chefhop

Members

View Profile See their activity

Posts
17
Joined
March 14, 2012
Last visited
August 25, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by chefhop

redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Family [Admin rights] Mode: Scan -- Date: 08/23/2012 18:11:48 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 +++++ --- User --- [MBR] 253541b0f6b649e762ccebb741f8a731 [bSP] d70386338c994455403ffd20da7d4036 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
- August 23, 2012
- 17 replies
redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

OTL logfile created on: 8/23/2012 4:55:55 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = H:\Documents and Settings\Family\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.15% Memory free 4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.67% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive H: | 931.50 Gb Total Space | 538.72 Gb Free Space | 57.83% Space Free | Partition Type: NTFS Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/23 16:55:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe PRC - [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- H:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- H:\WINDOWS\system32\HPZipm12.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 18:28:55 | 000,442,392 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll MOD - [2012/08/17 18:28:52 | 003,997,720 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll MOD - [2012/08/17 18:27:23 | 000,144,424 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\avutil-51.dll MOD - [2012/08/17 18:27:22 | 000,266,792 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\avformat-54.dll MOD - [2012/08/17 18:27:21 | 002,480,680 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/02/16 04:33:15 | 000,212,992 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll MOD - [2012/02/16 04:32:06 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll MOD - [2012/02/16 04:10:37 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll MOD - [2012/02/16 04:09:23 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll MOD - [2012/02/16 04:08:47 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012/01/03 04:02:30 | 011,490,816 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- H:\WINDOWS\system32\PDFreDirectMonNT.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/08/14 15:12:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2010/01/06 05:21:00 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/01/28 16:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/01/28 16:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2007/05/02 17:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2003/07/16 12:05:32 | 000,001,247 | ---- | M] () [Kernel | System | Stopped] -- H:\Program Files\Land Desktop 2004\Land\changer.lsp -- (Changer) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {17DB2045-0C50-4102-BB7E-7D79B78F489D} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{17DB2045-0C50-4102-BB7E-7D79B78F489D}: "URL" = http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/'>http://www.google.com/ IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes,DefaultScope = {8EA46386-210C-4709-9654-4AC694F38D62} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{11FC9A64-3DD3-4EE1-8330-843181AE3E5C}: "URL" = http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=4D9226180AD59EF48EA170500C13592A&q={searchTerms} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{8EA46386-210C-4709-9654-4AC694F38D62}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{C30F98D4-03A1-46D0-901D-58C02687F059}: "URL" = http://start.funmoods.com/results.php?f=4&a=bndlr&q={searchTerms} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d19e2f1&v=7.4.22.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: H:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: h:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: h:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: h:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/12 08:53:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: H:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/12 08:52:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/01 12:04:56 | 000,000,000 | ---D | M] [2012/04/11 18:07:08 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = H:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = h:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprpplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = H:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Unity Player (Enabled) = H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: YouTube = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/19 21:50:32 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (no name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-21-2025429265-527237240-839522115-1003..\Run: [C98CF85A63E3CDE4C38D8157EBCF010F6E713B24._service_run] H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-2025429265-527237240-839522115-1003..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Se&nd to OneNote - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - H:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/23 16:55:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe [2012/08/22 17:31:40 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\Super Hostile - Spellbound Caves v3.0 [2012/08/22 17:31:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\The Minercraft Stories [2012/08/20 23:58:29 | 000,000,000 | ---D | C] -- H:\Program Files\OxeFMSynth [2012/08/20 23:58:29 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Oxe FM Synth [2012/08/20 19:46:37 | 000,000,000 | -HSD | C] -- H:\RECYCLER [2012/08/19 21:36:21 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe [2012/08/19 21:36:21 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe [2012/08/19 21:36:21 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe [2012/08/19 21:36:21 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe [2012/08/19 21:36:13 | 000,000,000 | ---D | C] -- H:\Qoobox [2012/08/19 12:26:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\RK_Quarantine [2012/08/16 21:41:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\jit [2012/08/16 13:11:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Start Menu\Programs\ProProfs [2012/08/16 13:11:41 | 000,000,000 | ---D | C] -- H:\Program Files\ProProfs CompTIA A+ Practice Exams [2012/08/16 13:11:31 | 000,831,488 | ---- | C] (Atrixware, LLC.) -- H:\WINDOWS\Setup1.exe [2012/08/16 09:42:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Local Settings\Application Data\SlimWare Utilities Inc [2012/08/16 09:42:46 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Documents\Downloaded Installers [2012/08/01 18:51:21 | 000,000,000 | ---D | C] -- H:\Program Files\Citrix [2012/07/29 15:27:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\craigslist [2012/07/26 19:52:20 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\.techniclauncher [6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/23 16:55:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe [2012/08/23 16:54:40 | 000,000,280 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job [2012/08/23 16:54:37 | 000,000,288 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job [2012/08/23 16:54:35 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2012/08/23 16:53:46 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/08/23 16:53:44 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2012/08/23 16:46:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/08/23 16:12:00 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/08/23 12:18:43 | 000,122,881 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\tv.jpg [2012/08/23 09:38:04 | 104,747,107 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/08/22 23:49:00 | 000,229,946 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\shutupsamf.rns [2012/08/22 18:01:55 | 000,253,301 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/08/21 00:02:01 | 000,000,628 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Oxe FM Synth.lnk [2012/08/19 21:50:32 | 000,000,027 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts [2012/08/19 00:00:07 | 022,201,900 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Super Hostile 10 - Spellbound Caves v3.0.zip [2012/08/18 15:11:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/08/16 16:28:20 | 000,001,077 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\my_skin.png [2012/08/16 13:12:04 | 000,000,921 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\CompTIA A+ Practice Exams.LNK [2012/08/16 13:11:31 | 000,831,488 | ---- | M] (Atrixware, LLC.) -- H:\WINDOWS\Setup1.exe [2012/08/16 12:50:12 | 000,505,612 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2012/08/16 12:50:12 | 000,089,332 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2012/08/16 12:34:46 | 000,253,052 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\realquick.rns [2012/08/16 09:20:07 | 000,000,602 | ---- | M] () -- H:\WINDOWS\link32.INI [2012/08/13 19:28:13 | 000,001,327 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\sketch.png [2012/08/13 11:57:24 | 000,556,103 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\kidzplayw9.pdf [2012/08/11 21:15:32 | 000,000,616 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ReCycle.lnk [2012/08/10 10:48:03 | 000,027,520 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\dt.dat [2012/08/09 09:28:47 | 000,178,616 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\yeahdad.rns [2012/07/27 20:49:56 | 000,000,038 | ---- | M] () -- H:\WINDOWS\AviSplitter.INI [2012/07/27 20:48:58 | 000,055,808 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/26 21:18:03 | 000,258,794 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\fuqagoat.rns [6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/23 12:18:49 | 000,122,881 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\tv.jpg [2012/08/21 21:32:30 | 000,229,946 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\shutupsamf.rns [2012/08/21 00:02:01 | 000,000,628 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Oxe FM Synth.lnk [2012/08/19 21:36:21 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe [2012/08/19 21:36:21 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe [2012/08/19 21:36:21 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe [2012/08/19 21:36:21 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe [2012/08/19 21:36:21 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe [2012/08/19 00:00:07 | 022,201,900 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Super Hostile 10 - Spellbound Caves v3.0.zip [2012/08/16 13:12:04 | 000,000,921 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\CompTIA A+ Practice Exams.LNK [2012/08/13 19:46:30 | 000,001,077 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\my_skin.png [2012/08/13 19:28:13 | 000,001,327 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\sketch.png [2012/08/13 11:56:51 | 000,556,103 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\kidzplayw9.pdf [2012/08/11 21:15:32 | 000,000,616 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ReCycle.lnk [2012/08/10 10:48:03 | 000,027,520 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\dt.dat [2012/08/09 09:28:57 | 000,253,052 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\realquick.rns [2012/08/05 17:12:23 | 000,178,616 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\yeahdad.rns [2012/07/27 20:48:57 | 000,000,038 | ---- | C] () -- H:\WINDOWS\AviSplitter.INI [2012/04/12 16:15:27 | 000,407,120 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\store-pp.db-journal [2012/03/29 09:52:05 | 000,204,800 | ---- | C] () -- H:\WINDOWS\System32\igfxCoIn_v4820.dll [2012/03/29 09:40:15 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat [2012/03/16 14:36:27 | 000,188,633 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache [2012/03/16 14:36:24 | 000,195,586 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache [2012/03/16 14:29:43 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache [2012/02/15 19:48:01 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll [2012/02/14 13:47:00 | 000,331,263 | ---- | C] () -- H:\WINDOWS\LOOP.exe [2011/09/01 15:27:54 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\prvlcl.dat [2011/08/04 17:58:40 | 000,000,602 | ---- | C] () -- H:\WINDOWS\link32.INI [2011/07/11 15:18:32 | 000,002,528 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\$_hpcst$.hpc [2011/02/11 22:11:08 | 000,048,588 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat [2011/02/03 11:51:41 | 000,055,808 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/05 00:18:14 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI [2010/12/30 12:08:00 | 000,000,129 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat [2010/12/30 11:56:05 | 000,112,410 | ---- | C] () -- H:\WINDOWS\hpoins07.dat [2010/12/30 11:56:05 | 000,021,124 | ---- | C] () -- H:\WINDOWS\hpomdl07.dat [2010/12/28 13:18:32 | 000,000,090 | ---- | C] () -- H:\WINDOWS\QBChanUtil_Trigger.ini [2010/12/28 08:34:30 | 000,049,152 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe [2010/12/27 16:28:52 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat [2010/12/27 16:24:54 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat [2010/12/27 11:13:49 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI [2010/12/27 11:12:49 | 000,411,880 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/07/27 20:35:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Autodesk [2012/03/26 08:14:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2012 [2012/07/22 11:03:55 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\blekko toolbars [2012/04/11 18:10:15 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\boost_interprocess [2010/12/28 13:18:31 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files [2012/07/08 15:23:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\F4D55F17000402900023F694D151FC4E [2012/08/23 09:38:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData [2010/12/28 13:18:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Nuance [2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PDF reDirect [2012/08/19 21:48:49 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Propellerhead Software [2010/12/28 13:24:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\SQL Anywhere 11 [2012/08/19 12:24:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Tarma Installer [2011/01/05 09:00:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon [2011/01/05 08:55:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Western Digital [2010/12/29 08:43:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/01/11 21:19:05 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756} [2011/01/12 07:14:46 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{C5A0D307-9319-4B00-9734-C0F4B0454A7B} [2012/08/22 19:25:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.minecraft [2012/08/13 16:06:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.techniclauncher [2011/07/27 20:43:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Autodesk [2012/03/26 08:05:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\AVG2012 [2012/08/23 16:52:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\BitTorrent [2012/07/22 11:11:09 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\calibre [2011/10/20 10:13:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\ChessBase [2011/01/23 23:13:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\dtband [2011/08/18 22:04:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoft [2011/03/13 22:00:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoftIEHelpers [2012/04/12 16:12:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\mcpatcher [2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\NetMedia Providers [2010/12/30 11:43:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\OpenOffice.org [2012/04/12 07:00:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PDF reDirect [2011/12/27 12:57:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PhotoScape [2012/08/19 21:48:49 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Propellerhead Software [2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Publish Providers [2012/04/11 18:10:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\searchquband [2011/01/23 23:13:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\somototoolbar [2010/12/28 14:24:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Sony [2012/03/29 09:57:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\SystemRequirementsLab [2010/12/29 01:05:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Unity [2011/01/05 08:55:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Western Digital [2012/07/22 10:54:53 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Xilisoft ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/23/2012 4:55:55 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = H:\Documents and Settings\Family\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.15% Memory free 4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.67% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive H: | 931.50 Gb Total Space | 538.72 Gb Free Space | 57.83% Space Free | Partition Type: NTFS Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "H:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "H:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "H:\Program Files\att-nap\McciBrowser.exe" = H:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.) "H:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = H:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.) "H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "H:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "H:\Program Files\Steam\Steam.exe" = H:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "H:\Program Files\BitTorrent\BitTorrent.exe" = H:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "H:\Program Files\AVG\AVG2012\avgmfapx.exe" = H:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "H:\Program Files\AVG\AVG2012\avgnsx.exe" = H:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "H:\Program Files\AVG\AVG2012\avgdiagex.exe" = H:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "H:\Program Files\AVG\AVG2012\avgemcx.exe" = H:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "H:\Program Files\Steam\SteamApps\common\dungeon defenders demo\Binaries\Win32\DungeonDefenders.exe" = H:\Program Files\Steam\SteamApps\common\dungeon defenders demo\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders Demo -- (Trendy Entertainment LLC) "H:\Program Files\Steam\SteamApps\common\arma 2 free\ArmA2Free.exe" = H:\Program Files\Steam\SteamApps\common\arma 2 free\ArmA2Free.exe:*:Enabled:ARMA 2: Free -- (Bohemia Interactive) "H:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = H:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- () "H:\Program Files\Java\jre6\bin\javaw.exe" = H:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks "{0700E22B-A420-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1 "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 34 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{411949AB-6EE8-4C62-9C72-EBC93B6A7935}" = AVG 2012 "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5783F2D7-0208-0409-0000-0060B0CE6BBA}" = Autodesk Land Desktop 2004 "{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9 "{5783F2D7-2208-0409-0000-0060B0CE6BBA}" = Autodesk Survey 2004 "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500 "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0 "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0 "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{A74C1699-4BCE-433F-82D6-F11207A0581B}" = Sony ACID Music Studio 7.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B364DC2A-9783-4737-B795-D6F0562A41C5}" = calibre "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Autodesk Express Viewer" = Autodesk Express Viewer "AVG" = AVG 2012 "BitTorrent" = BitTorrent "Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.3.0.0 "Burn4Free Toolbar" = Burn4Free Toolbar "FormatFactory" = FormatFactory 2.70 "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "HP Document Viewer" = HP Document Viewer 5.3 "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP Photo & Imaging" = HP Image Zone 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Native Instruments Kore Player" = Native Instruments Kore Player "Native Instruments Service Center" = Native Instruments Service Center "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Non Driver CIO Components" = Non Driver CIO Components "Office14.SingleImage" = Microsoft Office Professional 2010 "Oxe FM Synth_is1" = Oxe FM Synth 1.1.2 "PDF reDirect" = PDF reDirect (remove only) "PhotoScape" = PhotoScape "RealPlayer 15.0" = RealPlayer "Reason5_is1" = Reason 5.0 "ReCycle v2.1" = ReCycle v2.1 "SkyHillKIDSforWindows_is1" = Minute Menu Kids "ST6UNST #1" = ProProfs CompTIA A+ Practice Exams "Steam App 107400" = ARMA 2: Free "Steam App 201680" = Dungeon Defenders Demo "Steam App 550" = Left 4 Dead 2 "The Rosetta Stone" = The Rosetta Stone "UnityWebPlayer" = Unity Web Player "VLC media player" = VLC media player 1.1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/9/2012 4:36:31 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978. Error - 8/10/2012 10:17:38 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x035f6218. Error - 8/11/2012 3:07:16 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000 Description = Faulting application mbam.exe, version 1.62.0.87, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000108d3. Error - 8/13/2012 11:16:34 AM | Computer Name = ROBERTSON | Source = Microsoft Office 14 | ID = 5000 Description = EventType office11shipassert, P1 2jiy, P2 14.0.6029.0, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 8/13/2012 7:25:13 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978. Error - 8/13/2012 7:25:29 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978. Error - 8/18/2012 5:21:41 PM | Computer Name = ROBERTSON | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/19/2012 4:29:18 PM | Computer Name = ROBERTSON | Source = Application Hang | ID = 1002 Description = Hanging application javaw.exe, version 6.0.310.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/19/2012 4:37:17 PM | Computer Name = ROBERTSON | Source = Application Hang | ID = 1002 Description = Hanging application javaw.exe, version 6.0.310.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/19/2012 9:33:11 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000 Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module teatimer.exe, version 1.6.6.32, fault address 0x0006e66e. [ System Events ] Error - 8/19/2012 10:50:56 AM | Computer Name = ROBERTSON | Source = DCOM | ID = 10010 Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error - 8/19/2012 12:22:17 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 8/19/2012 12:22:47 PM | Computer Name = ROBERTSON | Source = DCOM | ID = 10010 Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error - 8/19/2012 12:36:40 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 8/19/2012 12:37:10 PM | Computer Name = ROBERTSON | Source = DCOM | ID = 10010 Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error - 8/19/2012 9:50:58 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 8/20/2012 2:33:04 PM | Computer Name = ROBERTSON | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 8/20/2012 2:33:20 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 8/22/2012 7:39:44 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 8/23/2012 4:54:21 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 < End of report >
- August 23, 2012
- 17 replies
redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

