel x86
17:52:54.0218 0668 Number of processors: 2
17:52:54.0218 0668 Page size: 0x1000
17:52:54.0218 0668 Boot type: Normal boot
17:52:54.0218 0668 ============================================================
17:52:56.0234 0668 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:56.0250 0668 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:56.0281 0668 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:56.0281 0668 ============================================================
17:52:56.0281 0668 \Device\Harddisk0\DR0:
17:52:56.0281 0668 MBR partitions:
17:52:56.0281 0668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
17:52:56.0281 0668 \Device\Harddisk1\DR1:
17:52:56.0281 0668 MBR partitions:
17:52:56.0281 0668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:52:56.0281 0668 \Device\Harddisk2\DR2:
17:52:56.0281 0668 MBR partitions:
17:52:56.0281 0668 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
17:52:56.0281 0668 ============================================================
17:52:56.0296 0668 E: <-> \Device\Harddisk2\DR2\Partition1
17:52:56.0359 0668 C: <-> \Device\Harddisk1\DR1\Partition1
17:52:56.0437 0668 H: <-> \Device\Harddisk0\DR0\Partition1
17:52:56.0437 0668 ============================================================
17:52:56.0437 0668 Initialize success
17:52:56.0437 0668 ============================================================
17:53:02.0359 3676 ============================================================
17:53:02.0359 3676 Scan started
17:53:02.0359 3676 Mode: Manual;
17:53:02.0359 3676 ============================================================
17:53:03.0703 3676 ================ Scan system memory ========================
17:53:03.0703 3676 System memory - ok
17:53:03.0703 3676 ================ Scan services =============================
17:53:03.0875 3676 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:53:03.0875 3676 !SASCORE - ok
17:53:04.0015 3676 Abiosdsk - ok
17:53:04.0015 3676 abp480n5 - ok
17:53:04.0062 3676 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:53:04.0078 3676 ACPI - ok
17:53:04.0125 3676 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:53:04.0125 3676 ACPIEC - ok
17:53:04.0203 3676 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:53:04.0203 3676 AdobeFlashPlayerUpdateSvc - ok
17:53:04.0203 3676 Scan interrupted by user!
17:53:04.0203 3676 ================ Scan global ===============================
17:53:04.0203 3676 Scan interrupted by user!
17:53:04.0203 3676 ================ Scan MBR ==================================
17:53:04.0203 3676 Scan interrupted by user!
17:53:04.0203 3676 ================ Scan VBR ==================================
17:53:04.0203 3676 Scan interrupted by user!
17:53:04.0203 3676 ============================================================
17:53:04.0203 3676 Scan finished
17:53:04.0203 3676 ============================================================
17:53:04.0218 2876 Detected object count: 0
17:53:04.0218 2876 Actual detected object count: 0
17:53:07.0671 1584 ============================================================
17:53:07.0671 1584 Scan started
17:53:07.0671 1584 Mode: Manual;
17:53:07.0671 1584 ============================================================
17:53:08.0093 1584 ================ Scan system memory ========================
17:53:08.0093 1584 System memory - ok
17:53:08.0093 1584 ================ Scan services =============================
17:53:08.0265 1584 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:53:08.0265 1584 !SASCORE - ok
17:53:08.0343 1584 Abiosdsk - ok
17:53:08.0359 1584 abp480n5 - ok
17:53:08.0406 1584 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:53:08.0406 1584 ACPI - ok
17:53:08.0468 1584 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:53:08.0468 1584 ACPIEC - ok
17:53:08.0578 1584 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:53:08.0578 1584 AdobeFlashPlayerUpdateSvc - ok
17:53:08.0578 1584 adpu160m - ok
17:53:08.0593 1584 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:53:08.0593 1584 aec - ok
17:53:08.0640 1584 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:53:08.0640 1584 AFD - ok
17:53:08.0640 1584 Aha154x - ok
17:53:08.0640 1584 aic78u2 - ok
17:53:08.0640 1584 aic78xx - ok
17:53:08.0671 1584 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:53:08.0671 1584 Alerter - ok
17:53:08.0687 1584 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:53:08.0687 1584 ALG - ok
17:53:08.0703 1584 AliIde - ok
17:53:08.0781 1584 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
17:53:08.0812 1584 Ambfilt - ok
17:53:08.0812 1584 amsint - ok
17:53:08.0937 1584 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:53:08.0937 1584 Apple Mobile Device - ok
17:53:08.0937 1584 AppMgmt - ok
17:53:08.0937 1584 asc - ok
17:53:08.0937 1584 asc3350p - ok
17:53:08.0937 1584 asc3550 - ok
17:53:09.0046 1584 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:53:09.0093 1584 aspnet_state - ok
17:53:09.0125 1584 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:53:09.0125 1584 AsyncMac - ok
17:53:09.0140 1584 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:53:09.0140 1584 atapi - ok
17:53:09.0156 1584 Atdisk - ok
17:53:09.0156 1584 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:53:09.0156 1584 Atmarpc - ok
17:53:09.0203 1584 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:53:09.0203 1584 AudioSrv - ok
17:53:09.0265 1584 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:53:09.0265 1584 audstub - ok
17:53:09.0328 1584 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:53:09.0328 1584 Beep - ok
17:53:09.0375 1584 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
17:53:09.0375 1584 BIOS - ok
17:53:09.0437 1584 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:53:09.0437 1584 BITS - ok
17:53:09.0562 1584 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:53:09.0562 1584 Bonjour Service - ok
17:53:09.0593 1584 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:53:09.0609 1584 Browser - ok
17:53:09.0609 1584 catchme - ok
17:53:09.0625 1584 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:53:09.0625 1584 cbidf2k - ok
17:53:09.0625 1584 cd20xrnt - ok
17:53:09.0656 1584 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:53:09.0656 1584 Cdaudio - ok
17:53:09.0718 1584 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:53:09.0718 1584 Cdfs - ok
17:53:09.0765 1584 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:53:09.0765 1584 Cdrom - ok
17:53:09.0781 1584 Changer - ok
17:53:09.0828 1584 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:53:09.0828 1584 CiSvc - ok
17:53:09.0890 1584 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:53:09.0890 1584 ClipSrv - ok
17:53:09.0953 1584 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:53:09.0984 1584 clr_optimization_v2.0.50727_32 - ok
17:53:09.0984 1584 CmdIde - ok
17:53:09.0984 1584 COMSysApp - ok
17:53:09.0984 1584 Cpqarray - ok
17:53:10.0031 1584 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:53:10.0031 1584 CryptSvc - ok
17:53:10.0031 1584 dac2w2k - ok
17:53:10.0046 1584 dac960nt - ok
17:53:10.0109 1584 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:53:10.0109 1584 DcomLaunch - ok
17:53:10.0125 1584 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:53:10.0125 1584 Dhcp - ok
17:53:10.0156 1584 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:53:10.0156 1584 Disk - ok
17:53:10.0156 1584 dmadmin - ok
17:53:10.0203 1584 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:53:10.0218 1584 dmboot - ok
17:53:10.0281 1584 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:53:10.0296 1584 dmio - ok
17:53:10.0343 1584 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:53:10.0343 1584 dmload - ok
17:53:10.0359 1584 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:53:10.0359 1584 dmserver - ok
17:53:10.0359 1584 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:53:10.0359 1584 DMusic - ok
17:53:10.0421 1584 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:53:10.0421 1584 Dnscache - ok
17:53:10.0468 1584 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:53:10.0484 1584 Dot3svc - ok
17:53:10.0484 1584 dpti2o - ok
17:53:10.0500 1584 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:53:10.0500 1584 drmkaud - ok
17:53:10.0515 1584 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:53:10.0515 1584 EapHost - ok
17:53:10.0562 1584 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
17:53:10.0562 1584 ENTECH - ok
17:53:10.0625 1584 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:53:10.0625 1584 ERSvc - ok
17:53:10.0625 1584 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:53:10.0640 1584 Eventlog - ok
17:53:10.0687 1584 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:53:10.0703 1584 EventSystem - ok
17:53:10.0765 1584 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:53:10.0765 1584 Fastfat - ok
17:53:10.0812 1584 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:53:10.0812 1584 FastUserSwitchingCompatibility - ok
17:53:10.0828 1584 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:53:10.0828 1584 Fdc - ok
17:53:10.0859 1584 [ 5FAA391F5B4CD2C38BE7CA270E13B444 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
17:53:10.0859 1584 FET5X86V - ok
17:53:10.0890 1584 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:53:10.0890 1584 FETNDIS - ok
17:53:10.0906 1584 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:53:10.0906 1584 Fips - ok
17:53:10.0968 1584 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:53:10.0984 1584 FLEXnet Licensing Service - ok
17:53:11.0046 1584 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:53:11.0046 1584 Flpydisk - ok
17:53:11.0062 1584 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:53:11.0078 1584 FltMgr - ok
17:53:11.0187 1584 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:53:11.0187 1584 FontCache3.0.0.0 - ok
17:53:11.0187 1584 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:53:11.0187 1584 Fs_Rec - ok
17:53:11.0187 1584 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:53:11.0187 1584 Ftdisk - ok
17:53:11.0203 1584 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:53:11.0203 1584 gameenum - ok
17:53:11.0281 1584 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:53:11.0281 1584 GEARAspiWDM - ok
17:53:11.0296 1584 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
17:53:11.0296 1584 giveio - ok
17:53:11.0328 1584 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:53:11.0328 1584 Gpc - ok
17:53:11.0343 1584 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:53:11.0343 1584 HDAudBus - ok
17:53:11.0453 1584 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:53:11.0453 1584 helpsvc - ok
17:53:11.0500 1584 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:53:11.0500 1584 HidServ - ok
17:53:11.0562 1584 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:53:11.0562 1584 HidUsb - ok
17:53:11.0609 1584 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:53:11.0609 1584 hkmsvc - ok
17:53:11.0609 1584 hpn - ok
17:53:11.0734 1584 hpqcxs08 - ok
17:53:11.0781 1584 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:53:11.0781 1584 hpqddsvc - ok
17:53:11.0843 1584 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:53:11.0843 1584 HPZid412 - ok
17:53:11.0859 1584 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:53:11.0859 1584 HPZipr12 - ok
17:53:11.0875 1584 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:53:11.0875 1584 HPZius12 - ok
17:53:11.0921 1584 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:53:11.0937 1584 HTTP - ok
17:53:11.0984 1584 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:53:11.0984 1584 HTTPFilter - ok
17:53:11.0984 1584 i2omgmt - ok
17:53:12.0000 1584 i2omp - ok
17:53:12.0046 1584 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:53:12.0046 1584 i8042prt - ok
17:53:12.0109 1584 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:53:12.0125 1584 idsvc - ok
17:53:12.0187 1584 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:53:12.0187 1584 Imapi - ok
17:53:12.0250 1584 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:53:12.0250 1584 ImapiService - ok
17:53:12.0265 1584 ini910u - ok
17:53:12.0453 1584 [ 921F2452A8D3A10083DDD824FC8C267F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:53:12.0578 1584 IntcAzAudAddService - ok
17:53:12.0578 1584 IntelIde - ok
17:53:12.0578 1584 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:53:12.0578 1584 intelppm - ok
17:53:12.0625 1584 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:53:12.0625 1584 Ip6Fw - ok
17:53:12.0656 1584 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:53:12.0656 1584 IpFilterDriver - ok
17:53:12.0703 1584 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:53:12.0703 1584 IpInIp - ok