it happens in google chrome and internet explorer. those are the only 2 that we use.
- August 23, 2012
- 17 replies
redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.20.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Family :: ROBERTSON [administrator] 8/23/2012 9:42:14 AM mbam-log-2012-08-23 (09-42-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236354 Time elapsed: 4 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The redirect is still present.
- August 23, 2012
- 17 replies
redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

ComboFix 12-08-18.03 - Family 08/19/2012 21:39:04.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2401 [GMT -4:00] Running from: h:\documents and settings\Family\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . h:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle h:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat h:\documents and settings\All Users\Start Menu\HP Image Zone .lnk h:\documents and settings\Family\Application Data\PriceGong h:\documents and settings\Family\Application Data\PriceGong\Data\1.txt h:\documents and settings\Family\Application Data\PriceGong\Data\2229.txt h:\documents and settings\Family\Application Data\PriceGong\Data\a.txt h:\documents and settings\Family\Application Data\PriceGong\Data\b.txt h:\documents and settings\Family\Application Data\PriceGong\Data\c.txt h:\documents and settings\Family\Application Data\PriceGong\Data\d.txt h:\documents and settings\Family\Application Data\PriceGong\Data\e.txt h:\documents and settings\Family\Application Data\PriceGong\Data\f.txt h:\documents and settings\Family\Application Data\PriceGong\Data\g.txt h:\documents and settings\Family\Application Data\PriceGong\Data\h.txt h:\documents and settings\Family\Application Data\PriceGong\Data\i.txt h:\documents and settings\Family\Application Data\PriceGong\Data\j.txt h:\documents and settings\Family\Application Data\PriceGong\Data\k.txt h:\documents and settings\Family\Application Data\PriceGong\Data\l.txt h:\documents and settings\Family\Application Data\PriceGong\Data\m.txt h:\documents and settings\Family\Application Data\PriceGong\Data\mru.xml h:\documents and settings\Family\Application Data\PriceGong\Data\n.txt h:\documents and settings\Family\Application Data\PriceGong\Data\o.txt h:\documents and settings\Family\Application Data\PriceGong\Data\p.txt h:\documents and settings\Family\Application Data\PriceGong\Data\q.txt h:\documents and settings\Family\Application Data\PriceGong\Data\r.txt h:\documents and settings\Family\Application Data\PriceGong\Data\s.txt h:\documents and settings\Family\Application Data\PriceGong\Data\t.txt h:\documents and settings\Family\Application Data\PriceGong\Data\u.txt h:\documents and settings\Family\Application Data\PriceGong\Data\v.txt h:\documents and settings\Family\Application Data\PriceGong\Data\w.txt h:\documents and settings\Family\Application Data\PriceGong\Data\wlu.txt h:\documents and settings\Family\Application Data\PriceGong\Data\x.txt h:\documents and settings\Family\Application Data\PriceGong\Data\y.txt h:\documents and settings\Family\Application Data\PriceGong\Data\z.txt h:\documents and settings\Family\Application Data\Propellerhead Software\ReCycle h:\documents and settings\Family\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf h:\documents and settings\Family\g2mdlhlpx.exe h:\documents and settings\Family\Recent\Thumbs.db h:\documents and settings\Mikes\10.rns h:\documents and settings\Mikes\11.rns h:\documents and settings\Mikes\12.rns h:\documents and settings\Mikes\13.rns h:\documents and settings\Mikes\14.rns h:\documents and settings\Mikes\15.rns h:\documents and settings\Mikes\16.rns h:\documents and settings\Mikes\18.rns h:\documents and settings\Mikes\21.rns h:\documents and settings\Mikes\22.rns h:\documents and settings\Mikes\472.rns h:\documents and settings\Mikes\6a.rns h:\documents and settings\Mikes\7a.rns h:\documents and settings\Mikes\8a.rns h:\documents and settings\Mikes\8j.rns h:\documents and settings\Mikes\chef kit .drp h:\documents and settings\Mikes\Folder2Iso.exe h:\windows\a3kebook.ini h:\windows\akebook.ini h:\windows\ANS2000.INI h:\windows\EventSystem.log h:\windows\system32\dllcache\dlimport.exe h:\windows\system32\URTTemp h:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 ))))))))))))))))))))))))))))))) . . 2012-08-16 17:11 . 2012-08-16 17:49 -------- d-----w- h:\program files\ProProfs CompTIA A+ Practice Exams 2012-08-16 17:11 . 2012-08-16 17:11 831488 ------w- h:\windows\Setup1.exe 2012-08-16 17:11 . 2012-08-16 17:11 73216 ----a-w- h:\windows\ST6UNST.EXE 2012-08-16 13:42 . 2012-08-16 13:42 -------- d-----w- h:\documents and settings\Family\Local Settings\Application Data\SlimWare Utilities Inc 2012-08-14 19:12 . 2012-08-14 19:12 9232584 ----a-w- h:\windows\system32\FlashPlayerInstaller.exe 2012-08-01 22:51 . 2012-08-11 21:18 -------- d-----w- h:\program files\Citrix 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- h:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-07-26 23:52 . 2012-08-13 20:06 -------- d-----w- h:\documents and settings\Family\Application Data\.techniclauncher 2012-07-22 15:09 . 2012-07-22 15:11 -------- d-----w- h:\documents and settings\Family\Application Data\calibre 2012-07-22 15:08 . 2012-07-22 15:08 -------- d-----w- h:\program files\Calibre2 2012-07-22 14:54 . 2012-07-22 14:54 -------- d-----w- h:\documents and settings\Family\Application Data\Xilisoft 2012-07-22 14:51 . 2012-07-22 15:03 -------- d-----w- h:\documents and settings\All Users\Application Data\blekko toolbars 2012-07-22 14:51 . 2012-07-22 14:51 -------- d-----w- h:\documents and settings\Family\Local Settings\Application Data\blekkotb_031 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 19:12 . 2012-04-03 21:31 426184 ----a-w- h:\windows\system32\FlashPlayerApp.exe 2012-08-14 19:12 . 2011-05-14 12:19 70344 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2012-03-26 11:28 22344 ----a-w- h:\windows\system32\drivers\mbam.sys 2012-06-01 16:04 . 2003-03-19 01:14 499712 ----a-w- h:\windows\system32\msvcp71.dll 2012-06-01 16:04 . 2003-02-21 09:42 348160 ----a-w- h:\windows\system32\msvcr71.dll 1997-07-21 23:30 1045776 --sha-w- h:\windows\system32\Msjet35.dll 1997-06-23 07:00 123664 --sha-w- h:\windows\system32\Msjint35.dll 1997-06-23 16:06 24848 --sha-w- h:\windows\system32\Msjter35.dll 1997-06-23 16:06 252176 --sha-w- h:\windows\system32\Msrd2x35.dll 1997-06-23 16:06 287504 --sha-w- h:\windows\system32\Msxbse35.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "H/PC Connection Agent"="h:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608] "AVG_TRAY"="h:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "IgfxTray"="h:\windows\system32\igfxtray.exe" [2010-01-13 134656] "HotKeysCmds"="h:\windows\system32\hkcmd.exe" [2010-01-13 166912] "Persistence"="h:\windows\system32\igfxpers.exe" [2010-01-13 135680] "QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0h:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=h:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=h:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=h:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=h:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 01:28 59240 ----a-w- h:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C98CF85A63E3CDE4C38D8157EBCF010F6E713B24._service_run] 2012-08-14 04:31 1229848 ----a-w- h:\program files\Google\Chrome\Application\chrome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 17:39 1289000 ----a-w- h:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-01-13 15:46 166912 ----a-w- h:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 04:12 49152 ----a-w- h:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2010-10-19 10:58 1439496 ----a-w- h:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 09:09 421736 ----a-w- h:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher] 2010-03-24 19:42 599328 ----a-w- h:\program files\Sony\PMB\PMBVolumeWatcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 18:28 421888 ----a-w- h:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2012-08-11 21:17 1353080 ----a-w- h:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- h:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-01 16:04 296056 ----a-w- h:\program files\Real\RealPlayer\Update\realsched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "h:\\Program Files\\att-nap\\McciBrowser.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "h:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "h:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "h:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "h:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "h:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "h:\\Program Files\\Steam\\Steam.exe"= "h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "h:\\Program Files\\BitTorrent\\BitTorrent.exe"= "h:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "h:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "h:\\Program Files\\Bonjour\\mDNSResponder.exe"= "h:\\Program Files\\iTunes\\iTunes.exe"= "h:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "h:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "h:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "h:\\Program Files\\Steam\\SteamApps\\common\\dungeon defenders demo\\Binaries\\Win32\\DungeonDefenders.exe"= "h:\\Program Files\\Steam\\SteamApps\\common\\arma 2 free\\ArmA2Free.exe"= "h:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"= "h:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 AVGIDSHX;AVGIDSHX;h:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;h:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952] R1 Avgldx86;AVG AVI Loader Driver;h:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 235216] R1 Avgtdix;AVG TDI Driver;h:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248] R2 avgwd;AVG WatchDog;h:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;h:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224] R2 WDDMService;WD SmartWare Drive Manager;h:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;h:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480] R3 AVGIDSDriver;AVGIDSDriver;h:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856] R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144] R3 AVGIDSShim;AVGIDSShim;h:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232] S2 AVGIDSAgent;AVGIDSAgent;h:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744] S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [1/27/2011 9:06 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:31 PM 250056] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;h:\windows\system32\DRIVERS\bcmwlhigh5.sys --> h:\windows\system32\DRIVERS\bcmwlhigh5.sys [?] S3 cpudrv;cpudrv;h:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336] S3 gupdatem;Google Update Service (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [1/27/2011 9:06 PM 136176] S3 osppsvc;Office Software Protection Platform;h:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;h:\windows\system32\drivers\RTL8192su.sys [2/22/2011 11:17 AM 594048] S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [1/5/2011 8:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2012-08-20 h:\windows\Tasks\Adobe Flash Player Updater.job - h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:12] . 2012-08-18 h:\windows\Tasks\AppleSoftwareUpdate.job - h:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57] . 2012-08-20 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job - h:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 01:06] . 2012-08-20 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job - h:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 01:06] . 2012-08-20 h:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job - h:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21] . 2012-08-20 h:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job - h:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - h:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - . BHO-{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-10 - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-Anti-phishing Domain Advisor - h:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe MSConfigStartUp-Google Update - h:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe AddRemove-Free Audio CD Burner_is1 - h:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - h:\program files\Common Files\DVDVideoSoft\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-19 21:51 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2692) h:\windows\system32\WININET.dll h:\windows\system32\ieframe.dll h:\windows\system32\webcheck.dll h:\windows\system32\WPDShServiceObj.dll h:\windows\system32\PortableDeviceTypes.dll h:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . h:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe h:\program files\Bonjour\mDNSResponder.exe h:\program files\Java\jre6\bin\jqs.exe h:\program files\Common Files\Motive\McciCMService.exe h:\windows\system32\HPZipm12.exe h:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe h:\windows\RTHDCPL.EXE h:\windows\system32\igfxsrvc.exe h:\progra~1\MICROS~3\rapimgr.exe h:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-08-19 21:55:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-20 01:54 . Pre-Run: 580,198,854,656 bytes free Post-Run: 580,509,679,616 bytes free . - - End Of File - - A101E376F1C64F074042970686A3D18F
- August 20, 2012
- 17 replies
redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

15:04:47.0125 2940 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 15:04:47.0406 2940 ============================================================ 15:04:47.0406 2940 Current date / time: 2012/08/19 15:04:47.0406 15:04:47.0406 2940 SystemInfo: 15:04:47.0406 2940 15:04:47.0406 2940 OS Version: 5.1.2600 ServicePack: 3.0 15:04:47.0406 2940 Product type: Workstation 15:04:47.0406 2940 ComputerName: ROBERTSON 15:04:47.0406 2940 UserName: Family 15:04:47.0406 2940 Windows directory: H:\WINDOWS 15:04:47.0406 2940 System windows directory: H:\WINDOWS 15:04:47.0406 2940 Processor architecture: Intel x86 15:04:47.0406 2940 Number of processors: 2 15:04:47.0406 2940 Page size: 0x1000 15:04:47.0406 2940 Boot type: Normal boot 15:04:47.0406 2940 ============================================================ 15:04:48.0546 2940 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:04:48.0625 2940 ============================================================ 15:04:48.0625 2940 \Device\Harddisk0\DR0: 15:04:48.0625 2940 MBR partitions: 15:04:48.0625 2940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1 15:04:48.0625 2940 ============================================================ 15:04:48.0656 2940 H: <-> \Device\Harddisk0\DR0\Partition1 15:04:48.0656 2940 ============================================================ 15:04:48.0656 2940 Initialize success 15:04:48.0656 2940 ============================================================ 15:04:56.0703 0180 ============================================================ 15:04:56.0703 0180 Scan started 15:04:56.0703 0180 Mode: Manual; SigCheck; TDLFS; 15:04:56.0703 0180 ============================================================ 15:04:57.0140 0180 ================ Scan services ============================= 15:04:57.0203 0180 Abiosdsk - ok 15:04:57.0203 0180 abp480n5 - ok 15:04:57.0250 0180 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI H:\WINDOWS\system32\DRIVERS\ACPI.sys 15:04:57.0703 0180 ACPI - ok 15:04:57.0765 0180 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC H:\WINDOWS\system32\drivers\ACPIEC.sys 15:04:57.0828 0180 ACPIEC - ok 15:04:57.0875 0180 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:04:57.0875 0180 AdobeFlashPlayerUpdateSvc - ok 15:04:57.0890 0180 adpu160m - ok 15:04:57.0890 0180 [ 8bed39e3c35d6a489438b8141717a557 ] aec H:\WINDOWS\system32\drivers\aec.sys 15:04:57.0968 0180 aec - ok 15:04:58.0015 0180 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD H:\WINDOWS\System32\drivers\afd.sys 15:04:58.0062 0180 AFD - ok 15:04:58.0062 0180 Aha154x - ok 15:04:58.0062 0180 aic78u2 - ok 15:04:58.0062 0180 aic78xx - ok 15:04:58.0093 0180 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter H:\WINDOWS\system32\alrsvc.dll 15:04:58.0171 0180 Alerter - ok 15:04:58.0171 0180 [ 8c515081584a38aa007909cd02020b3d ] ALG H:\WINDOWS\System32\alg.exe 15:04:58.0250 0180 ALG - ok 15:04:58.0250 0180 AliIde - ok 15:04:58.0250 0180 amsint - ok 15:04:58.0343 0180 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:04:58.0359 0180 Apple Mobile Device - ok 15:04:58.0375 0180 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt H:\WINDOWS\System32\appmgmts.dll 15:04:58.0453 0180 AppMgmt - ok 15:04:58.0453 0180 asc - ok 15:04:58.0468 0180 asc3350p - ok 15:04:58.0468 0180 asc3550 - ok 15:04:58.0546 0180 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 15:04:58.0562 0180 aspnet_state - ok 15:04:58.0593 0180 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac H:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:04:58.0671 0180 AsyncMac - ok 15:04:58.0671 0180 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi H:\WINDOWS\system32\DRIVERS\atapi.sys 15:04:58.0750 0180 atapi - ok 15:04:58.0765 0180 Atdisk - ok 15:04:58.0781 0180 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc H:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:04:58.0859 0180 Atmarpc - ok 15:04:58.0890 0180 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv H:\WINDOWS\System32\audiosrv.dll 15:04:58.0968 0180 AudioSrv - ok 15:04:59.0000 0180 [ d9f724aa26c010a217c97606b160ed68 ] audstub H:\WINDOWS\system32\DRIVERS\audstub.sys 15:04:59.0062 0180 audstub - ok 15:04:59.0203 0180 [ ba60fd7a64b9759a14c0fba4a9ed4c7b ] AVGIDSAgent H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 15:04:59.0328 0180 AVGIDSAgent - ok 15:04:59.0343 0180 [ 1074f787080068c71303b61fae7e7ca4 ] AVGIDSDriver H:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 15:04:59.0375 0180 AVGIDSDriver - ok 15:04:59.0375 0180 [ 61a7e0b02f82cff3db2445bbe50b3589 ] AVGIDSFilter H:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys 15:04:59.0390 0180 AVGIDSFilter - ok 15:04:59.0390 0180 [ d63d83659eedf60b3a3e620281a888e5 ] AVGIDSHX H:\WINDOWS\system32\DRIVERS\avgidshx.sys 15:04:59.0390 0180 AVGIDSHX - ok 15:04:59.0406 0180 [ baf975b72062f53d327788e99d64197e ] AVGIDSShim H:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 15:04:59.0421 0180 AVGIDSShim - ok 15:04:59.0421 0180 [ dda6a2a18841e4c9172bb85958b8d948 ] Avgldx86 H:\WINDOWS\system32\DRIVERS\avgldx86.sys 15:04:59.0437 0180 Avgldx86 - ok 15:04:59.0437 0180 [ ccdd61545aaea265977e4b1efdc74e8c ] Avgmfx86 H:\WINDOWS\system32\DRIVERS\avgmfx86.sys 15:04:59.0453 0180 Avgmfx86 - ok 15:04:59.0453 0180 [ 1fd90b28d2c3100bf4500199c8ad6358 ] Avgrkx86 H:\WINDOWS\system32\DRIVERS\avgrkx86.sys 15:04:59.0453 0180 Avgrkx86 - ok 15:04:59.0468 0180 [ 1263f2554ace925c237a40b4c568d815 ] Avgtdix H:\WINDOWS\system32\DRIVERS\avgtdix.sys 15:04:59.0484 0180 Avgtdix - ok 15:04:59.0515 0180 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd H:\Program Files\AVG\AVG2012\avgwdsvc.exe 15:04:59.0531 0180 avgwd - ok 15:04:59.0531 0180 BCMH43XX - ok 15:04:59.0562 0180 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep H:\WINDOWS\system32\drivers\Beep.sys 15:04:59.0625 0180 Beep - ok 15:04:59.0640 0180 [ 574738f61fca2935f5265dc4e5691314 ] BITS H:\WINDOWS\system32\qmgr.dll 15:04:59.0734 0180 BITS - ok 15:04:59.0781 0180 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service H:\Program Files\Bonjour\mDNSResponder.exe 15:04:59.0796 0180 Bonjour Service - ok 15:04:59.0812 0180 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser H:\WINDOWS\System32\browser.dll 15:04:59.0875 0180 Browser - ok 15:04:59.0906 0180 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k H:\WINDOWS\system32\drivers\cbidf2k.sys 15:04:59.0968 0180 cbidf2k - ok 15:05:00.0000 0180 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE H:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:05:00.0062 0180 CCDECODE - ok 15:05:00.0062 0180 cd20xrnt - ok 15:05:00.0093 0180 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio H:\WINDOWS\system32\drivers\Cdaudio.sys 15:05:00.0171 0180 Cdaudio - ok 15:05:00.0171 0180 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs H:\WINDOWS\system32\drivers\Cdfs.sys 15:05:00.0234 0180 Cdfs - ok 15:05:00.0265 0180 [ 4b0a100eaf5c49ef3cca8c641431eacc ] Cdrom H:\WINDOWS\system32\DRIVERS\cdrom.sys 15:05:00.0281 0180 Cdrom - ok 15:05:00.0312 0180 [ 84853b3fd012251690570e9e7e43343f ] cercsr6 H:\WINDOWS\system32\drivers\cercsr6.sys 15:05:00.0312 0180 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 15:05:00.0312 0180 cercsr6 - detected UnsignedFile.Multi.Generic (1) 15:05:00.0328 0180 Changer - ok 15:05:00.0328 0180 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc H:\WINDOWS\system32\cisvc.exe 15:05:00.0406 0180 CiSvc - ok 15:05:00.0406 0180 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv H:\WINDOWS\system32\clipsrv.exe 15:05:00.0484 0180 ClipSrv - ok 15:05:00.0515 0180 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:05:00.0531 0180 clr_optimization_v2.0.50727_32 - ok 15:05:00.0562 0180 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:05:00.0562 0180 clr_optimization_v4.0.30319_32 - ok 15:05:00.0578 0180 CmdIde - ok 15:05:00.0578 0180 COMSysApp - ok 15:05:00.0578 0180 Cpqarray - ok 15:05:00.0625 0180 [ d01f685f8b4598d144b0cce9ff95d8d5 ] cpudrv H:\Program Files\SystemRequirementsLab\cpudrv.sys 15:05:00.0640 0180 cpudrv - ok 15:05:00.0640 0180 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc H:\WINDOWS\System32\cryptsvc.dll 15:05:00.0703 0180 CryptSvc - ok 15:05:00.0703 0180 dac2w2k - ok 15:05:00.0703 0180 dac960nt - ok 15:05:00.0734 0180 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch H:\WINDOWS\system32\rpcss.dll 15:05:00.0765 0180 DcomLaunch - ok 15:05:00.0812 0180 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp H:\WINDOWS\System32\dhcpcsvc.dll 15:05:00.0875 0180 Dhcp - ok 15:05:00.0890 0180 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk H:\WINDOWS\system32\DRIVERS\disk.sys 15:05:00.0953 0180 Disk - ok 15:05:00.0953 0180 dmadmin - ok 15:05:00.0984 0180 [ d992fe1274bde0f84ad826acae022a41 ] dmboot H:\WINDOWS\system32\drivers\dmboot.sys 15:05:01.0062 0180 dmboot - ok 15:05:01.0062 0180 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio H:\WINDOWS\system32\drivers\dmio.sys 15:05:01.0125 0180 dmio - ok 15:05:01.0156 0180 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload H:\WINDOWS\system32\drivers\dmload.sys 15:05:01.0218 0180 dmload - ok 15:05:01.0218 0180 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver H:\WINDOWS\System32\dmserver.dll 15:05:01.0281 0180 dmserver - ok 15:05:01.0312 0180 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic H:\WINDOWS\system32\drivers\DMusic.sys 15:05:01.0375 0180 DMusic - ok 15:05:01.0390 0180 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache H:\WINDOWS\System32\dnsrslvr.dll 15:05:01.0437 0180 Dnscache - ok 15:05:01.0468 0180 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc H:\WINDOWS\System32\dot3svc.dll 15:05:01.0546 0180 Dot3svc - ok 15:05:01.0546 0180 dpti2o - ok 15:05:01.0562 0180 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud H:\WINDOWS\system32\drivers\drmkaud.sys 15:05:01.0625 0180 drmkaud - ok 15:05:01.0656 0180 [ 34aaa3b298a852b3663e6e0d94d12945 ] e1express H:\WINDOWS\system32\DRIVERS\e1e5132.sys 15:05:01.0656 0180 e1express - ok 15:05:01.0687 0180 [ 2187855a7703adef0cef9ee4285182cc ] EapHost H:\WINDOWS\System32\eapsvc.dll 15:05:01.0750 0180 EapHost - ok 15:05:01.0750 0180 [ bc93b4a066477954555966d77fec9ecb ] ERSvc H:\WINDOWS\System32\ersvc.dll 15:05:01.0828 0180 ERSvc - ok 15:05:01.0859 0180 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog H:\WINDOWS\system32\services.exe 15:05:01.0890 0180 Eventlog - ok 15:05:01.0921 0180 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem H:\WINDOWS\system32\es.dll 15:05:01.0937 0180 EventSystem - ok 15:05:01.0953 0180 [ 38d332a6d56af32635675f132548343e ] Fastfat H:\WINDOWS\system32\drivers\Fastfat.sys 15:05:02.0015 0180 Fastfat - ok 