17:53:12.0734 1584 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:53:12.0750 1584 IpNat - ok
17:53:12.0812 1584 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:53:12.0843 1584 iPod Service - ok
17:53:12.0906 1584 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:53:12.0906 1584 IPSec - ok
17:53:12.0968 1584 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
17:53:12.0968 1584 irda - ok
17:53:12.0984 1584 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:53:12.0984 1584 IRENUM - ok
17:53:13.0031 1584 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
17:53:13.0031 1584 Irmon - ok
17:53:13.0031 1584 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
17:53:13.0046 1584 irsir - ok
17:53:13.0046 1584 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:53:13.0046 1584 isapnp - ok
17:53:13.0093 1584 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:53:13.0093 1584 Kbdclass - ok
17:53:13.0109 1584 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:53:13.0109 1584 kbdhid - ok
17:53:13.0125 1584 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:53:13.0125 1584 kmixer - ok
17:53:13.0140 1584 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:53:13.0156 1584 KSecDD - ok
17:53:13.0187 1584 [ D1968DEA7BAFF4A917858C384339CEC8 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
17:53:13.0187 1584 L8042Kbd - ok
17:53:13.0203 1584 [ D6FC755FF505D99E6CC73E83492310DF ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
17:53:13.0203 1584 L8042mou - ok
17:53:13.0265 1584 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:53:13.0265 1584 lanmanserver - ok
17:53:13.0281 1584 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:53:13.0281 1584 lanmanworkstation - ok
17:53:13.0328 1584 Lavasoft Kernexplorer - ok
17:53:13.0328 1584 lbrtfdc - ok
17:53:13.0359 1584 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:53:13.0359 1584 LHidFilt - ok
17:53:13.0421 1584 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:53:13.0421 1584 LmHosts - ok
17:53:13.0437 1584 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:53:13.0437 1584 LMouFilt - ok
17:53:13.0437 1584 [ C149BDAD13194DF16EA33F9F601ED7BF ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
17:53:13.0437 1584 LMouKE - ok
17:53:13.0484 1584 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
17:53:13.0484 1584 LUsbFilt - ok
17:53:13.0515 1584 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:53:13.0515 1584 Messenger - ok
17:53:13.0562 1584 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:53:13.0562 1584 mnmdd - ok
17:53:13.0609 1584 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:53:13.0609 1584 mnmsrvc - ok
17:53:13.0671 1584 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:53:13.0671 1584 Modem - ok
17:53:13.0734 1584 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
17:53:13.0765 1584 Monfilt - ok
17:53:13.0812 1584 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:53:13.0812 1584 Mouclass - ok
17:53:13.0875 1584 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:53:13.0875 1584 mouhid - ok
17:53:13.0875 1584 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:53:13.0875 1584 MountMgr - ok
17:53:13.0953 1584 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:53:13.0953 1584 MozillaMaintenance - ok
17:53:14.0000 1584 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:53:14.0000 1584 MpFilter - ok
17:53:14.0000 1584 mraid35x - ok
17:53:14.0000 1584 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:53:14.0015 1584 MRxDAV - ok
17:53:14.0046 1584 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:53:14.0046 1584 MRxSmb - ok
17:53:14.0093 1584 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:53:14.0093 1584 MSDTC - ok
17:53:14.0140 1584 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:53:14.0140 1584 Msfs - ok
17:53:14.0156 1584 MSIServer - ok
17:53:14.0187 1584 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:53:14.0187 1584 MSKSSRV - ok
17:53:14.0218 1584 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:53:14.0218 1584 MsMpSvc - ok
17:53:14.0218 1584 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:53:14.0218 1584 MSPCLOCK - ok
17:53:14.0234 1584 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:53:14.0234 1584 MSPQM - ok
17:53:14.0281 1584 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:53:14.0281 1584 mssmbios - ok
17:53:14.0328 1584 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:53:14.0328 1584 ms_mpu401 - ok
17:53:14.0343 1584 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:53:14.0343 1584 Mup - ok
17:53:14.0421 1584 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:53:14.0421 1584 napagent - ok
17:53:14.0468 1584 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:53:14.0468 1584 NDIS - ok
17:53:14.0500 1584 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
17:53:14.0500 1584 ndiscm - ok
17:53:14.0515 1584 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:53:14.0515 1584 NdisTapi - ok
17:53:14.0546 1584 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:53:14.0546 1584 Ndisuio - ok
17:53:14.0546 1584 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:53:14.0546 1584 NdisWan - ok
17:53:14.0578 1584 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:53:14.0578 1584 NDProxy - ok
17:53:14.0609 1584 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:53:14.0625 1584 Net Driver HPZ12 - ok
17:53:14.0640 1584 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:53:14.0640 1584 NetBIOS - ok
17:53:14.0687 1584 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:53:14.0687 1584 NetBT - ok
17:53:14.0734 1584 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:53:14.0750 1584 NetDDE - ok
17:53:14.0750 1584 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:53:14.0750 1584 NetDDEdsdm - ok
17:53:14.0796 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:53:14.0796 1584 Netlogon - ok
17:53:14.0812 1584 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:53:14.0812 1584 Netman - ok
17:53:14.0843 1584 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:53:14.0843 1584 NetTcpPortSharing - ok
17:53:14.0875 1584 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:53:14.0875 1584 Nla - ok
17:53:14.0890 1584 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:53:14.0890 1584 Npfs - ok
17:53:14.0937 1584 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:53:14.0953 1584 Ntfs - ok
17:53:14.0953 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:53:14.0953 1584 NtLmSsp - ok
17:53:15.0046 1584 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:53:15.0046 1584 NtmsSvc - ok
17:53:15.0078 1584 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:53:15.0078 1584 Null - ok
17:53:15.0406 1584 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:53:15.0703 1584 nv - ok
17:53:15.0765 1584 [ 8EB410A64C86D51007687EE00BC2F912 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
17:53:15.0765 1584 NVHDA - ok
17:53:15.0828 1584 [ B2F5AC506C9B1103827B62BA18A2C514 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:53:15.0828 1584 NVSvc - ok
17:53:15.0875 1584 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:53:15.0875 1584 NwlnkFlt - ok
17:53:15.0875 1584 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:53:15.0875 1584 NwlnkFwd - ok
17:53:16.0015 1584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:53:16.0015 1584 odserv - ok
17:53:16.0062 1584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:53:16.0062 1584 ose - ok
17:53:16.0093 1584 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:53:16.0093 1584 Parport - ok
17:53:16.0140 1584 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:53:16.0140 1584 PartMgr - ok
17:53:16.0203 1584 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:53:16.0203 1584 ParVdm - ok
17:53:16.0203 1584 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:53:16.0203 1584 PCI - ok
17:53:16.0203 1584 PCIDump - ok
17:53:16.0234 1584 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:53:16.0234 1584 PCIIde - ok
17:53:16.0265 1584 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:53:16.0281 1584 Pcmcia - ok
17:53:16.0312 1584 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:53:16.0312 1584 pcouffin - ok
17:53:16.0312 1584 PDCOMP - ok
17:53:16.0328 1584 PDFRAME - ok
17:53:16.0328 1584 PDRELI - ok
17:53:16.0328 1584 PDRFRAME - ok
17:53:16.0328 1584 perc2 - ok
17:53:16.0328 1584 perc2hib - ok
17:53:16.0375 1584 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:53:16.0375 1584 PlugPlay - ok
17:53:16.0437 1584 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:53:16.0437 1584 Pml Driver HPZ12 - ok
17:53:16.0484 1584 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
17:53:16.0484 1584 Point32 - ok
17:53:16.0500 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:53:16.0500 1584 PolicyAgent - ok
17:53:16.0546 1584 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:53:16.0546 1584 PptpMiniport - ok
17:53:16.0562 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:53:16.0562 1584 ProtectedStorage - ok
17:53:16.0562 1584 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:53:16.0562 1584 PSched - ok
17:53:16.0562 1584 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:53:16.0562 1584 Ptilink - ok
17:53:16.0562 1584 ql1080 - ok
17:53:16.0562 1584 Ql10wnt - ok
17:53:16.0578 1584 ql12160 - ok
17:53:16.0578 1584 ql1240 - ok
17:53:16.0578 1584 ql1280 - ok
17:53:16.0578 1584 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:53:16.0578 1584 RasAcd - ok
17:53:16.0625 1584 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:53:16.0640 1584 RasAuto - ok
17:53:16.0687 1584 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:53:16.0687 1584 Rasirda - ok
17:53:16.0687 1584 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:53:16.0687 1584 Rasl2tp - ok
17:53:16.0750 1584 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:53:16.0750 1584 RasMan - ok
17:53:16.0765 1584 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:53:16.0765 1584 RasPppoe - ok
17:53:16.0765 1584 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:53:16.0765 1584 Raspti - ok
17:53:16.0781 1584 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:53:16.0781 1584 Rdbss - ok
17:53:16.0781 1584 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:53:16.0781 1584 RDPCDD - ok
17:53:16.0843 1584 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:53:16.0859 1584 rdpdr - ok
17:53:16.0890 1584 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:53:16.0890 1584 RDPWD - ok
17:53:16.0921 1584 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:53:16.0921 1584 RDSessMgr - ok
17:53:16.0984 1584 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:53:16.0984 1584 redbook - ok
17:53:17.0015 1584 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:53:17.0015 1584 RemoteAccess - ok
17:53:17.0031 1584 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:53:17.0031 1584 RpcLocator - ok
17:53:17.0062 1584 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:53:17.0062 1584 RpcSs - ok
17:53:17.0093 1584 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:53:17.0093 1584 RSVP - ok
17:53:17.0125 1584 [ 6164F7CFF5BD381FDA94BADC417832C6 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:53:17.0140 1584 RTL8023xp - ok
17:53:17.0187 1584 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:53:17.0187 1584 rtl8139 - ok
17:53:17.0234 1584 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:53:17.0234 1584 RTLE8023xp - ok
17:53:17.0250 1584 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:53:17.0250 1584 SamSs - ok
17:53:17.0296 1584 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:53:17.0296 1584 SASDIFSV - ok
17:53:17.0296 1584 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:53:17.0296 1584 SASKUTIL - ok
17:53:17.0296 1584 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:53:17.0312 1584 SCardSvr - ok
17:53:17.0359 1584 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:53:17.0359 1584 Schedule - ok
17:53:17.0390 1584 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:53:17.0390 1584 Secdrv - ok
17:53:17.0421 1584 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:53:17.0421 1584 seclogon - ok
17:53:17.0421 1584 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:53:17.0421 1584 SENS - ok
17:53:17.0437 1584 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:53:17.0437 1584 serenum - ok
17:53:17.0437 1584 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:53:17.0437 1584 Serial - ok
17:53:17.0500 1584 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:53:17.0500 1584 Sfloppy - ok
17:53:17.0562 1584 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:53:17.0562 1584 SharedAccess - ok