15:05:02.0046 0180 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility H:\WINDOWS\System32\shsvcs.dll 15:05:02.0078 0180 FastUserSwitchingCompatibility - ok 15:05:02.0093 0180 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc H:\WINDOWS\system32\drivers\Fdc.sys 15:05:02.0156 0180 Fdc - ok 15:05:02.0156 0180 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips H:\WINDOWS\system32\drivers\Fips.sys 15:05:02.0218 0180 Fips - ok 15:05:02.0218 0180 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk H:\WINDOWS\system32\drivers\Flpydisk.sys 15:05:02.0296 0180 Flpydisk - ok 15:05:02.0312 0180 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr H:\WINDOWS\system32\drivers\fltmgr.sys 15:05:02.0375 0180 FltMgr - ok 15:05:02.0437 0180 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:05:02.0453 0180 FontCache3.0.0.0 - ok 15:05:02.0453 0180 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec H:\WINDOWS\system32\drivers\Fs_Rec.sys 15:05:02.0515 0180 Fs_Rec - ok 15:05:02.0531 0180 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk H:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:05:02.0609 0180 Ftdisk - ok 15:05:02.0625 0180 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:05:02.0625 0180 GEARAspiWDM - ok 15:05:02.0640 0180 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc H:\WINDOWS\system32\DRIVERS\msgpc.sys 15:05:02.0718 0180 Gpc - ok 15:05:02.0765 0180 [ f02a533f517eb38333cb12a9e8963773 ] gupdate H:\Program Files\Google\Update\GoogleUpdate.exe 15:05:02.0781 0180 gupdate - ok 15:05:02.0781 0180 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem H:\Program Files\Google\Update\GoogleUpdate.exe 15:05:02.0796 0180 gupdatem - ok 15:05:02.0812 0180 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:05:02.0828 0180 gusvc - ok 15:05:02.0828 0180 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus H:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:05:02.0906 0180 HDAudBus - ok 15:05:02.0953 0180 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:05:03.0015 0180 helpsvc - ok 15:05:03.0015 0180 HidServ - ok 15:05:03.0015 0180 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb H:\WINDOWS\system32\DRIVERS\hidusb.sys 15:05:03.0078 0180 hidusb - ok 15:05:03.0093 0180 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc H:\WINDOWS\System32\kmsvc.dll 15:05:03.0171 0180 hkmsvc - ok 15:05:03.0171 0180 hpn - ok 15:05:03.0203 0180 [ 9f1d80908658eb7f1bf70809e0b51470 ] HPZid412 H:\WINDOWS\system32\DRIVERS\HPZid412.sys 15:05:03.0234 0180 HPZid412 - ok 15:05:03.0234 0180 [ f7e3e9d50f9cd3de28085a8fdaa0a1c3 ] HPZipr12 H:\WINDOWS\system32\DRIVERS\HPZipr12.sys 15:05:03.0296 0180 HPZipr12 - ok 15:05:03.0328 0180 [ cf1b7951b4ec8d13f3c93b74bb2b461b ] HPZius12 H:\WINDOWS\system32\DRIVERS\HPZius12.sys 15:05:03.0375 0180 HPZius12 - ok 15:05:03.0406 0180 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP H:\WINDOWS\system32\Drivers\HTTP.sys 15:05:03.0453 0180 HTTP - ok 15:05:03.0468 0180 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter H:\WINDOWS\System32\w3ssl.dll 15:05:03.0531 0180 HTTPFilter - ok 15:05:03.0531 0180 i2omgmt - ok 15:05:03.0531 0180 i2omp - ok 15:05:03.0546 0180 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt H:\WINDOWS\system32\drivers\i8042prt.sys 15:05:03.0625 0180 i8042prt - ok 15:05:03.0687 0180 [ c5db546f9028cd00e64335091860d8f3 ] ialm H:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:05:03.0765 0180 ialm - ok 15:05:03.0828 0180 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:05:03.0859 0180 idsvc - ok 15:05:03.0859 0180 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi H:\WINDOWS\system32\DRIVERS\imapi.sys 15:05:03.0937 0180 Imapi - ok 15:05:03.0968 0180 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService H:\WINDOWS\system32\imapi.exe 15:05:04.0046 0180 ImapiService - ok 15:05:04.0046 0180 ini910u - ok 15:05:04.0156 0180 [ 17bbbabb21f86b650b2626045a9d016c ] IntcAzAudAddService H:\WINDOWS\system32\drivers\RtkHDAud.sys 15:05:04.0281 0180 IntcAzAudAddService - ok 15:05:04.0281 0180 IntelIde - ok 15:05:04.0312 0180 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm H:\WINDOWS\system32\DRIVERS\intelppm.sys 15:05:04.0375 0180 intelppm - ok 15:05:04.0390 0180 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw H:\WINDOWS\system32\drivers\ip6fw.sys 15:05:04.0453 0180 Ip6Fw - ok 15:05:04.0468 0180 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:05:04.0546 0180 IpFilterDriver - ok 15:05:04.0593 0180 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp H:\WINDOWS\system32\DRIVERS\ipinip.sys 15:05:04.0656 0180 IpInIp - ok 15:05:04.0656 0180 [ cc748ea12c6effde940ee98098bf96bb ] IpNat H:\WINDOWS\system32\DRIVERS\ipnat.sys 15:05:04.0734 0180 IpNat - ok 15:05:04.0781 0180 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service H:\Program Files\iPod\bin\iPodService.exe 15:05:04.0812 0180 iPod Service - ok 15:05:04.0812 0180 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec H:\WINDOWS\system32\DRIVERS\ipsec.sys 15:05:04.0906 0180 IPSec - ok 15:05:04.0921 0180 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM H:\WINDOWS\system32\DRIVERS\irenum.sys 15:05:05.0000 0180 IRENUM - ok 15:05:05.0031 0180 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp H:\WINDOWS\system32\DRIVERS\isapnp.sys 15:05:05.0109 0180 isapnp - ok 15:05:05.0171 0180 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService H:\Program Files\Java\jre6\bin\jqs.exe 15:05:05.0171 0180 JavaQuickStarterService - ok 15:05:05.0187 0180 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass H:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:05:05.0250 0180 Kbdclass - ok 15:05:05.0250 0180 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid H:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:05:05.0312 0180 kbdhid - ok 15:05:05.0328 0180 [ 692bcf44383d056aed41b045a323d378 ] kmixer H:\WINDOWS\system32\drivers\kmixer.sys 15:05:05.0390 0180 kmixer - ok 15:05:05.0421 0180 [ b467646c54cc746128904e1654c750c1 ] KSecDD H:\WINDOWS\system32\drivers\KSecDD.sys 15:05:05.0453 0180 KSecDD - ok 15:05:05.0500 0180 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver H:\WINDOWS\System32\srvsvc.dll 15:05:05.0531 0180 lanmanserver - ok 15:05:05.0546 0180 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation H:\WINDOWS\System32\wkssvc.dll 15:05:05.0578 0180 lanmanworkstation - ok 15:05:05.0578 0180 lbrtfdc - ok 15:05:05.0625 0180 [ a7db739ae99a796d91580147e919cc59 ] LmHosts H:\WINDOWS\System32\lmhsvc.dll 15:05:05.0687 0180 LmHosts - ok 15:05:05.0718 0180 [ 4f74184920b2d6e33024409b4c5c57c1 ] McciCMService H:\Program Files\Common Files\Motive\McciCMService.exe 15:05:05.0734 0180 McciCMService ( UnsignedFile.Multi.Generic ) - warning 15:05:05.0734 0180 McciCMService - detected UnsignedFile.Multi.Generic (1) 15:05:05.0750 0180 [ 8fd868e32459ece2a1bb0169f513d31e ] mcdbus H:\WINDOWS\system32\DRIVERS\mcdbus.sys 15:05:05.0765 0180 mcdbus ( UnsignedFile.Multi.Generic ) - warning 15:05:05.0765 0180 mcdbus - detected UnsignedFile.Multi.Generic (1) 15:05:05.0796 0180 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger H:\WINDOWS\System32\msgsvc.dll 15:05:05.0875 0180 Messenger - ok 15:05:05.0890 0180 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd H:\WINDOWS\system32\drivers\mnmdd.sys 15:05:05.0953 0180 mnmdd - ok 15:05:05.0984 0180 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc H:\WINDOWS\system32\mnmsrvc.exe 15:05:06.0046 0180 mnmsrvc - ok 15:05:06.0078 0180 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem H:\WINDOWS\system32\drivers\Modem.sys 15:05:06.0140 0180 Modem - ok 15:05:06.0156 0180 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass H:\WINDOWS\system32\DRIVERS\mouclass.sys 15:05:06.0218 0180 Mouclass - ok 15:05:06.0234 0180 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid H:\WINDOWS\system32\DRIVERS\mouhid.sys 15:05:06.0296 0180 mouhid - ok 15:05:06.0312 0180 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr H:\WINDOWS\system32\drivers\MountMgr.sys 15:05:06.0375 0180 MountMgr - ok 15:05:06.0375 0180 mraid35x - ok 15:05:06.0390 0180 [ 80b2ec735495823ae5771a5f603e73bd ] MREMP50 H:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 15:05:06.0390 0180 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 15:05:06.0390 0180 MREMP50 - detected UnsignedFile.Multi.Generic (1) 15:05:06.0390 0180 MREMP50a64 - ok 15:05:06.0390 0180 [ 37d7c22f7e26da90e2d2d260e5d27846 ] MRESP50 H:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 15:05:06.0406 0180 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 15:05:06.0406 0180 MRESP50 - detected UnsignedFile.Multi.Generic (1) 15:05:06.0406 0180 MRESP50a64 - ok 15:05:06.0421 0180 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV H:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:05:06.0484 0180 MRxDAV - ok 15:05:06.0500 0180 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb H:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:05:06.0531 0180 MRxSmb - ok 15:05:06.0531 0180 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC H:\WINDOWS\system32\msdtc.exe 15:05:06.0609 0180 MSDTC - ok 15:05:06.0609 0180 [ c941ea2454ba8350021d774daf0f1027 ] Msfs H:\WINDOWS\system32\drivers\Msfs.sys 15:05:06.0671 0180 Msfs - ok 15:05:06.0671 0180 MSIServer - ok 15:05:06.0687 0180 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV H:\WINDOWS\system32\drivers\MSKSSRV.sys 15:05:06.0750 0180 MSKSSRV - ok 15:05:06.0750 0180 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK H:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:05:06.0812 0180 MSPCLOCK - ok 15:05:06.0812 0180 [ bad59648ba099da4a17680b39730cb3d ] MSPQM H:\WINDOWS\system32\drivers\MSPQM.sys 15:05:06.0875 0180 MSPQM - ok 15:05:06.0906 0180 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios H:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:05:06.0968 0180 mssmbios - ok 15:05:06.0968 0180 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE H:\WINDOWS\system32\drivers\MSTEE.sys 15:05:07.0031 0180 MSTEE - ok 15:05:07.0031 0180 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup H:\WINDOWS\system32\drivers\Mup.sys 15:05:07.0046 0180 Mup - ok 15:05:07.0046 0180 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:05:07.0109 0180 NABTSFEC - ok 15:05:07.0140 0180 [ 0102140028fad045756796e1c685d695 ] napagent H:\WINDOWS\System32\qagentrt.dll 15:05:07.0218 0180 napagent - ok 15:05:07.0218 0180 [ 1df7f42665c94b825322fae71721130d ] NDIS H:\WINDOWS\system32\drivers\NDIS.sys 15:05:07.0281 0180 NDIS - ok 15:05:07.0281 0180 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP H:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:05:07.0343 0180 NdisIP - ok 15:05:07.0359 0180 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi H:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:05:07.0359 0180 NdisTapi - ok 15:05:07.0375 0180 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio H:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:05:07.0437 0180 Ndisuio - ok 15:05:07.0453 0180 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan H:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:05:07.0515 0180 NdisWan - ok 15:05:07.0546 0180 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy H:\WINDOWS\system32\drivers\NDProxy.sys 15:05:07.0578 0180 NDProxy - ok 15:05:07.0578 0180 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS H:\WINDOWS\system32\DRIVERS\netbios.sys 15:05:07.0640 0180 NetBIOS - ok 15:05:07.0656 0180 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT H:\WINDOWS\system32\DRIVERS\netbt.sys 15:05:07.0734 0180 NetBT - ok 15:05:07.0734 0180 [ b857ba82860d7ff85ae29b095645563b ] NetDDE H:\WINDOWS\system32\netdde.exe 15:05:07.0812 0180 NetDDE - ok 15:05:07.0812 0180 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm H:\WINDOWS\system32\netdde.exe 15:05:07.0875 0180 NetDDEdsdm - ok 15:05:07.0890 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon H:\WINDOWS\system32\lsass.exe 15:05:07.0953 0180 Netlogon - ok 15:05:07.0968 0180 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman H:\WINDOWS\System32\netman.dll 15:05:08.0031 0180 Netman - ok 15:05:08.0093 0180 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 15:05:08.0093 0180 NetTcpPortSharing - ok 15:05:08.0140 0180 [ 943337d786a56729263071623bbb9de5 ] Nla H:\WINDOWS\System32\mswsock.dll 15:05:08.0171 0180 Nla - ok 15:05:08.0171 0180 NPF - ok 15:05:08.0171 0180 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs H:\WINDOWS\system32\drivers\Npfs.sys 15:05:08.0234 0180 Npfs - ok 15:05:08.0234 0180 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs H:\WINDOWS\system32\drivers\Ntfs.sys 15:05:08.0312 0180 Ntfs - ok 15:05:08.0312 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp H:\WINDOWS\system32\lsass.exe 15:05:08.0375 0180 NtLmSsp - ok 15:05:08.0390 0180 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc H:\WINDOWS\system32\ntmssvc.dll 15:05:08.0468 0180 NtmsSvc - ok 15:05:08.0468 0180 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null H:\WINDOWS\system32\drivers\Null.sys 15:05:08.0546 0180 Null - ok 15:05:08.0578 0180 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:05:08.0640 0180 NwlnkFlt - ok 15:05:08.0656 0180 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:05:08.0718 0180 NwlnkFwd - ok 15:05:08.0718 0180 OMCI - ok 15:05:08.0765 0180 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:05:08.0781 0180 ose - ok 15:05:08.0921 0180 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:05:09.0093 0180 osppsvc - ok 15:05:09.0109 0180 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport H:\WINDOWS\system32\drivers\Parport.sys 15:05:09.0171 0180 Parport - ok 15:05:09.0171 0180 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr H:\WINDOWS\system32\drivers\PartMgr.sys 15:05:09.0234 0180 PartMgr - ok 15:05:09.0265 0180 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm H:\WINDOWS\system32\drivers\ParVdm.sys 15:05:09.0343 0180 ParVdm - ok 15:05:09.0359 0180 [ a219903ccf74233761d92bef471a07b1 ] PCI H:\WINDOWS\system32\DRIVERS\pci.sys 15:05:09.0421 0180 PCI - ok 15:05:09.0421 0180 PCIDump - ok 15:05:09.0421 0180 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde H:\WINDOWS\system32\DRIVERS\pciide.sys 15:05:09.0484 0180 PCIIde - ok 15:05:09.0500 0180 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia H:\WINDOWS\system32\drivers\Pcmcia.sys 15:05:09.0562 0180 Pcmcia - ok 15:05:09.0562 0180 PDCOMP - ok 15:05:09.0578 0180 PDFRAME - ok 15:05:09.0578 0180 PDRELI - ok 15:05:09.0578 0180 PDRFRAME - ok 15:05:09.0578 0180 perc2 - ok 15:05:09.0578 0180 perc2hib - ok 15:05:09.0593 0180 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay H:\WINDOWS\system32\services.exe 15:05:09.0625 0180 PlugPlay - ok 15:05:09.0703 0180 [ 627fa58adc043704f9d14ca44340956f ] PMBDeviceInfoProvider H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe 15:05:09.0750 0180 PMBDeviceInfoProvider - ok 15:05:09.0796 0180 [ 9d84376931440f3679beef2a414fa493 ] Pml Driver HPZ12 H:\WINDOWS\system32\HPZipm12.exe 15:05:09.0796 0180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:05:09.0796 0180 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:05:09.0796 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent H:\WINDOWS\system32\lsass.exe 15:05:09.0859 0180 PolicyAgent - ok 15:05:09.0875 0180 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport H:\WINDOWS\system32\DRIVERS\raspptp.sys 15:05:09.0937 0180 PptpMiniport - ok 15:05:09.0937 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage H:\WINDOWS\system32\lsass.exe 15:05:10.0000 0180 ProtectedStorage - ok 15:05:10.0015 0180 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched H:\WINDOWS\system32\DRIVERS\psched.sys 15:05:10.0078 0180 PSched - ok 15:05:10.0078 0180 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink H:\WINDOWS\system32\DRIVERS\ptilink.sys 15:05:10.0140 0180 Ptilink - ok 15:05:10.0156 0180 [ 7c81ae3c9b82ba2da437ed4d31bc56cf ] PxHelp20 H:\WINDOWS\system32\Drivers\PxHelp20.sys 15:05:10.0156 0180 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 15:05:10.0156 0180 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 15:05:10.0187 0180 [ ee46f431b25c14778d2e89d6f10f1d65 ] QBCFMonitorService H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 15:05:10.0203 0180 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning 15:05:10.0203 0180 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1) 15:05:10.0218 0180 [ 6bee1814470dc12fa20c53dfc3c97ebb ] QBFCService H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 15:05:10.0218 0180 QBFCService ( UnsignedFile.Multi.Generic ) - warning 15:05:10.0218 0180 QBFCService - detected UnsignedFile.Multi.Generic (1) 15:05:10.0234 0180 ql1080 - ok 15:05:10.0234 0180 Ql10wnt - ok 15:05:10.0234 0180 ql12160 - ok 15:05:10.0234 0180 ql1240 - ok 15:05:10.0234 0180 ql1280 - ok 15:05:10.0265 0180 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd H:\WINDOWS\system32\DRIVERS\rasacd.sys 15:05:10.0328 0180 RasAcd - ok 15:05:10.0359 0180 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto H:\WINDOWS\System32\rasauto.dll 15:05:10.0421 0180 RasAuto - ok 15:05:10.0437 0180 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp H:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:05:10.0515 0180 Rasl2tp - ok 15:05:10.0546 0180 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan H:\WINDOWS\System32\rasmans.dll 15:05:10.0625 0180 RasMan - ok 15:05:10.0625 0180 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe H:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:05:10.0687 0180 RasPppoe - ok 15:05:10.0687 0180 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti H:\WINDOWS\system32\DRIVERS\raspti.sys 15:05:10.0750 0180 Raspti - ok 15:05:10.0765 0180 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss H:\WINDOWS\system32\DRIVERS\rdbss.sys 15:05:10.0828 0180 Rdbss - ok 15:05:10.0828 0180 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD H:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:05:10.0906 0180 RDPCDD - ok 15:05:10.0921 0180 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr H:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:05:10.0984 0180 rdpdr - ok 15:05:11.0015 0180 [ 5b3055daa788bd688594d2f5981f2a83 ] RDPWD H:\WINDOWS\system32\drivers\RDPWD.sys 15:05:11.0046 0180 RDPWD - ok 15:05:11.0062 0180 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr H:\WINDOWS\system32\sessmgr.exe 15:05:11.0125 0180 RDSessMgr - ok 15:05:11.0125 0180 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook H:\WINDOWS\system32\DRIVERS\redbook.sys 15:05:11.0203 0180 redbook - ok 15:05:11.0218 0180 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess H:\WINDOWS\System32\mprdim.dll 15:05:11.0296 0180 RemoteAccess - ok 15:05:11.0328 0180 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry H:\WINDOWS\system32\regsvc.dll 15:05:11.0390 0180 RemoteRegistry - ok 15:05:11.0421 0180 [ f17713d108aca124a139fde877eef68a ] RimUsb H:\WINDOWS\system32\Drivers\RimUsb.sys 15:05:11.0453 0180 RimUsb - ok 15:05:11.0453 0180 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator H:\WINDOWS\system32\locator.exe 15:05:11.0515 0180 RpcLocator - ok 15:05:11.0546 0180 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs H:\WINDOWS\system32\rpcss.dll 15:05:11.0578 0180 RpcSs - ok 15:05:11.0593 0180 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP H:\WINDOWS\system32\rsvp.exe 15:05:11.0671 0180 RSVP - ok 15:05:11.0687 0180 [ b29eeb1ea7971bd83069eb2e2258d224 ] RTL8192su H:\WINDOWS\system32\DRIVERS\RTL8192su.sys 15:05:11.0734 0180 RTL8192su - ok 15:05:11.0750 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs H:\WINDOWS\system32\lsass.exe 15:05:11.0812 0180 SamSs - ok 15:05:11.0812 0180 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr H:\WINDOWS\System32\SCardSvr.exe 15:05:11.0890 0180 SCardSvr - ok 15:05:11.0890 0180 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule H:\WINDOWS\system32\schedsvc.dll 15:05:11.0968 0180 Schedule - ok 15:05:11.0984 0180 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv H:\WINDOWS\system32\DRIVERS\secdrv.sys 15:05:12.0046 0180 Secdrv - ok 15:05:12.0062 0180 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon H:\WINDOWS\System32\seclogon.dll 15:05:12.0125 0180 seclogon - ok 15:05:12.0140 0180 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS H:\WINDOWS\system32\sens.dll 15:05:12.0203 0180 SENS - ok 15:05:12.0203 0180 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial H:\WINDOWS\system32\drivers\Serial.sys 15:05:12.0265 0180 Serial - ok 15:05:12.0296 0180 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy H:\WINDOWS\system32\drivers\Sfloppy.sys 15:05:12.0375 0180 Sfloppy - ok 15:05:12.0406 0180 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess H:\WINDOWS\System32\ipnathlp.dll 15:05:12.0468 0180 SharedAccess - ok 15:05:12.0484 0180 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection H:\WINDOWS\System32\shsvcs.dll 15:05:12.0500 0180 ShellHWDetection - ok 15:05:12.0500 0180 Simbad - ok 15:05:12.0515 0180 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP H:\WINDOWS\system32\DRIVERS\SLIP.sys 15:05:12.0578 0180 SLIP - ok 15:05:12.0578 0180 Sparrow - ok 15:05:12.0578 0180 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter H:\WINDOWS\system32\drivers\splitter.sys 15:05:12.0640 