17:53:17.0578 1584 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:53:17.0578 1584 ShellHWDetection - ok
17:53:17.0578 1584 Simbad - ok
17:53:17.0593 1584 Sparrow - ok
17:53:17.0640 1584 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
17:53:17.0640 1584 speedfan - ok
17:53:17.0703 1584 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:53:17.0703 1584 splitter - ok
17:53:17.0750 1584 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:53:17.0750 1584 Spooler - ok
17:53:17.0828 1584 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:53:17.0843 1584 sr - ok
17:53:17.0859 1584 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:53:17.0859 1584 srservice - ok
17:53:17.0921 1584 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:53:17.0937 1584 Srv - ok
17:53:17.0984 1584 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:53:17.0984 1584 SSDPSRV - ok
17:53:18.0000 1584 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:53:18.0015 1584 stisvc - ok
17:53:18.0015 1584 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:53:18.0015 1584 swenum - ok
17:53:18.0031 1584 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:53:18.0031 1584 swmidi - ok
17:53:18.0031 1584 SwPrv - ok
17:53:18.0031 1584 symc810 - ok
17:53:18.0031 1584 symc8xx - ok
17:53:18.0046 1584 sym_hi - ok
17:53:18.0046 1584 sym_u3 - ok
17:53:18.0093 1584 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:53:18.0093 1584 sysaudio - ok
17:53:18.0109 1584 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:53:18.0109 1584 SysmonLog - ok
17:53:18.0156 1584 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:53:18.0156 1584 TapiSrv - ok
17:53:18.0187 1584 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:53:18.0203 1584 Tcpip - ok
17:53:18.0250 1584 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:53:18.0250 1584 TDPIPE - ok
17:53:18.0265 1584 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:53:18.0265 1584 TDTCP - ok
17:53:18.0281 1584 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:53:18.0281 1584 TermDD - ok
17:53:18.0328 1584 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:53:18.0343 1584 TermService - ok
17:53:18.0343 1584 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:53:18.0343 1584 Themes - ok
17:53:18.0343 1584 TosIde - ok
17:53:18.0406 1584 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:53:18.0406 1584 TrkWks - ok
17:53:18.0453 1584 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
17:53:18.0453 1584 TuneUp.Defrag - ok
17:53:18.0484 1584 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:53:18.0484 1584 uagp35 - ok
17:53:18.0531 1584 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:53:18.0546 1584 Udfs - ok
17:53:18.0546 1584 ultra - ok
17:53:18.0593 1584 [ 26401A2C5E5466857077EADAAEC7CDD0 ] UltraMonMirror C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
17:53:18.0593 1584 UltraMonMirror - ok
17:53:18.0640 1584 [ 6FC85B4505EEFBFDFC817787E4B3E26F ] UltraMonUtility C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
17:53:18.0640 1584 UltraMonUtility - ok
17:53:18.0703 1584 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:53:18.0703 1584 UMWdf - ok
17:53:18.0765 1584 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:53:18.0765 1584 Update - ok
17:53:18.0781 1584 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:53:18.0781 1584 upnphost - ok
17:53:18.0828 1584 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:53:18.0828 1584 UPS - ok
17:53:18.0875 1584 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:53:18.0890 1584 USBAAPL - ok
17:53:18.0937 1584 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:53:18.0937 1584 usbccgp - ok
17:53:18.0937 1584 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:53:18.0937 1584 usbehci - ok
17:53:18.0937 1584 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:53:18.0937 1584 usbhub - ok
17:53:19.0000 1584 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:53:19.0000 1584 usbprint - ok
17:53:19.0046 1584 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:53:19.0046 1584 usbscan - ok
17:53:19.0062 1584 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:53:19.0062 1584 USBSTOR - ok
17:53:19.0078 1584 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:53:19.0078 1584 usbuhci - ok
17:53:19.0140 1584 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
17:53:19.0140 1584 UxTuneUp - ok
17:53:19.0140 1584 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:53:19.0140 1584 VgaSave - ok
17:53:19.0187 1584 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:53:19.0187 1584 ViaIde - ok
17:53:19.0218 1584 [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
17:53:19.0218 1584 videX32 - ok
17:53:19.0218 1584 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:53:19.0218 1584 VolSnap - ok
17:53:19.0265 1584 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:53:19.0265 1584 VSS - ok
17:53:19.0312 1584 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:53:19.0312 1584 W32Time - ok
17:53:19.0328 1584 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:53:19.0328 1584 Wanarp - ok
17:53:19.0375 1584 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:53:19.0390 1584 Wdf01000 - ok
17:53:19.0390 1584 WDICA - ok
17:53:19.0406 1584 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:53:19.0406 1584 wdmaud - ok
17:53:19.0421 1584 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:53:19.0421 1584 WebClient - ok
17:53:19.0515 1584 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:53:19.0515 1584 winmgmt - ok
17:53:19.0578 1584 [ 38932C4649F8BAAD6CE1000AC6503D5B ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
17:53:19.0578 1584 WmBEnum - ok
17:53:19.0609 1584 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:53:19.0609 1584 WmdmPmSN - ok
17:53:19.0640 1584 [ 58B3ADAB903FA1A78C86E6A42B80FE76 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
17:53:19.0640 1584 WmFilter - ok
17:53:19.0687 1584 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:53:19.0703 1584 WmiApSrv - ok
17:53:19.0718 1584 [ E45F01F4014D7AB13B8A0C41EBF48A3D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
17:53:19.0718 1584 WmVirHid - ok
17:53:19.0718 1584 [ 0398265DD65AAE2ECE180FA9D1E7B5BB ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
17:53:19.0718 1584 WmXlCore - ok
17:53:19.0734 1584 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:53:19.0734 1584 WS2IFSL - ok
17:53:19.0765 1584 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:53:19.0765 1584 wscsvc - ok
17:53:19.0828 1584 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:53:19.0828 1584 wuauserv - ok
17:53:19.0843 1584 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:53:19.0843 1584 WZCSVC - ok
17:53:19.0875 1584 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:53:19.0875 1584 xmlprov - ok
17:53:19.0906 1584 [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(SMC) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
17:53:19.0906 1584 ZD1211BU(SMC) - ok
17:53:19.0921 1584 ================ Scan global ===============================
17:53:19.0953 1584 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:53:20.0000 1584 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:53:20.0015 1584 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:53:20.0062 1584 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:53:20.0062 1584 [Global] - ok
17:53:20.0062 1584 ================ Scan MBR ==================================
17:53:20.0062 1584 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:53:20.0609 1584 \Device\Harddisk0\DR0 - ok
17:53:20.0625 1584 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:53:20.0796 1584 \Device\Harddisk1\DR1 - ok
17:53:20.0812 1584 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
17:53:20.0984 1584 \Device\Harddisk2\DR2 - ok
17:53:21.0000 1584 ================ Scan VBR ==================================
17:53:21.0000 1584 [ 54A7F129765D2BDE74406488647F0DF4 ] \Device\Harddisk0\DR0\Partition1
17:53:21.0000 1584 \Device\Harddisk0\DR0\Partition1 - ok
17:53:21.0000 1584 [ 0B4A1C3620D1FEEF69BF7683FB03FFCF ] \Device\Harddisk1\DR1\Partition1
17:53:21.0000 1584 \Device\Harddisk1\DR1\Partition1 - ok
17:53:21.0000 1584 [ AC966C1B164FF35A3E2ED8FEC301D6AA ] \Device\Harddisk2\DR2\Partition1
17:53:21.0000 1584 \Device\Harddisk2\DR2\Partition1 - ok
17:53:21.0000 1584 ============================================================
17:53:21.0000 1584 Scan finished
17:53:21.0000 1584 ============================================================
17:53:21.0000 2328 Detected object count: 0
17:53:21.0000 2328 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 00:49:49
-----------------------------
00:49:49.548 OS Version: Windows 5.1.2600 Service Pack 3
00:49:49.548 Number of processors: 2 586 0x1706
00:49:49.548 ComputerName: JBOY UserName:
00:49:50.517 Initialize success
00:50:12.751 AVAST engine defs: 12091201
00:50:14.595 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
00:50:14.595 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
00:50:14.611 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
00:50:14.611 Disk 1 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152627MB BusType: 3
00:50:14.611 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
00:50:14.611 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
00:50:14.658 Disk 1 MBR read successfully
00:50:14.658 Disk 1 MBR scan
00:50:14.798 Disk 1 Windows XP default MBR code
00:50:14.829 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
00:50:14.861 Disk 1 scanning sectors +312560640
00:50:15.095 Disk 1 scanning C:\WINDOWS\system32\drivers
00:51:04.283 Service scanning
00:51:29.173 Modules scanning
00:51:38.173 Disk 1 trace - called modules:
00:51:38.189 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
00:51:38.204 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b298ab8]
00:51:38.204 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8b27b9e8]
00:51:38.204 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8b2c8940]
00:51:39.486 AVAST engine scan C:\WINDOWS
00:51:48.111 AVAST engine scan C:\WINDOWS\system32
00:52:21.298 File: C:\WINDOWS\system32\iDbvGTT.exe **INFECTED** Win32:Trojan-gen
00:54:04.533 AVAST engine scan C:\WINDOWS\system32\drivers
00:54:23.033 AVAST engine scan C:\Documents and Settings\Jonathan
01:03:44.876 AVAST engine scan C:\Documents and Settings\All Users
01:04:58.126 Scan finished successfully
01:05:27.564 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\MBR.dat"
01:05:27.564 The log file has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 17:54:20
-----------------------------
17:54:20.250 OS Version: Windows 5.1.2600 Service Pack 3
17:54:20.250 Number of processors: 2 586 0x1706
17:54:20.250 ComputerName: JBOY UserName:
17:54:21.250 Initialize success
17:56:21.843 AVAST engine defs: 12091301
17:56:23.734 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
17:56:23.734 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
17:56:23.734 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
17:56:23.734 Disk 1 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152627MB BusType: 3
17:56:23.734 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
17:56:23.734 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
17:56:23.750 Disk 1 MBR read successfully
17:56:23.750 Disk 1 MBR scan
17:56:23.796 Disk 1 Windows XP default MBR code
17:56:23.796 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
17:56:23.796 Disk 1 scanning sectors +312560640
17:56:23.875 Disk 1 scanning C:\WINDOWS\system32\drivers
17:56:36.187 Service scanning
17:56:54.218 Modules scanning
17:57:00.562 Disk 1 trace - called modules:
17:57:00.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:57:00.578 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b2c9ab8]
17:57:00.578 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8b2fb9e8]
17:57:00.578 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8b2cbd98]
17:57:00.906 AVAST engine scan C:\WINDOWS
17:57:11.031 AVAST engine scan C:\WINDOWS\system32
17:58:48.812 File: C:\WINDOWS\system32\xXfmCVM.exe **INFECTED** Win32:Trojan-gen
17:59:16.609 AVAST engine scan C:\WINDOWS\system32\drivers
17:59:33.000 AVAST engine scan C:\Documents and Settings\Jonathan
18:04:35.156 AVAST engine scan C:\Documents and Settings\All Users
18:05:48.140 Scan finished successfully
18:07:12.687 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\MBR.dat"
18:07:12.718 The log file has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 14 September 2012 - 01:25 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\WINDOWS\system32\iDbvGTT.exe
C:\WINDOWS\system32\xXfmCVM.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 14 September 2012 - 03:28 AM