0180 splitter - ok 15:05:12.0671 0180 [ 60784f891563fb1b767f70117fc2428f ] Spooler H:\WINDOWS\system32\spoolsv.exe 15:05:12.0703 0180 Spooler - ok 15:05:12.0718 0180 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr H:\WINDOWS\system32\DRIVERS\sr.sys 15:05:12.0781 0180 sr - ok 15:05:12.0812 0180 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice H:\WINDOWS\system32\srsvc.dll 15:05:12.0875 0180 srservice - ok 15:05:12.0890 0180 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv H:\WINDOWS\system32\DRIVERS\srv.sys 15:05:12.0906 0180 Srv - ok 15:05:12.0968 0180 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV H:\WINDOWS\System32\ssdpsrv.dll 15:05:13.0031 0180 SSDPSRV - ok 15:05:13.0062 0180 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc H:\WINDOWS\system32\wiaservc.dll 15:05:13.0125 0180 stisvc - ok 15:05:13.0140 0180 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip H:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:05:13.0203 0180 streamip - ok 15:05:13.0203 0180 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum H:\WINDOWS\system32\DRIVERS\swenum.sys 15:05:13.0281 0180 swenum - ok 15:05:13.0281 0180 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi H:\WINDOWS\system32\drivers\swmidi.sys 15:05:13.0343 0180 swmidi - ok 15:05:13.0343 0180 SwPrv - ok 15:05:13.0359 0180 symc810 - ok 15:05:13.0359 0180 symc8xx - ok 15:05:13.0359 0180 sym_hi - ok 15:05:13.0359 0180 sym_u3 - ok 15:05:13.0390 0180 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio H:\WINDOWS\system32\drivers\sysaudio.sys 15:05:13.0453 0180 sysaudio - ok 15:05:13.0468 0180 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog H:\WINDOWS\system32\smlogsvc.exe 15:05:13.0531 0180 SysmonLog - ok 15:05:13.0546 0180 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv H:\WINDOWS\System32\tapisrv.dll 15:05:13.0609 0180 TapiSrv - ok 15:05:13.0656 0180 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip H:\WINDOWS\system32\DRIVERS\tcpip.sys 15:05:13.0687 0180 Tcpip - ok 15:05:13.0718 0180 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE H:\WINDOWS\system32\drivers\TDPIPE.sys 15:05:13.0781 0180 TDPIPE - ok 15:05:13.0781 0180 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP H:\WINDOWS\system32\drivers\TDTCP.sys 15:05:13.0843 0180 TDTCP - ok 15:05:13.0859 0180 [ 88155247177638048422893737429d9e ] TermDD H:\WINDOWS\system32\DRIVERS\termdd.sys 15:05:13.0921 0180 TermDD - ok 15:05:13.0937 0180 [ ff3477c03be7201c294c35f684b3479f ] TermService H:\WINDOWS\System32\termsrv.dll 15:05:14.0000 0180 TermService - ok 15:05:14.0015 0180 [ 99bc0b50f511924348be19c7c7313bbf ] Themes H:\WINDOWS\System32\shsvcs.dll 15:05:14.0031 0180 Themes - ok 15:05:14.0046 0180 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr H:\WINDOWS\system32\tlntsvr.exe 15:05:14.0109 0180 TlntSvr - ok 15:05:14.0109 0180 TosIde - ok 15:05:14.0140 0180 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks H:\WINDOWS\system32\trkwks.dll 15:05:14.0218 0180 TrkWks - ok 15:05:14.0234 0180 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs H:\WINDOWS\system32\drivers\Udfs.sys 15:05:14.0296 0180 Udfs - ok 15:05:14.0296 0180 ultra - ok 15:05:14.0328 0180 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update H:\WINDOWS\system32\DRIVERS\update.sys 15:05:14.0406 0180 Update - ok 15:05:14.0437 0180 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost H:\WINDOWS\System32\upnphost.dll 15:05:14.0515 0180 upnphost - ok 15:05:14.0515 0180 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS H:\WINDOWS\System32\ups.exe 15:05:14.0593 0180 UPS - ok 15:05:14.0625 0180 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL H:\WINDOWS\system32\Drivers\usbaapl.sys 15:05:14.0656 0180 USBAAPL - ok 15:05:14.0656 0180 [ e919708db44ed8543a7c017953148330 ] usbaudio H:\WINDOWS\system32\drivers\usbaudio.sys 15:05:14.0718 0180 usbaudio - ok 15:05:14.0734 0180 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp H:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:05:14.0796 0180 usbccgp - ok 15:05:14.0812 0180 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci H:\WINDOWS\system32\DRIVERS\usbehci.sys 15:05:14.0890 0180 usbehci - ok 15:05:14.0906 0180 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub H:\WINDOWS\system32\DRIVERS\usbhub.sys 15:05:14.0984 0180 usbhub - ok 15:05:15.0000 0180 [ a717c8721046828520c9edf31288fc00 ] usbprint H:\WINDOWS\system32\DRIVERS\usbprint.sys 15:05:15.0078 0180 usbprint - ok 15:05:15.0093 0180 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan H:\WINDOWS\system32\DRIVERS\usbscan.sys 15:05:15.0156 0180 usbscan - ok 15:05:15.0171 0180 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:05:15.0234 0180 usbstor - ok 15:05:15.0265 0180 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci H:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:05:15.0328 0180 usbuhci - ok 15:05:15.0328 0180 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo H:\WINDOWS\system32\Drivers\usbvideo.sys 15:05:15.0390 0180 usbvideo - ok 15:05:15.0406 0180 [ b6cc50279d6cd28e090a5d33244adc9a ] usb_rndisx H:\WINDOWS\system32\DRIVERS\usb8023x.sys 15:05:15.0468 0180 usb_rndisx - ok 15:05:15.0468 0180 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave H:\WINDOWS\System32\drivers\vga.sys 15:05:15.0531 0180 VgaSave - ok 15:05:15.0546 0180 ViaIde - ok 15:05:15.0546 0180 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap H:\WINDOWS\system32\drivers\VolSnap.sys 15:05:15.0609 0180 VolSnap - ok 15:05:15.0625 0180 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS H:\WINDOWS\System32\vssvc.exe 15:05:15.0687 0180 VSS - ok 15:05:15.0703 0180 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time H:\WINDOWS\system32\w32time.dll 15:05:15.0765 0180 W32Time - ok 15:05:15.0765 0180 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp H:\WINDOWS\system32\DRIVERS\wanarp.sys 15:05:15.0828 0180 Wanarp - ok 15:05:15.0859 0180 [ d6efaf429fd30c5df613d220e344cce7 ] WDC_SAM H:\WINDOWS\system32\DRIVERS\wdcsam.sys 15:05:15.0890 0180 WDC_SAM - ok 15:05:15.0921 0180 [ 0220362deb2a21551b418d61f3153347 ] WDDMService H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 15:05:15.0921 0180 WDDMService ( UnsignedFile.Multi.Generic ) - warning 15:05:15.0921 0180 WDDMService - detected UnsignedFile.Multi.Generic (1) 15:05:15.0921 0180 WDICA - ok 15:05:15.0937 0180 [ 6768acf64b18196494413695f0c3a00f ] wdmaud H:\WINDOWS\system32\drivers\wdmaud.sys 15:05:16.0000 0180 wdmaud - ok 15:05:16.0000 0180 [ 138ab06adbbf300aa804d7974a5aec82 ] WDSmartWareBackgroundService H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe 15:05:16.0000 0180 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning 15:05:16.0000 0180 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1) 15:05:16.0015 0180 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient H:\WINDOWS\System32\webclnt.dll 15:05:16.0093 0180 WebClient - ok 15:05:16.0156 0180 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt H:\WINDOWS\system32\wbem\WMIsvc.dll 15:05:16.0234 0180 winmgmt - ok 15:05:16.0250 0180 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN H:\WINDOWS\system32\MsPMSNSv.dll 15:05:16.0281 0180 WmdmPmSN - ok 15:05:16.0296 0180 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi H:\WINDOWS\System32\advapi32.dll 15:05:16.0343 0180 Wmi - ok 15:05:16.0343 0180 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv H:\WINDOWS\system32\wbem\wmiapsrv.exe 15:05:16.0421 0180 WmiApSrv - ok 15:05:16.0421 0180 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb H:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:05:16.0437 0180 WpdUsb - ok 15:05:16.0484 0180 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:05:16.0515 0180 WPFFontCache_v0400 - ok 15:05:16.0546 0180 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL H:\WINDOWS\System32\drivers\ws2ifsl.sys 15:05:16.0625 0180 WS2IFSL - ok 15:05:16.0640 0180 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc H:\WINDOWS\system32\wscsvc.dll 15:05:16.0718 0180 wscsvc - ok 15:05:16.0734 0180 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:05:16.0812 0180 WSTCODEC - ok 15:05:16.0812 0180 wuauserv - ok 15:05:16.0859 0180 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf H:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:05:16.0890 0180 WudfPf - ok 15:05:16.0890 0180 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd H:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:05:16.0921 0180 WudfRd - ok 15:05:16.0937 0180 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc H:\WINDOWS\System32\WUDFSvc.dll 15:05:16.0953 0180 WudfSvc - ok 15:05:16.0984 0180 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC H:\WINDOWS\System32\wzcsvc.dll 15:05:17.0062 0180 WZCSVC - ok 15:05:17.0093 0180 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov H:\WINDOWS\System32\xmlprov.dll 15:05:17.0156 0180 xmlprov - ok 15:05:17.0171 0180 ================ Scan global =============================== 15:05:17.0203 0180 (42f1f4c0afb08410e5f02d4b13ebb623) H:\WINDOWS\system32\basesrv.dll 15:05:17.0234 0180 (8c7dca4b158bf16894120786a7a5f366) H:\WINDOWS\system32\winsrv.dll 15:05:17.0250 0180 (8c7dca4b158bf16894120786a7a5f366) H:\WINDOWS\system32\winsrv.dll 15:05:17.0250 0180 (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe 15:05:17.0250 0180 [Global] - ok 15:05:17.0250 0180 ================ Scan MBR ================================== 15:05:17.0265 0180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 15:05:17.0453 0180 \Device\Harddisk0\DR0 - ok 15:05:17.0453 0180 ================ Scan VBR ================================== 15:05:17.0453 0180 Boot (0x1200) (097654d4df1e196c0d560ea8f99d5f56) \Device\Harddisk0\DR0\Partition1 15:05:17.0453 0180 \Device\Harddisk0\DR0\Partition1 - ok 15:05:17.0453 0180 ============================================================ 15:05:17.0453 0180 Scan finished 15:05:17.0453 0180 ============================================================ 15:05:17.0562 1856 Detected object count: 11 15:05:17.0562 1856 Actual detected object count: 11 15:06:18.0843 1856 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0843 1856 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0843 1856 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0843 1856 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0843 1856 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0843 1856 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:18.0859 1856 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:18.0859 1856 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:25.0984 1708 Deinitialize success
- August 19, 2012
- 17 replies
redirect virus?