ComboFix 12-09-13.03 - Jonathan 09/14/2012 3:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2329 [GMT -5:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jonathan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\iDbvGTT.exe"
"c:\windows\system32\xXfmCVM.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jonathan\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Jonathan\Local Settings\Temp\sfareca00001.dll
c:\program files\Internet Explorer\SETA80.tmp
c:\program files\Internet Explorer\SETA85.tmp
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\SET98D.tmp
c:\windows\system32\SET98E.tmp
c:\windows\system32\SET98F.tmp
c:\windows\system32\SETA3F.tmp
c:\windows\system32\SETA9B.tmp
c:\windows\system32\SETA9C.tmp
c:\windows\system32\SETA9D.tmp
c:\windows\system32\SETA9E.tmp
c:\windows\system32\SETA9F.tmp
c:\windows\system32\SETAA0.tmp
c:\windows\system32\SETAA2.tmp
c:\windows\system32\SETAA6.tmp
c:\windows\system32\SETAA7.tmp
c:\windows\system32\SETAA8.tmp
c:\windows\system32\SETAA9.tmp
c:\windows\system32\SETAAA.tmp
c:\windows\system32\SETAAE.tmp
c:\windows\system32\SETAB0.tmp
c:\windows\system32\SETAB2.tmp
c:\windows\system32\SETAB3.tmp
c:\windows\system32\SETAB5.tmp
c:\windows\system32\SETAB7.tmp
c:\windows\system32\SETAB8.tmp
c:\windows\system32\SETABD.tmp
c:\windows\system32\SETABE.tmp
c:\windows\system32\SETAC1.tmp
c:\windows\system32\SETAC3.tmp
c:\windows\system32\SETAC4.tmp
c:\windows\system32\SETAC5.tmp
c:\windows\system32\SETAC9.tmp
c:\windows\system32\SETACA.tmp
c:\windows\system32\SETACD.tmp
c:\windows\system32\SETACE.tmp
c:\windows\system32\SETACF.tmp
c:\windows\system32\SETB71.tmp
c:\windows\system32\SETB72.tmp
c:\windows\system32\SETB73.tmp
c:\windows\system32\SETB77.tmp
c:\windows\system32\SETB78.tmp
c:\windows\system32\SETB79.tmp
c:\windows\system32\SETB7D.tmp
c:\windows\system32\SETB7F.tmp
c:\windows\system32\xXfmCVM.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 08:12 . 2012-09-14 08:12 54272 ----a-w- c:\windows\system32\WwYNcMX.exe
2012-09-14 07:48 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-14 07:47 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-09-14 07:47 . 2012-07-02 17:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-09-14 07:47 . 2012-07-02 17:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-09-14 07:47 . 2012-07-02 17:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-09-14 07:45 . 2012-09-14 07:47 -------- dc-h--w- c:\windows\ie8
2012-09-14 03:57 . 2012-09-14 04:13 -------- d-----w- c:\windows\LastGood.Tmp
2012-09-14 03:57 . 2012-06-02 20:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-09-14 03:57 . 2012-06-02 20:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-09-14 03:01 . 2012-09-14 03:01 -------- d-----w- c:\program files\Common Files\Java
2012-09-14 03:01 . 2012-09-14 03:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-14 03:01 . 2012-09-14 03:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-14 00:46 . 2012-09-14 00:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-13 11:12 . 2012-09-13 11:12 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86852981-8B19-4DC7-93E9-127F97E1841C}\offreg.dll
2012-09-13 11:10 . 2012-08-23 05:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86852981-8B19-4DC7-93E9-127F97E1841C}\mpengine.dll
2012-09-13 11:10 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-13 11:08 . 2012-09-13 11:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-13 09:38 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-13 09:37 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-13 09:37 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-13 09:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-13 07:17 . 2012-09-13 07:17 -------- d-----w- C:\_OTM
2012-09-13 06:05 . 2012-09-13 06:05 -------- d-----w- c:\program files\ESET
2012-09-13 04:47 . 2012-09-13 07:26 -------- d-----w- C:\MGtools
2012-09-13 04:42 . 2012-09-13 04:42 -------- d-----w- c:\program files\HitmanPro
2012-09-13 04:41 . 2012-09-13 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-09-07 00:43 . 2012-09-13 04:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-06 22:07 . 2012-09-06 22:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-08-28 22:27 . 2012-08-28 22:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 16:36 . 2012-08-21 16:36 -------- d-----w- c:\program files\iPod
2012-08-21 16:36 . 2012-08-21 16:36 -------- d-----w- c:\program files\Bonjour
2012-08-18 11:11 . 2012-08-18 11:11 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\MathematicaPlayer
2012-08-18 11:11 . 2012-08-18 11:11 -------- d-----w- c:\documents and settings\Jonathan\Application Data\MathematicaPlayer
2012-08-18 11:05 . 2012-08-18 11:05 -------- d-----w- c:\program files\Common Files\Wolfram Research
2012-08-18 11:05 . 2012-08-18 11:05 -------- d-----w- c:\program files\Common Files\ResearchSoft
2012-08-18 11:05 . 2012-08-18 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Mathematica
2012-08-18 11:04 . 2011-10-03 23:45 334352 ----a-w- c:\windows\system32\mltcpip32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 93712 ----a-w- c:\windows\system32\mltcp32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 88080 ----a-w- c:\windows\system32\mlshm32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 163344 ----a-w- c:\windows\system32\mlmodule32.dll
2012-08-18 11:04 . 2011-10-03 23:45 79376 ----a-w- c:\windows\system32\mlmap32.mlp
2012-08-18 11:04 . 2011-10-03 23:45 370704 ----a-w- c:\windows\system32\ml32i3.dll
2012-08-18 11:04 . 2011-10-03 23:45 260112 ----a-w- c:\windows\system32\ml32i2.dll
2012-08-18 11:04 . 2011-10-03 23:45 253968 ----a-w- c:\windows\system32\ml32i1.dll
2012-08-18 11:04 . 2012-08-18 11:04 -------- d-----w- c:\program files\Wolfram Research
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 03:01 . 2012-08-10 15:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 03:01 . 2010-07-19 18:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 07:26 . 2012-09-13 04:47 719504 ----a-w- C:\MGlogs.zip
2012-09-13 04:12 . 2010-09-12 20:36 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-09-07 22:04 . 2011-02-15 21:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 15:01 . 2004-08-04 04:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-08-28 22:32 . 2011-05-18 18:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-04 05:56 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-11-07 13:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 15:07 . 2004-08-04 05:56 832512 ------w- c:\windows\system32\wininet.dll
2012-07-03 15:07 . 2004-08-04 05:56 17408 ------w- c:\windows\system32\corpol.dll
2012-07-03 13:40 . 2004-08-04 04:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2004-08-04 05:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 03:59 385024 ------w- c:\windows\system32\html.iec
2012-09-06 01:27 . 2012-09-14 00:46 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-13_22.27.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-09-14 08:15 . 2012-09-14 08:15 16384 c:\windows\temp\Perflib_Perfdata_278.dat
+ 2008-11-07 14:17 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-11-07 15:55 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2006-06-28 23:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 23:59 . 2006-06-28 23:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
+ 2007-08-14 00:39 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
- 2006-06-29 14:05 . 2006-06-29 14:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 14:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2004-08-04 05:56 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2001-08-23 12:00 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2004-08-04 05:56 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 05:56 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 05:56 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2004-08-04 05:56 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-11-07 16:03 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 05:56 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 05:56 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 05:56 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 05:56 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-11-07 16:03 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2008-11-07 13:26 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-04 05:56 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 05:56 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2012-09-14 07:37 . 2012-09-14 07:37 19968 c:\windows\Installer\1f0702c.msi
+ 2011-10-31 07:07 . 2012-09-14 07:49 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-07-04 14:48 . 2012-09-14 07:29 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-07-04 14:48 . 2012-05-05 22:32 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-09-14 07:47 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2012-09-14 07:47 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2012-09-14 07:47 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-09-14 07:48 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-09-14 07:48 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-09-14 07:46 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 44544 c:\windows\ie8\pngfilt.dll
+ 2012-09-14 07:45 . 2007-08-14 00:01 48128 c:\windows\ie8\mshtmler.dll
+ 2012-09-14 07:45 . 2007-08-14 00:32 45568 c:\windows\ie8\mshta.exe
+ 2012-09-14 07:45 . 2007-08-14 00:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2012-09-14 07:45 . 2012-07-03 15:07 52224 c:\windows\ie8\msfeedsbs.dll
+ 2012-09-14 07:45 . 2007-08-14 00:44 40960 c:\windows\ie8\licmgr10.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 27648 c:\windows\ie8\jsproxy.dll
+ 2012-09-14 07:45 . 2007-08-14 00:39 92672 c:\windows\ie8\inseng.dll
+ 2012-09-14 07:45 . 2007-08-14 00:36 36352 c:\windows\ie8\imgutil.dll
+ 2012-09-14 07:45 . 2007-08-14 00:39 55296 c:\windows\ie8\iesetup.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 44544 c:\windows\ie8\iernonce.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 78336 c:\windows\ie8\ieencode.dll
+ 2012-09-14 07:45 . 2012-07-03 12:18 70656 c:\windows\ie8\ie4uinit.exe
+ 2012-09-14 07:45 . 2012-07-03 15:07 63488 c:\windows\ie8\icardie.dll
+ 2012-09-14 07:45 . 2007-08-14 00:18 60416 c:\windows\ie8\hmmapi.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 17408 c:\windows\ie8\corpol.dll
+ 2012-09-14 07:45 . 2007-08-14 00:39 71680 c:\windows\ie8\admparse.dll
+ 2012-09-14 07:47 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
+ 2012-04-06 04:13 . 2012-04-06 04:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2008-11-07 16:01 . 2008-04-14 10:42 121856 c:\windows\system32\xmllite.dll
+ 2008-11-07 16:01 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 05:56 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
- 2004-08-04 05:56 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2012-09-14 03:01 . 2012-09-14 03:01 246760 c:\windows\system32\javaws.exe
+ 2012-09-14 03:01 . 2012-09-14 03:01 174056 c:\windows\system32\javaw.exe
+ 2012-09-14 03:01 . 2012-09-14 03:01 174056 c:\windows\system32\java.exe
+ 2008-11-07 13:26 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2008-11-07 13:26 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 05:56 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
- 2008-11-07 09:01 . 2012-09-13 21:26 165912 c:\windows\system32\FNTCACHE.DAT
+ 2008-11-07 09:01 . 2012-09-14 08:14 165912 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 05:56 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 05:56 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2008-11-07 13:26 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2004-08-04 05:56 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2001-08-23 12:00 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 05:56 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2001-08-23 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2001-08-23 12:00 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-11-07 16:03 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-04 05:56 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-11-07 15:55 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-11-07 15:55 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-11-07 13:26 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 05:56 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-11-07 16:03 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 05:56 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 05:56 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 05:56 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 05:56 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 05:56 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 05:56 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2012-09-14 03:01 . 2012-09-14 03:01 176128 c:\windows\Installer\fa0918.msi
+ 2012-09-14 03:01 . 2012-09-14 03:01 873984 c:\windows\Installer\fa0911.msi
+ 2012-07-18 20:46 . 2012-07-18 20:46 593408 c:\windows\Installer\1f06fc5.msp
+ 2011-09-15 23:43 . 2011-09-15 23:43 976384 c:\windows\Installer\1f06f68.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 677376 c:\windows\Installer\1f06f56.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 675328 c:\windows\Installer\1f06f29.msp
+ 2011-09-16 00:29 . 2011-09-16 00:29 967168 c:\windows\Installer\1f06ef2.msp
+ 2011-09-16 00:27 . 2011-09-16 00:27 967168 c:\windows\Installer\1f06ebd.msp
+ 2011-09-16 00:27 . 2011-09-16 00:27 967168 c:\windows\Installer\1f06eaa.msp
+ 2011-09-16 00:26 . 2011-09-16 00:26 967168 c:\windows\Installer\1f06e98.msp
+ 2011-09-16 00:25 . 2011-09-16 00:25 967168 c:\windows\Installer\1f06e90.msp
+ 2011-09-15 23:38 . 2011-09-15 23:38 675328 c:\windows\Installer\1f06e7c.msp
+ 2011-09-15 23:38 . 2011-09-15 23:38 994304 c:\windows\Installer\1f06e73.msp
+ 2011-09-15 23:36 . 2011-09-15 23:36 675328 c:\windows\Installer\1f06e3b.msp
+ 2011-09-16 00:23 . 2011-09-16 00:23 967168 c:\windows\Installer\1f06e18.msp
+ 2011-09-16 00:25 . 2011-09-16 00:25 967168 c:\windows\Installer\1f06ddd.msp
+ 2012-09-14 07:31 . 2012-09-14 07:31 467456 c:\windows\Installer\1f06cfb.msi
+ 2011-10-31 07:07 . 2012-09-14 07:49 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-09-16 01:41 . 2011-09-16 01:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2011-05-31 20:58 . 2011-05-31 20:58 521080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\POWERPNT.EXE
+ 2012-09-14 07:47 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2012-09-14 07:47 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2012-09-14 07:47 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2012-09-14 07:47 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2012-09-14 07:47 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2012-09-14 07:47 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2012-09-14 07:47 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2012-09-14 07:47 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2012-09-14 07:47 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2012-09-14 07:47 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2012-09-14 07:47 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2012-09-14 07:48 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-09-14 07:48 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-09-14 07:48 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-09-14 07:48 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-09-14 07:48 . 2009-03-08 09:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-09-14 07:48 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-09-14 07:48 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-09-14 07:48 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-09-14 07:48 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-09-14 07:48 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-09-14 07:48 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-09-14 07:48 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-09-14 07:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-09-14 07:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-09-14 07:45 . 2012-07-03 15:07 832512 c:\windows\ie8\wininet.dll
+ 2012-09-14 07:45 . 2007-08-14 00:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2012-09-14 07:45 . 2012-07-03 15:07 233472 c:\windows\ie8\webcheck.dll
+ 2012-09-14 07:45 . 2011-04-30 08:50 766464 c:\windows\ie8\vgx.dll
+ 2012-09-14 07:45 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 106496 c:\windows\ie8\url.dll
+ 2012-09-14 07:46 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2012-09-14 07:46 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2012-09-14 07:45 . 2006-09-06 23:43 213216 c:\windows\ie8\spuninst.exe
+ 2012-09-14 07:45 . 2012-07-03 15:07 102912 c:\windows\ie8\occache.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 671232 c:\windows\ie8\mstime.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 193024 c:\windows\ie8\msrating.dll
+ 2012-09-14 07:45 . 2007-08-14 00:54 156160 c:\windows\ie8\msls31.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 479744 c:\windows\ie8\mshtmled.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 496128 c:\windows\ie8\msfeeds.dll
+ 2012-09-14 07:45 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2012-09-14 07:45 . 2012-07-03 10:57 634488 c:\windows\ie8\iexplore.exe
+ 2012-09-14 07:45 . 2007-08-14 00:54 180736 c:\windows\ie8\ieui.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 268288 c:\windows\ie8\iertutil.dll
+ 2012-09-14 07:45 . 2007-08-14 00:54 287744 c:\windows\ie8\ieproxy.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 192512 c:\windows\ie8\iepeers.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 384512 c:\windows\ie8\iedkcs32.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 380928 c:\windows\ie8\ieapfltr.dll
+ 2012-09-14 07:45 . 2012-07-03 10:56 161792 c:\windows\ie8\ieakui.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 230400 c:\windows\ie8\ieaksie.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 153088 c:\windows\ie8\ieakeng.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 214528 c:\windows\ie8\dxtrans.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 347136 c:\windows\ie8\dxtmsft.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 124928 c:\windows\ie8\advpack.dll
+ 2012-09-13 09:40 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2004-08-04 04:18 . 2012-05-04 13:16 2148352 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 04:18 . 2012-04-11 13:14 2148352 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2012-05-04 12:32 2026496 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2012-04-11 12:35 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2011-07-20 10:12 . 2011-07-20 10:12 1188720 c:\windows\system32\IMJP12K.DLL
+ 2008-11-07 14:28 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 05:56 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
- 2009-04-16 17:25 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-16 17:25 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-16 17:25 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-16 17:25 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 00:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-16 17:25 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-04-16 17:25 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 05:56 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2008-11-07 16:03 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2008-11-07 16:03 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2012-08-30 08:06 . 2012-08-30 08:06 5007872 c:\windows\Installer\1f070f9.msp