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Family [Admin rights] Mode: Scan -- Date: 08/19/2012 12:27:54 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [] HKLM\[...]\Windows : () -> ACCESS DENIED [] HKLM\[...]\Windows : () -> ACCESS DENIED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 +++++ --- User --- [MBR] 253541b0f6b649e762ccebb741f8a731 [bSP] d70386338c994455403ffd20da7d4036 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
- August 19, 2012
- 17 replies
redirect virus?

chefhop posted a topic in Resolved Malware Removal Logs

Whenever I do a google search and it gives me results. I click on any of the results and am redirected to another page of links. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Family at 11:42:50 on 2012-08-19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2096 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . H:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe H:\WINDOWS\System32\svchost.exe -k netsvcs H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\RTHDCPL.EXE H:\Program Files\AVG\AVG2012\avgtray.exe H:\Program Files\Common Files\Java\Java Update\jusched.exe H:\WINDOWS\system32\igfxtray.exe H:\WINDOWS\system32\hkcmd.exe H:\WINDOWS\system32\igfxpers.exe H:\WINDOWS\system32\igfxsrvc.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe H:\Program Files\Microsoft ActiveSync\wcescomm.exe H:\PROGRA~1\MICROS~3\rapimgr.exe svchost.exe H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe H:\Program Files\AVG\AVG2012\avgwdsvc.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\Program Files\Java\jre6\bin\jqs.exe H:\Program Files\Common Files\Motive\McciCMService.exe H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe H:\WINDOWS\system32\HPZipm12.exe H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe H:\Program Files\AVG\AVG2012\avgnsx.exe H:\WINDOWS\system32\svchost.exe -k imgsvc H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe H:\Program Files\AVG\AVG2012\avgrsx.exe H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe H:\Program Files\AVG\AVG2012\avgcsrvx.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe H:\Program Files\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - h:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - h:\program files\avg\avg2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program files\avg\avg2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - h:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - h:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - h:\program files\yontoo\YontooIEClient.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\wcescomm.exe" mRun: [Alcmtr] ALCMTR.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AVG_TRAY] "h:\program files\avg\avg2012\avgtray.exe" mRun: [sunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe" mRun: [igfxTray] h:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] h:\windows\system32\hkcmd.exe mRun: [Persistence] h:\windows\system32\igfxpers.exe mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - h:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - h:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\micros~3\INetRepl.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - h:\program files\avg\avg2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - h:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\progra~1\spybot~1\SDHelper.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - h:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - h:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program files\avg\avg2012\avgpp.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - h:\windows\system32\mscoree.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;h:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;h:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952] R1 Avgldx86;AVG AVI Loader Driver;h:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;h:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040] R1 Avgtdix;AVG TDI Driver;h:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248] R2 AVGIDSAgent;AVGIDSAgent;h:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744] R2 avgwd;AVG WatchDog;h:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;h:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 WDDMService;WD SmartWare Drive Manager;h:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;h:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R3 AVGIDSDriver;AVGIDSDriver;h:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;h:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);h:\program files\google\update\GoogleUpdate.exe [2011-1-27 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;h:\windows\system32\drivers\bcmwlhigh5.sys --> h:\windows\system32\drivers\bcmwlhigh5.sys [?] S3 cpudrv;cpudrv;h:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336] S3 gupdatem;Google Update Service (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2011-1-27 136176] S3 NPF;Netgroup Packet Filter;h:\windows\system32\drivers\npf.sys --> h:\windows\system32\drivers\npf.sys [?] S3 osppsvc;Office Software Protection Platform;h:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;h:\windows\system32\drivers\RTL8192su.sys [2011-2-22 594048] S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [2011-1-5 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;h:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2012-08-16 17:11:41 -------- d-----w- h:\program files\ProProfs CompTIA A+ Practice Exams 2012-08-16 17:11:31 831488 ------w- h:\windows\Setup1.exe 2012-08-16 17:11:30 73216 ----a-w- h:\windows\ST6UNST.EXE 2012-08-16 13:42:55 -------- d-----w- h:\documents and settings\family\local settings\application data\SlimWare Utilities Inc 2012-08-14 19:12:08 9232584 ----a-w- h:\windows\system32\FlashPlayerInstaller.exe 2012-08-01 22:51:21 -------- d-----w- h:\program files\Citrix 2012-08-01 22:51:10 60304 ----a-w- h:\documents and settings\family\g2mdlhlpx.exe 2012-07-27 20:51:30 184248 ----a-w- h:\program files\internet explorer\plugins\nppdf32.dll 2012-07-26 23:52:20 -------- d-----w- h:\documents and settings\family\application data\.techniclauncher 2012-07-22 15:09:21 -------- d-----w- h:\documents and settings\family\application data\calibre 2012-07-22 15:08:25 -------- d-----w- h:\program files\Calibre2 2012-07-22 14:54:53 -------- d-----w- h:\documents and settings\family\application data\Xilisoft 2012-07-22 14:51:39 -------- d-----w- h:\documents and settings\all users\application data\blekko toolbars 2012-07-22 14:51:32 -------- d-----w- h:\documents and settings\family\local settings\application data\blekkotb_031 . ==================== Find3M ==================== . 2012-08-14 19:12:10 70344 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 19:12:10 426184 ----a-w- h:\windows\system32\FlashPlayerApp.exe 2012-07-03 17:46:44 22344 ----a-w- h:\windows\system32\drivers\mbam.sys 2012-06-01 16:04:32 499712 ----a-w- h:\windows\system32\msvcp71.dll 2012-06-01 16:04:32 348160 ----a-w- h:\windows\system32\msvcr71.dll 1997-07-21 23:30:54 1045776 --sha-w- h:\windows\system32\Msjet35.dll 1997-06-23 07:00:00 123664 --sha-w- h:\windows\system32\Msjint35.dll 1997-06-23 16:06:50 24848 --sha-w- h:\windows\system32\Msjter35.dll 1997-06-23 16:06:50 252176 --sha-w- h:\windows\system32\Msrd2x35.dll 1997-06-23 16:06:50 287504 --sha-w- h:\windows\system32\Msxbse35.dll . ============= FINISH: 11:43:22.70 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/27/2010 3:28:48 PM System Uptime: 8/19/2012 10:22:30 AM (1 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel Pentium III Xeon processor | Socket 775 | 2660/333mhz . ==== Disk Partitions ========================= . E: is Removable F: is Removable G: is CDROM () H: is FIXED (NTFS) - 932 GiB total, 535.356 GiB free. I: is Removable K: is CDROM () N: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP60: 5/21/2012 4:46:13 PM - System Checkpoint RP61: 5/22/2012 5:47:46 PM - System Checkpoint RP62: 5/23/2012 5:55:17 PM - System Checkpoint RP63: 5/24/2012 7:02:32 PM - System Checkpoint RP64: 5/25/2012 7:56:34 PM - System Checkpoint RP65: 5/26/2012 8:49:34 PM - System Checkpoint RP66: 5/27/2012 9:06:27 PM - System Checkpoint RP67: 5/28/2012 9:15:57 PM - System Checkpoint RP68: 5/29/2012 9:16:41 PM - System Checkpoint RP69: 5/30/2012 11:54:21 PM - System Checkpoint RP70: 6/1/2012 3:27:22 AM - System Checkpoint RP71: 6/2/2012 4:03:22 AM - System Checkpoint RP72: 6/3/2012 9:53:49 AM - System Checkpoint RP73: 6/4/2012 10:24:59 AM - System Checkpoint RP74: 6/5/2012 11:23:54 AM - System Checkpoint RP75: 6/6/2012 11:39:28 AM - System Checkpoint RP76: 6/7/2012 12:26:24 PM - System Checkpoint RP77: 6/8/2012 12:57:04 PM - System Checkpoint RP78: 6/9/2012 2:11:28 PM - System Checkpoint RP79: 6/10/2012 2:32:32 PM - System Checkpoint RP80: 6/11/2012 3:20:18 PM - System Checkpoint RP81: 6/12/2012 4:44:25 PM - System Checkpoint RP82: 6/13/2012 10:17:17 PM - System Checkpoint RP83: 6/15/2012 1:00:28 AM - System Checkpoint RP84: 6/16/2012 2:04:43 AM - System Checkpoint RP85: 6/17/2012 2:58:07 AM - System Checkpoint RP86: 6/18/2012 3:57:03 AM - System Checkpoint RP87: 6/19/2012 6:03:00 AM - System Checkpoint RP88: 6/20/2012 8:14:54 AM - System Checkpoint RP89: 6/21/2012 9:55:28 AM - System Checkpoint RP90: 6/22/2012 9:57:15 AM - System Checkpoint RP91: 6/23/2012 10:33:07 AM - System Checkpoint RP92: 6/24/2012 11:04:40 AM - System Checkpoint RP93: 6/25/2012 12:56:48 PM - System Checkpoint RP94: 6/26/2012 2:12:23 PM - System Checkpoint RP95: 6/27/2012 9:01:50 PM - System Checkpoint RP96: 6/28/2012 11:05:28 PM - System Checkpoint RP97: 6/30/2012 1:04:30 AM - System Checkpoint RP98: 7/1/2012 3:02:47 AM - System Checkpoint RP99: 7/2/2012 7:46:44 AM - System Checkpoint RP100: 7/3/2012 7:48:22 AM - System Checkpoint RP101: 7/4/2012 8:39:54 AM - System Checkpoint RP102: 7/5/2012 9:20:23 AM - System Checkpoint RP103: 7/6/2012 2:13:35 PM - System Checkpoint RP104: 7/7/2012 7:32:50 AM - Installed DirectX RP105: 7/8/2012 10:26:03 AM - System Checkpoint RP106: 7/9/2012 11:35:32 AM - System Checkpoint RP107: 7/10/2012 2:33:57 PM - System Checkpoint RP108: 7/11/2012 3:23:40 PM - System Checkpoint RP109: 7/12/2012 4:17:00 PM - System Checkpoint RP110: 7/13/2012 4:32:39 PM - System Checkpoint RP111: 7/14/2012 4:51:19 PM - System Checkpoint RP112: 7/17/2012 10:57:33 PM - System Checkpoint RP113: 7/18/2012 11:55:03 PM - System Checkpoint RP114: 7/20/2012 3:48:14 AM - System Checkpoint RP115: 7/21/2012 4:26:11 AM - System Checkpoint RP116: 7/22/2012 6:41:15 AM - System Checkpoint RP117: 7/22/2012 11:08:24 AM - Installed calibre RP118: 7/23/2012 4:11:53 PM - System Checkpoint RP119: 7/24/2012 8:43:42 PM - System Checkpoint RP120: 7/25/2012 10:44:04 PM - System Checkpoint RP121: 7/27/2012 12:07:57 AM - System Checkpoint RP122: 7/28/2012 4:54:59 AM - System Checkpoint RP123: 7/29/2012 6:08:23 AM - System Checkpoint RP124: 7/30/2012 9:04:18 AM - System Checkpoint RP125: 7/31/2012 10:25:44 AM - System Checkpoint RP126: 8/1/2012 4:13:56 PM - System Checkpoint RP127: 8/2/2012 7:04:47 PM - System Checkpoint RP128: 8/3/2012 7:59:02 PM - System Checkpoint RP129: 8/5/2012 2:18:51 AM - System Checkpoint RP130: 8/6/2012 2:39:19 AM - System Checkpoint RP131: 8/7/2012 5:03:31 AM - System Checkpoint RP132: 8/8/2012 7:09:51 AM - System Checkpoint RP133: 8/9/2012 7:56:51 AM - System Checkpoint RP134: 8/10/2012 11:13:05 AM - System Checkpoint RP135: 8/11/2012 11:38:53 AM - System Checkpoint RP136: 8/12/2012 1:35:26 PM - System Checkpoint RP137: 8/13/2012 1:43:59 PM - System Checkpoint RP138: 8/14/2012 2:40:41 PM - System Checkpoint RP139: 8/15/2012 3:02:22 PM - System Checkpoint RP140: 8/16/2012 9:46:15 AM - Removed DriverUpdate RP141: 8/17/2012 11:33:16 AM - System Checkpoint RP142: 8/18/2012 11:40:08 AM - System Checkpoint . ==== Installed Programs ====================== . 1500 1500_Help 1500Trb 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) AiO_Scan AiOSoftware Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2: Free AutoCAD Express Tools Volumes 1-9 Autodesk Express Viewer Autodesk Land Desktop 2004 Autodesk Survey 2004 AVG 2012 BitTorrent Bonjour BufferChm Burn4Free CD & DVD 5.3.0.0 Burn4Free Toolbar calibre CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CueTour Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Resource CD Destinations DeviceFunctionQFolder DeviceManagementQFolder DocProc DocumentViewer DocumentViewerQFolder Dungeon Defenders Demo eSupportQFolder Fax FormatFactory 2.70 Free Audio CD Burner version 1.4.8 Free FLAC to MP3 Converter 1.0 Free Video Joiner 1.1 FullDPAppQFolder Google Chrome Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Document Viewer 5.3 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant InstantShareDevices Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections 12.1.12.0 iTunes Java Auto Updater Java™ 6 Update 31 Left 4 Dead 2 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft ActiveSync Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Minute Menu Kids MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Native Instruments Kore Player Native Instruments Service Center NewCopy Non Driver CIO Components PanoStandAlone PDF reDirect (remove only) PhotoGallery PhotoScape PMB ProductContext ProProfs CompTIA A+ Practice Exams QuickBooks QuickBooks Simple Start 2010 QuickTime RandMap Readme RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Reason 5.0 ReCycle v2.1 Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) SkinsHP1 SolutionCenter Sonic_PrimoSDK Sony ACID Music Studio 7.0 Spybot - Search & Destroy Status Steam System Requirements Lab for Intel The Rosetta Stone TrayApp Uninstall 1.0.0.1 Unity Web Player Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.9 WD SmartWare WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows XP Service Pack 3 Yontoo 1.10.02 . ==== Event Viewer Messages From Past Week ======== . 8/14/2012 8:39:21 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found. . ==== End Of File ===========================
- August 19, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

That was the problem. Thank you very much for your help.
- March 27, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

I just tried the "run as" option with no luck. As soon as i push update or scan now mbam closes.
- March 26, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

no. i completely uninstalled avg. combofix isn't doing anything. it opens, it makes a back up, it says this may take 10 minutes then it just seems to freeze. I let it run for hours.
- March 26, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

combofix get to the part where i says it will take 10 minutes maybe double and no further.
- March 26, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

does combofix typically take hours to run?
- March 25, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