+ 2012-06-26 23:03 . 2012-06-26 23:03 3875840 c:\windows\Installer\1f070e1.msp
+ 2012-04-05 03:38 . 2012-04-05 03:38 2831360 c:\windows\Installer\1f070c9.msp
+ 2012-04-29 02:44 . 2012-04-29 02:44 9101824 c:\windows\Installer\1f070b2.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 4250112 c:\windows\Installer\1f07092.msp
+ 2012-05-30 12:18 . 2012-05-30 12:18 1739264 c:\windows\Installer\1f07063.msp
+ 2012-06-19 17:54 . 2012-06-19 17:54 2239488 c:\windows\Installer\1f0705b.msp
+ 2012-04-29 02:44 . 2012-04-29 02:44 9586176 c:\windows\Installer\1f07044.msp
+ 2012-04-05 03:38 . 2012-04-05 03:38 3620864 c:\windows\Installer\1f0700c.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2247168 c:\windows\Installer\1f06ff4.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 1169920 c:\windows\Installer\1f06fdc.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 4225536 c:\windows\Installer\1f06fae.msp
+ 2012-03-15 07:24 . 2012-03-15 07:24 1795584 c:\windows\Installer\1f06f97.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\1f06f80.msp
+ 2011-09-15 23:42 . 2011-09-15 23:42 1204736 c:\windows\Installer\1f06f60.msp
+ 2011-09-16 00:31 . 2011-09-16 00:31 1287680 c:\windows\Installer\1f06f4d.msp
+ 2011-09-16 00:33 . 2011-09-16 00:33 2032128 c:\windows\Installer\1f06f45.msp
+ 2011-09-15 23:41 . 2011-09-15 23:41 1204736 c:\windows\Installer\1f06f3c.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 2126336 c:\windows\Installer\1f06f33.msp
+ 2011-09-16 00:26 . 2011-09-16 00:26 1287680 c:\windows\Installer\1f06f20.msp
+ 2011-09-16 00:29 . 2011-09-16 00:29 1706496 c:\windows\Installer\1f06f18.msp
+ 2011-09-16 00:31 . 2011-09-16 00:31 1354752 c:\windows\Installer\1f06f0e.msp
+ 2011-09-16 00:29 . 2011-09-16 00:29 1287680 c:\windows\Installer\1f06f04.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 3636224 c:\windows\Installer\1f06efc.msp
+ 2011-09-15 23:44 . 2011-09-15 23:44 3571200 c:\windows\Installer\1f06eea.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 5079552 c:\windows\Installer\1f06ede.msp
+ 2011-09-16 00:26 . 2011-09-16 00:26 1923584 c:\windows\Installer\1f06ed0.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 1644032 c:\windows\Installer\1f06ec7.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 4760064 c:\windows\Installer\1f06eb5.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 1594880 c:\windows\Installer\1f06ea2.msp
+ 2011-09-15 23:39 . 2011-09-15 23:39 2116096 c:\windows\Installer\1f06e88.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 3554816 c:\windows\Installer\1f06e6b.msp
+ 2011-09-16 00:28 . 2011-09-16 00:28 2756608 c:\windows\Installer\1f06e60.msp
+ 2011-09-16 00:27 . 2011-09-16 00:27 1608704 c:\windows\Installer\1f06e56.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 1140736 c:\windows\Installer\1f06e4e.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 1060352 c:\windows\Installer\1f06e44.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 1388032 c:\windows\Installer\1f06e32.msp
+ 2011-09-16 00:24 . 2011-09-16 00:24 1579008 c:\windows\Installer\1f06e29.msp
+ 2011-09-15 23:39 . 2011-09-15 23:39 1287680 c:\windows\Installer\1f06e20.msp
+ 2011-09-16 00:21 . 2011-09-16 00:21 1489408 c:\windows\Installer\1f06e10.msp
+ 2011-09-15 23:36 . 2011-09-15 23:36 3009024 c:\windows\Installer\1f06dfa.msp
+ 2011-09-16 00:26 . 2011-09-16 00:26 2681344 c:\windows\Installer\1f06df0.msp
+ 2011-09-15 23:35 . 2011-09-15 23:35 1633280 c:\windows\Installer\1f06de7.msp
+ 2011-09-15 23:35 . 2011-09-15 23:35 1833984 c:\windows\Installer\1f06dd5.msp
+ 2011-09-15 23:43 . 2011-09-15 23:43 9497088 c:\windows\Installer\1f06dc9.msp
+ 2011-09-15 23:41 . 2011-09-15 23:41 9158144 c:\windows\Installer\1f06db4.msp
+ 2011-09-15 23:39 . 2011-09-15 23:39 8664576 c:\windows\Installer\1f06da1.msp
+ 2012-04-05 03:37 . 2012-04-05 03:37 2540544 c:\windows\Installer\1f06d59.msp
+ 2012-04-29 02:43 . 2012-04-29 02:43 8459264 c:\windows\Installer\1f06d41.msp
+ 2012-02-17 13:45 . 2012-02-17 13:45 2299392 c:\windows\Installer\1f06d29.msp
+ 2012-04-05 03:37 . 2012-04-05 03:37 3149824 c:\windows\Installer\1f06cdc.msp
+ 2011-10-31 07:07 . 2012-09-14 07:49 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-31 07:07 . 2012-01-26 05:43 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-31 07:07 . 2012-09-14 07:49 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-05-31 22:24 . 2011-05-31 22:24 2014592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PPTVIEW.EXE
+ 2011-07-27 09:44 . 2011-07-27 09:44 8494968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PPCORE.DLL
+ 2011-07-07 07:58 . 2011-07-07 07:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-27 10:09 . 2011-07-27 10:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2012-09-14 07:47 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2012-09-14 07:47 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2012-09-14 07:47 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 1168896 c:\windows\ie8\urlmon.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 3618816 c:\windows\ie8\mshtml.dll
+ 2012-09-14 07:45 . 2012-07-03 15:07 6105088 c:\windows\ie8\ieframe.dll
+ 2012-09-14 07:45 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
- 2009-04-16 17:25 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-16 17:25 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-16 17:25 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-16 17:25 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-08 00:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-16 17:25 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-16 17:25 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-11-07 16:03 . 2012-07-03 04:19 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-06 07:12 . 2012-04-06 07:12 15709696 c:\windows\Installer\1f0709b.msp
+ 2012-05-30 12:18 . 2012-05-30 12:18 11885056 c:\windows\Installer\1f0707a.msp
+ 2012-07-25 21:59 . 2012-07-25 21:59 11032064 c:\windows\Installer\1f07024.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 14140416 c:\windows\Installer\1f06e07.msp
+ 2011-09-15 23:38 . 2011-09-15 23:38 42583040 c:\windows\Installer\1f06d91.msp
+ 2012-07-18 20:53 . 2012-07-18 20:53 10937344 c:\windows\Installer\1f06d12.msp
+ 2012-09-14 07:28 . 2012-09-14 07:28 20343808 c:\windows\Installer\1f06ce9.msp
+ 2012-01-26 05:55 . 2012-01-26 05:55 15145832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\XL12CNV.EXE
+ 2011-09-16 01:42 . 2011-09-16 01:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-09-14 07:47 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2012-09-14 07:48 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
+ 2012-09-14 07:48 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysinternals Process Explorer"="c:\documents and settings\Jonathan\Desktop\My Stuff\Shortcuts\procexp.exe" [2008-08-06 3520552]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2008-08-19 3562496]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-22 1134592]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-21 2923192]
"Torrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-07 270128]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2008-01-15 694040]
"WwYNcMX"="c:\windows\system32\WwYNcMX.exe" [2012-09-14 54272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-05-31 63856]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
allSnap.lnk - c:\program files\allSnap\allSnap.exe [2008-11-7 90112]
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2007-2-12 1111552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RBTray"=c:\program files\RBTray\RBTray.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [10/2/2009 11:57 PM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [10/3/2009 12:15 AM 123712]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/7/2008 9:51 AM 47360]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/28/2012 5:27 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/2/2009 11:59 PM 1691480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/13/2012 7:46 PM 114144]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [8/24/2006 5:44 AM 477696]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP111
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
TMKEmu
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 22:32]
.
2012-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-09-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{418073D1-D593-4088-99A9-348C2012D6A6}: NameServer = 68.105.28.11,68.105.29.11
TCP: Interfaces\{5D4F83CE-F388-4DD0-B6B9-668AA635FA6A}: NameServer = 8.8.8.8,68.105.28.11,68.105.29.11
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-14 03:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1229272821-2077806209-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:a8,a8,0e,5c,78,74,d9,e2,87,2b,c8,2e,f9,68,ba,54,4f,99,94,3e,d3,
45,62,d8,65,2f,02,58,7a,86,ee,c9,61,bd,b9,d3,8c,ea,5e,44,b2,e5,45,be,d3,63,\
"rkeysecu"=hex:6b,e1,ff,58,a1,78,d0,5c,6c,d3,c9,98,87,56,0a,b6
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\wininet.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\program files\allSnap\snap_libW.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'csrss.exe'(828)
c:\windows\system32\wininet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-09-14 03:23:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-14 08:23
ComboFix2.txt 2012-09-13 22:34
.
Pre-Run: 44,455,989,248 bytes free
Post-Run: 44,591,079,424 bytes free
.
- - End Of File - - 714D0C265B050AD1E23D212E5E6E8553







Alright...there were some errors this time after Combofix did the reboot. It gave me 3 different errors.
ie4uinit.exe Ordinal Not Found - The ordinal 654 could not be located in the dynamic link library iertutil.dll.
rundll32.exe Ordinal Not Found - The ordinal 672 could not be located in the dynamic link library iertutil.dll.
RUNDLL - Error loading C:\WINDOWS\system32\iedkcs32.dll. The operating system cannot run %1.


As far as how the computer is doing...there is still an exe in system32, WwYNcMX.exe. When visiting Amazon.com, I am still prompted with phishing page that won't let me access the real page. Same for my online banking sites.

#10 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 14 September 2012 - 12:41 PM

Not sure this is going to help, but I thought I would throw it out there just in case.

I did some more searching and found that there are others that are experiencing the same bizarre occurrences as me.

Most of the posts seem to be about Ebay or Facebook, and that it comes up and says that it "Detected Suspicious Activity. Your Account has been Blocked" Then it asks you to fill out personal information (including credit card for Ebay).

I experienced this with Amazon and both of my banking sites. You cannot access the site until you enter your information.

After looking through other threads, the only people that found a solution were those that were able to do a system restore to a point before they had it. This is not an option for me.

However, someone pointed out that they had this only in Firefox and Explorer, but not in Chrome.

So, I just tried Chrome out and sure enough, it doesn't happen. I can use those sites just fine in Chrome. If this can somehow lead to me fixing the problem, that would be spectacular since I'm always using FireFox and would like to keep it that way. Until then, I'll use Chrome and hope nothing bad is happening. I've spent several days doing things and the initial issues are still there and seem unfixable...which is incredibly sad. I'm willing to continue doing anything you suggest though. Hopefully this information can help to pinpoint the issue and eradicate it.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 14 September 2012 - 04:59 PM

Hello jmillerdls

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 14 September 2012 - 05:18 PM

OTL logfile created on: 9/14/2012 5:03:54 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.08% Memory free
4.84 Gb Paging File | 3.09 Gb Available in Paging File | 63.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 40.56 Gb Free Space | 27.21% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 0.60 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 32.26 Gb Free Space | 1.73% Space Free | Partition Type: NTFS

Computer Name: JBOY | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jonathan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files\Java\jre7\bin\java.exe (Oracle Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\GRETECH\GomPlayer\GOM.exe (Gretech Corp.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Documents and Settings\Jonathan\Desktop\My Stuff\Shortcuts\procexp.exe (Sysinternals - www.sysinternals.com)
PRC - H:\Completed\Office2007_ThinApp\Office2007_ThinApp\Microsoft Office Excel 2007.exe (Microsoft Corporation)
PRC - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft Ltd)
PRC - C:\Program Files\allSnap\allSnap.exe (Ivan Heckman)
PRC - C:\Program Files\FastStone Capture\FSCapture.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Jonathan\Local Settings\temp\sfareca00001.dll ()
MOD - C:\Program Files\Java\jre7\bin\jp2native.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GAF.ax ()
MOD - C:\Program Files\GRETECH\GomPlayer\GVF.ax ()
MOD - C:\Program Files\GRETECH\GomPlayer\libavcodec.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GRFU.ax ()
MOD - C:\Program Files\GRETECH\GomPlayer\GSFU.ax ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GomTVStrm.dll ()
MOD - C:\WINDOWS\system32\Execute.dll ()
MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax ()
MOD - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_libmad.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Atomic Alarm Clock\Clock.dll ()
MOD - C:\Program Files\FastStone Capture\FSCapture.exe ()


========== Services (SafeList) ==========

SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\DOCUME~1\Jonathan\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Dynex )
DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (UltraMonMirror) -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys (Realtime Soft)
DRV - (UltraMonUtility) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (ZD1211BU(SMC) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\..\SearchScopes\{A93C2C1D-0772-4519-A42B-B6B16D6BC641}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: izer@camelcamelcamel.com:1.6
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: zoompage@DW-dev:4.3
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
FF - prefs.js..extensions.enabledAddons: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: clpics@eternicode.com:0.8.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/13 19:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/08 22:04:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{27A6247D-F87F-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Jonathan\Local Settings\Application Data\{27A6247D-F87F-11E1-8270-B8AC6F996F26}\

[2012/09/13 19:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Extensions
[2012/09/14 04:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions
[2012/09/13 19:53:28 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/09/13 19:53:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/13 19:53:28 | 000,109,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/09/14 04:09:31 | 000,048,136 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\clpics@eternicode.com.xpi
[2012/09/13 19:53:28 | 000,090,150 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\craigslistpeek@tech4computer.xpi
[2012/09/13 19:50:52 | 000,003,901 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\easy.app.tabs@phob.net.xpi
[2012/09/13 19:51:10 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/09/13 19:53:28 | 000,058,906 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\izer@camelcamelcamel.com.xpi
[2012/09/13 19:53:28 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\personas@christopher.beard.xpi
[2012/09/13 19:53:28 | 000,042,674 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\zoompage@DW-dev.xpi
[2012/09/13 19:53:28 | 000,172,465 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2012/09/13 19:48:01 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/13 19:53:29 | 000,702,524 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/13 19:57:25 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\searchplugins\imdb.xml
[2012/09/13 19:56:06 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\searchplugins\webster.xml
[2012/09/13 19:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/21 08:04:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/14 03:15:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [Torrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [Sysinternals Process Explorer] C:\Documents and Settings\Jonathan\Desktop\My Stuff\Shortcuts\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft Ltd)
O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [WwYNcMX] C:\WINDOWS\system32\WwYNcMX.exe ()
O4 - Startup: C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\allSnap.lnk = C:\Program Files\allSnap\allSnap.exe (Ivan Heckman)
O4 - Startup: C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418073D1-D593-4088-99A9-348C2012D6A6}: NameServer = 68.105.28.11,68.105.29.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4F83CE-F388-4DD0-B6B9-668AA635FA6A}: NameServer = 8.8.8.8,68.105.28.11,68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/07 08:28:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 17:01:53 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2012/09/14 12:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Google Chrome
[2012/09/14 12:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/14 02:48:18 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/09/14 02:47:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/09/14 02:47:13 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/09/14 02:45:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/13 23:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\Community
[2012/09/13 22:57:57 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/09/13 22:57:57 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/09/13 22:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/13 22:01:40 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/13 22:01:39 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/13 22:01:35 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/13 22:01:35 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/13 22:01:35 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/13 19:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/13 17:50:52 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2012/09/13 17:34:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/13 17:01:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/13 16:59:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/13 16:59:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/13 16:59:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/13 16:59:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/13 16:55:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/13 16:55:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/13 16:53:33 | 004,749,794 | R--- | C] (Swearware) -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2012/09/13 13:51:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jonathan\Desktop\dds.com
[2012/09/13 06:10:38 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/09/13 06:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/13 06:06:55 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jonathan\Desktop\mseinstall.exe
[2012/09/13 04:39:07 | 000,649,864 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jonathan\Desktop\autoruns.exe
[2012/09/13 04:39:07 | 000,567,944 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jonathan\Desktop\autorunsc.exe
[2012/09/13 04:38:12 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/09/13 04:37:32 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/09/13 04:37:27 | 001,632,160 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jonathan\Desktop\rkill.exe
[2012/09/13 04:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2012/09/13 02:17:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/13 02:16:12 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTM.exe
[2012/09/13 02:01:55 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Jonathan\Desktop\FSS.exe
[2012/09/13 02:01:44 | 000,751,391 | ---- | C] (Farbar) -- C:\Documents and Settings\Jonathan\Desktop\MiniToolBox.exe
[2012/09/13 01:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/13 00:41:11 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Jonathan\Desktop\esetsmartinstaller_enu.exe
[2012/09/13 00:40:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jonathan\Desktop\aswMBR.exe
[2012/09/12 23:47:07 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/09/12 23:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/09/12 23:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/09/12 23:41:26 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Jonathan\Desktop\HitmanPro36.exe
[2012/09/12 23:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\RK_Quarantine
[2012/09/12 22:52:08 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Jonathan\Desktop\GooredFix.exe
[2012/09/08 22:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/06 19:43:08 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/09/06 19:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/09/06 19:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/09/06 17:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/09/01 17:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Any Video Converter Ultimate 4.3.2 PortableAppZ
[2012/08/28 17:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2012/08/28 17:27:29 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/21 11:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/08/21 11:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/08/21 11:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/18 06:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\MathematicaPlayer
[2012/08/18 06:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\MathematicaPlayer
[2012/08/18 06:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MathematicaPlayer
[2012/08/18 06:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wolfram Research
[2012/08/18 06:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012/08/18 06:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mathematica
[2012/08/18 06:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wolfram CDF Player
[2012/08/18 06:04:42 | 000,370,704 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i3.dll
[2012/08/18 06:04:42 | 000,334,352 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mltcpip32.mlp
[2012/08/18 06:04:42 | 000,260,112 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i2.dll
[2012/08/18 06:04:42 | 000,253,968 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i1.dll
[2012/08/18 06:04:42 | 000,163,344 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmodule32.dll
[2012/08/18 06:04:42 | 000,093,712 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mltcp32.mlp
[2012/08/18 06:04:42 | 000,088,080 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlshm32.mlp
[2012/08/18 06:04:42 | 000,079,376 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmap32.mlp
[2012/08/18 06:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2012/08/17 22:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\Business Law
[2012/08/17 22:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\Philosophy
[2012/08/17 22:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\English
[2012/08/17 22:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\Calculus
[2008/11/07 09:51:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jonathan\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/09/14 17:12:21 | 000,021,061 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\B00FF200
[2012/09/14 17:02:13 | 000,011,454 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\List.asx
[2012/09/14 17:01:52 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2012/09/14 16:35:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2077806209-682003330-1004UA.job
[2012/09/14 16:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/14 14:46:54 | 182,387,620 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\push.girls.s01e03.dsr.x264-2hd.mp4
[2012/09/14 13:55:31 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 13:51:02 | 244,736,000 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Episodes.S01E02.BDRip.XviD-SAiNTS.avi
[2012/09/14 12:35:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2077806209-682003330-1004Core.job
[2012/09/14 12:30:52 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Google Chrome.lnk
[2012/09/14 12:30:52 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/14 10:49:36 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\AtomicAlarmClock.ini
[2012/09/14 10:49:35 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\alarms.ini
[2012/09/14 03:25:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/14 03:15:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/14 03:15:27 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/14 03:15:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/14 03:14:59 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/14 03:12:48 | 000,054,272 | ---- | M] () -- C:\WINDOWS\System32\WwYNcMX.exe
[2012/09/14 02:48:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/13 22:01:26 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/13 22:01:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/13 22:01:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/13 22:01:26 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/13 22:01:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/13 22:01:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/13 22:01:25 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/13 21:48:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/13 19:46:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/13 17:01:59 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2012/09/13 16:53:44 | 004,749,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2012/09/13 16:30:02 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\RogueKiller(1).exe
[2012/09/13 16:17:23 | 000,854,156 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\SecurityCheck.exe
[2012/09/13 13:51:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jonathan\Desktop\dds.com
[2012/09/13 13:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/13 06:09:45 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/13 06:07:49 | 000,433,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/13 06:07:49 | 000,067,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/13 06:07:01 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jonathan\Desktop\mseinstall.exe
[2012/09/13 04:38:53 | 000,540,921 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Autoruns.zip
[2012/09/13 04:37:28 | 001,632,160 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jonathan\Desktop\rkill.exe
[2012/09/13 04:31:06 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ServicesRepair.exe
[2012/09/13 02:26:17 | 000,719,504 | ---- | M] () -- C:\MGlogs.zip
[2012/09/13 02:17:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\
[2012/09/13 02:16:11 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTM.exe
[2012/09/13 02:02:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/09/13 02:02:00 | 000,512,399 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\adwcleaner.exe
[2012/09/13 02:01:55 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Jonathan\Desktop\FSS.exe
[2012/09/13 02:01:43 | 000,751,391 | ---- | M] (Farbar) -- C:\Documents and Settings\Jonathan\Desktop\MiniToolBox.exe
[2012/09/13 00:41:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jonathan\Desktop\aswMBR.exe
[2012/09/13 00:41:17 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Jonathan\Desktop\esetsmartinstaller_enu.exe
[2012/09/12 23:41:46 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Jonathan\Desktop\HitmanPro36.exe
[2012/09/12 23:22:13 | 001,670,468 | ---- | M] () -- C:\MGtools.exe
[2012/09/12 23:15:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/09/12 23:12:23 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/09/12 22:52:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Jonathan\Desktop\GooredFix.exe
[2012/09/12 18:20:51 | 000,008,128 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/10 09:16:28 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jonathan\Desktop\autoruns.exe
[2012/09/10 09:16:28 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jonathan\Desktop\autorunsc.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/07 16:51:19 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2012/08/28 17:32:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/28 17:32:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2012/08/19 18:52:12 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to Microsoft Office PowerPoint 2007.lnk
[2012/08/19 18:52:12 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to Microsoft Office Excel 2007.lnk
[2012/08/19 18:52:12 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2012/09/14 14:50:23 | 182,387,620 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\push.girls.s01e03.dsr.x264-2hd.mp4
[2012/09/14 13:55:33 | 244,736,000 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Episodes.S01E02.BDRip.XviD-SAiNTS.avi
[2012/09/14 12:30:52 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Google Chrome.lnk
[2012/09/14 12:30:52 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/14 12:30:10 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2077806209-682003330-1004UA.job
[2012/09/14 12:30:10 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2077806209-682003330-1004Core.job
[2012/09/14 03:12:48 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\WwYNcMX.exe
[2012/09/13 19:46:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/13 17:01:59 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2012/09/13 17:01:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/13 16:59:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/13 16:59:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/13 16:59:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/13 16:59:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/13 16:59:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/13 16:30:05 | 001,378,816 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\RogueKiller(1).exe
[2012/09/13 16:17:59 | 000,854,156 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\SecurityCheck.exe
[2012/09/13 13:55:56 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\gmer.exe
[2012/09/13 06:18:52 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/13 06:09:45 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/09/13 06:08:51 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/13 05:56:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/13 04:39:07 | 000,049,648 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\autoruns.chm
[2012/09/13 04:38:55 | 000,540,921 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Autoruns.zip
[2012/09/13 04:37:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/13 04:37:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/13 04:31:04 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\ServicesRepair.exe
[2012/09/13 02:17:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\
[2012/09/13 02:02:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/09/13 02:02:00 | 000,512,399 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\adwcleaner.exe
[2012/09/12 23:47:09 | 000,719,504 | ---- | C] () -- C:\MGlogs.zip
[2012/09/12 23:22:37 | 001,670,468 | ---- | C] () -- C:\MGtools.exe
[2012/08/28 17:27:30 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 18:52:12 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to Microsoft Office PowerPoint 2007.lnk
[2012/08/19 18:52:12 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to Microsoft Office Excel 2007.lnk
[2012/08/19 18:52:12 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to Microsoft Office Word 2007.lnk
[2012/01/29 19:13:14 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~RITbIS7Vjd8noFr
[2012/01/29 19:13:13 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~RITbIS7Vjd8noF
[2012/01/29 17:46:32 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RITbIS7Vjd8noF
[2012/01/26 00:04:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/12 22:53:11 | 000,027,844 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/06 21:42:09 | 000,008,128 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/02 16:01:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jonathan\webct_upload_applet.properties
[2011/07/03 20:05:53 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2011/04/24 18:23:20 | 000,116,839 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2011/04/24 18:20:09 | 000,091,704 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/04/24 18:13:31 | 000,157,436 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/04/24 18:13:31 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/04/21 10:04:30 | 002,309,120 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/04/21 10:04:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2011/04/21 10:04:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\utility3.dll
[2011/04/21 10:04:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\Execute.dll
[2011/04/21 10:04:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011/04/17 16:41:27 | 000,166,281 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
[2011/04/17 16:41:27 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
[2011/04/17 15:32:45 | 000,093,069 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2011/04/17 15:30:13 | 000,077,372 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011/01/20 13:47:20 | 000,000,284 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2010/05/02 18:36:38 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Jonathan\010000004510DE00000000.bios
[2010/02/09 12:21:49 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\machpro.dat
[2010/01/16 18:45:03 | 000,004,937 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/08/03 03:00:22 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\setup_ldm.iss
[2008/11/07 21:11:28 | 000,001,389 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\alarms.ini
[2008/11/07 21:11:26 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\AtomicAlarmClock.ini
[2008/11/07 09:51:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\pcouffin.cat
[2008/11/07 09:51:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\pcouffin.inf
[2008/11/07 09:03:59 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 14 September 2012 - 05:53 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files\Veetle\Player\npvlc.dll File not found
    FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    O3 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
    [2012/09/13 19:51:10 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\elemhidehelper@adblockplus.org.xpi
    O4 - HKU\S-1-5-21-1229272821-2077806209-682003330-1004..\Run: [WwYNcMX] C:\WINDOWS\system32\WwYNcMX.exe ()
    [2012/09/14 03:12:48 | 000,054,272 | ---- | M] () -- C:\WINDOWS\System32\WwYNcMX.exe
    [2012/09/13 02:17:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\
    [2012/01/29 19:13:14 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~RITbIS7Vjd8noFr
    [2012/01/29 19:13:13 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~RITbIS7Vjd8noF
    [2012/01/29 17:46:32 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RITbIS7Vjd8noF
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 14 September 2012 - 06:25 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@macromedia.com/FlashPlayer9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@macromedia.com/FlashPlayer9\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\WINDOWS\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xoedk6xx.default\extensions\elemhidehelper@adblockplus.org.xpi moved successfully.
Registry value HKEY_USERS\S-1-5-21-1229272821-2077806209-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\WwYNcMX deleted successfully.
C:\WINDOWS\system32\WwYNcMX.exe moved successfully.
File C:\WINDOWS\System32\WwYNcMX.exe not found.
C:\Documents and Settings\Jonathan\Local Settings\Application Data\ moved successfully.
C:\Documents and Settings\All Users\Application Data\~RITbIS7Vjd8noFr moved successfully.
C:\Documents and Settings\All Users\Application Data\~RITbIS7Vjd8noF moved successfully.
C:\Documents and Settings\All Users\Application Data\RITbIS7Vjd8noF moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jonathan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jonathan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: Jonathan
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: postgres

User: postgres.BAS

User: postgres.BAS.000

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Jonathan
->Flash cache emptied: 5579 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: postgres

User: postgres.BAS

User: postgres.BAS.000

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.4 log created on 09142012_182102





It didn't ask me to reboot. Amazon still has the same issue and the .exe file is still in system32.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 14 September 2012 - 06:44 PM

restart the computer and then check things out and let me know in which browsers this is happening in



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users