OTL logfile created on: 3/25/2012 11:46:33 AM - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = H:\Documents and Settings\Family\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.31% Memory free 4.83 Gb Paging File | 4.30 Gb Available in Paging File | 88.97% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive D: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 931.50 Gb Total Space | 555.73 Gb Free Space | 59.66% Space Free | Partition Type: NTFS Drive J: | 1862.36 Gb Total Space | 1505.95 Gb Free Space | 80.86% Space Free | Partition Type: NTFS Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/25 11:44:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe PRC - [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- H:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/03/21 08:21:12 | 000,429,040 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll MOD - [2012/03/21 08:21:11 | 003,772,912 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll MOD - [2012/03/21 08:19:37 | 000,122,880 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avutil-51.dll MOD - [2012/03/21 08:19:35 | 000,220,672 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avformat-53.dll MOD - [2012/03/21 08:19:34 | 001,747,456 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avcodec-53.dll MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- H:\WINDOWS\system32\PDFreDirectMonNT.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/09/06 20:12:06 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010/08/19 16:25:00 | 000,272,864 | ---- | M] () [Disabled | Stopped] -- H:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100) SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Family\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/03/25 11:42:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/03/25 11:08:43 | 000,024,064 | ---- | M] () [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010/02/03 12:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010/01/06 05:21:00 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX) DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/01/28 16:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/01/28 16:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2007/05/02 17:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2003/07/16 12:05:32 | 000,001,247 | ---- | M] () [Kernel | System | Stopped] -- H:\Program Files\Land Desktop 2004\Land\changer.lsp -- (Changer) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {17DB2045-0C50-4102-BB7E-7D79B78F489D} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{17DB2045-0C50-4102-BB7E-7D79B78F489D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{11FC9A64-3DD3-4EE1-8330-843181AE3E5C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d19e2f1&v=7.4.22.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:35:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/06 09:24:36 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://search.avg.com/?d=4dde38c6&v=7.4.22.4&i=26&tp=ggl-chrome&q={searchTerms} CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = h:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Google Update (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Unity Player (Enabled) = H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: Gmail = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Se&nd to OneNote - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - H:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/28 16:00:27 | 000,000,088 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell - "" = AutoRun O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell\AutoRun\command - "" = K:\KODAK_Software_Downloader.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/25 11:46:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe [2012/03/16 15:41:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\Malwarebytes [2012/03/16 15:41:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/16 15:41:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/03/16 15:41:13 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/03/16 15:41:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys [2012/03/16 15:41:12 | 000,000,000 | ---D | C] -- H:\Program Files\Malwarebytes' Anti-Malware [2012/03/16 07:38:44 | 000,000,000 | RHSD | C] -- H:\cmdcons [2012/03/16 07:35:59 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe [2012/03/16 07:35:59 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe [2012/03/16 07:35:59 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe [2012/03/16 07:35:59 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe [2012/03/16 07:35:53 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT [2012/03/16 07:35:52 | 000,000,000 | --SD | C] -- H:\ComboFix [2012/03/15 10:14:48 | 000,000,000 | ---D | C] -- H:\Qoobox [2012/03/14 12:06:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\jorgen [2012/03/13 08:06:54 | 000,000,000 | ---D | C] -- H:\WINDOWS\Minidump [2012/03/12 23:32:24 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\ships [2012/03/10 20:37:49 | 000,000,000 | ---D | C] -- H:\Malwarebytes [2012/03/08 14:28:45 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- H:\WINDOWS\System32\drivers\mcdbus.sys [2012/03/08 14:28:44 | 000,000,000 | ---D | C] -- H:\Program Files\MagicDisc [2012/03/08 09:11:44 | 000,000,000 | ---D | C] -- H:\Program Files\MagicISO [2012/03/06 15:29:46 | 000,000,000 | ---D | C] -- H:\Program Files\BitTorrent [2012/03/06 15:28:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\BitTorrent [2012/03/06 12:33:33 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2012/03/03 23:19:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\.minecraft [6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/25 11:44:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe [2012/03/25 11:42:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/03/25 11:41:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/03/25 11:08:43 | 000,024,064 | ---- | M] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/03/25 10:20:14 | 000,000,280 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job [2012/03/25 10:20:13 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2012/03/25 10:20:13 | 000,000,288 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job [2012/03/25 10:20:02 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/03/25 10:20:01 | 000,000,266 | ---- | M] () -- H:\WINDOWS\tasks\AutoKMS.job [2012/03/25 10:19:53 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2012/03/25 09:56:39 | 000,000,802 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/03/25 09:56:39 | 000,000,784 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/25 09:13:46 | 092,621,341 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/03/25 00:49:56 | 000,278,561 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Minecraft.exe [2012/03/24 17:42:36 | 000,113,434 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\shavedmonkeyalien.rns [2012/03/23 18:04:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/03/21 14:23:14 | 000,505,612 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2012/03/21 14:23:14 | 000,089,332 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2012/03/20 22:24:43 | 000,246,024 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\doing it.rns [2012/03/20 12:20:55 | 000,000,616 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\ReCycle.lnk [2012/03/18 17:12:32 | 000,290,434 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/03/18 14:10:47 | 000,262,826 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\the killing mist.rns [2012/03/18 14:09:08 | 000,181,652 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\practicewobble.rns [2012/03/16 14:36:27 | 000,188,633 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache [2012/03/16 14:36:24 | 000,195,586 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache [2012/03/16 14:29:43 | 000,000,036 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache [2012/03/16 07:38:49 | 000,000,327 | RHS- | M] () -- H:\boot.ini [2012/03/15 13:00:10 | 000,046,592 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/13 22:04:05 | 000,411,080 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2012/03/13 21:52:53 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK [2012/03/12 11:02:39 | 000,008,143 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\fishtank.jpg [2012/03/12 07:20:21 | 000,161,968 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\swing chop.1.rns [2012/03/10 10:11:43 | 000,001,039 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/03/09 19:04:37 | 000,001,021 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Google Gold.lnk [2012/03/09 19:00:32 | 000,001,039 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Google Chrome.lnk [2012/03/09 00:01:24 | 000,133,884 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\crazyshit.rns [2012/03/06 15:29:49 | 000,000,668 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2012/03/02 09:07:09 | 000,182,512 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\swing chop.rns [2012/03/01 00:29:44 | 000,208,056 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\hard.1.rns [2012/02/27 00:02:04 | 000,007,260 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\smakit.drp [2012/02/25 18:32:45 | 000,174,150 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\hard.rns [2012/02/24 17:02:41 | 000,265,438 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\begin the nibeg.rns [2012/02/24 17:01:05 | 000,181,822 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\stabacat.1.rns [6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/25 11:08:43 | 000,024,064 | ---- | C] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/03/25 09:56:39 | 000,000,802 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/03/25 09:56:39 | 000,000,784 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/25 00:49:56 | 000,278,561 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Minecraft.exe [2012/03/24 17:42:36 | 000,113,434 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\shavedmonkeyalien.rns [2012/03/20 12:20:55 | 000,000,616 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\ReCycle.lnk [2012/03/19 22:43:26 | 000,246,024 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\doing it.rns [2012/03/16 14:36:27 | 000,188,633 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache [2012/03/16 14:36:24 | 000,195,586 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache [2012/03/16 14:29:43 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache [2012/03/16 07:38:49 | 000,000,210 | ---- | C] () -- H:\Boot.bak [2012/03/16 07:38:46 | 000,260,272 | RHS- | C] () -- H:\cmldr [2012/03/16 07:35:59 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe [2012/03/16 07:35:59 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe [2012/03/16 07:35:59 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe [2012/03/16 07:35:59 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe [2012/03/16 07:35:59 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe [2012/03/12 11:02:51 | 000,008,143 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\fishtank.jpg [2012/03/10 10:11:43 | 000,001,039 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/03/09 19:04:18 | 000,001,021 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Google Gold.lnk [2012/03/09 00:26:15 | 000,262,826 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\the killing mist.rns [2012/03/06 15:29:49 | 000,000,668 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2012/03/06 12:37:37 | 000,001,039 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Google Chrome.lnk [2012/03/02 10:56:21 | 000,181,652 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\practicewobble.rns [2012/03/02 10:14:01 | 000,161,968 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\swing chop.1.rns [2012/03/01 00:42:20 | 000,182,512 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\swing chop.rns [2012/02/27 00:04:54 | 000,133,884 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\crazyshit.rns [2012/02/27 00:02:04 | 000,007,260 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\smakit.drp [2012/02/25 18:32:51 | 000,208,056 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\hard.1.rns [2012/02/24 20:10:50 | 000,174,150 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\hard.rns [2012/02/15 19:48:01 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll [2012/02/14 13:47:00 | 000,331,263 | ---- | C] () -- H:\WINDOWS\LOOP.exe [2011/09/01 15:27:54 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\prvlcl.dat [2011/08/04 17:58:40 | 000,000,564 | ---- | C] () -- H:\WINDOWS\link32.INI [2011/07/11 15:18:32 | 000,002,528 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\$_hpcst$.hpc [2011/05/20 07:12:04 | 000,000,059 | ---- | C] () -- H:\WINDOWS\ANS2000.INI [2011/05/20 07:12:04 | 000,000,020 | -H-- | C] () -- H:\WINDOWS\akebook.ini [2011/05/20 07:12:04 | 000,000,004 | -H-- | C] () -- H:\WINDOWS\a3kebook.ini [2011/02/28 13:25:30 | 000,053,299 | ---- | C] () -- H:\WINDOWS\System32\pthreadVC.dll [2011/02/11 22:11:08 | 000,048,588 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat [2011/02/03 11:51:41 | 000,046,592 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/05 00:18:14 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI [2010/12/30 12:08:00 | 000,000,129 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat [2010/12/30 11:56:05 | 000,112,410 | ---- | C] () -- H:\WINDOWS\hpoins07.dat [2010/12/30 11:56:05 | 000,021,124 | ---- | C] () -- H:\WINDOWS\hpomdl07.dat [2010/12/28 13:18:32 | 000,000,090 | ---- | C] () -- H:\WINDOWS\QBChanUtil_Trigger.ini [2010/12/28 08:46:38 | 000,204,800 | ---- | C] () -- H:\WINDOWS\System32\igfxCoIn_v4820.dll [2010/12/28 08:34:30 | 000,049,152 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe [2010/12/27 16:28:52 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat [2010/12/27 16:24:54 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat [2010/12/27 11:13:49 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI [2010/12/27 11:12:49 | 000,411,080 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2010/06/06 10:20:02 | 000,065,344 | ---- | C] () -- H:\WINDOWS\System32\PDFreDirectMonNT.dll ========== LOP Check ========== [2011/07/27 20:35:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Autodesk [2011/11/08 23:41:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2012 [2010/12/28 13:18:31 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files [2012/03/25 09:13:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData [2010/12/28 13:18:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Nuance [2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PDF reDirect [2012/02/14 13:48:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Propellerhead Software [2010/12/28 13:24:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\SQL Anywhere 11 [2011/01/05 09:00:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon [2011/01/05 08:55:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Western Digital [2010/12/29 08:43:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/01/11 21:19:05 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756} [2011/01/12 07:14:46 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{C5A0D307-9319-4B00-9734-C0F4B0454A7B} [2012/03/25 00:50:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.minecraft [2011/07/27 20:43:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Autodesk [2011/11/08 23:32:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\AVG2012 [2012/03/14 09:18:16 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\BitTorrent [2011/10/20 10:13:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\ChessBase [2011/01/23 23:13:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\dtband [2011/08/18 22:04:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoft [2011/03/13 22:00:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoftIEHelpers [2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\NetMedia Providers [2010/12/30 11:43:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\OpenOffice.org [2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PDF reDirect [2011/12/27 12:57:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PhotoScape [2012/02/14 13:48:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Propellerhead Software [2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Publish Providers [2011/01/23 23:13:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\somototoolbar [2010/12/28 14:24:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Sony [2010/12/29 01:05:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Unity [2012/03/06 15:25:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\uTorrent [2011/01/05 08:55:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Western Digital [2012/03/25 10:20:01 | 000,000,266 | ---- | M] () -- H:\WINDOWS\Tasks\AutoKMS.job ========== Purity Check ========== < End of report > I did not get an extras.txt
- March 25, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

I have tried everything on that list that could or would run. Posting here is my last effort to try and remove or fix whatever this is. I will try them again. Thanks.
- March 25, 2012
- 17 replies
Malwarebytes won't update or run

chefhop replied to chefhop's topic in Resolved Malware Removal Logs

Am I supposed to continue with the other methods when chameleon doesn't work?
- March 25, 2012
- 17 replies
Malwarebytes won't update or run

chefhop posted a topic in Resolved Malware Removal Logs

Have tried everything. Here's my OTL log. Thanks. OTL logfile created on: 3/25/2012 10:40:15 AM - Run 2 OTL by OldTimer - Version 3.2.37.0 Folder = H:\Documents and Settings\Family\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.76% Memory free 4.83 Gb Paging File | 4.29 Gb Available in Paging File | 88.75% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive D: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 931.50 Gb Total Space | 555.75 Gb Free Space | 59.66% Space Free | Partition Type: NTFS Drive J: | 1862.36 Gb Total Space | 1505.95 Gb Free Space | 80.86% Space Free | Partition Type: NTFS Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/21 08:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- H:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/03/15 10:30:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/03/21 08:21:12 | 000,429,040 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll MOD - [2012/03/21 08:21:11 | 003,772,912 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll MOD - [2012/03/21 08:19:37 | 000,122,880 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avutil-51.dll MOD - [2012/03/21 08:19:35 | 000,220,672 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avformat-53.dll MOD - [2012/03/21 08:19:34 | 001,747,456 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\17.0.963.83\avcodec-53.dll MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- H:\WINDOWS\system32\PDFreDirectMonNT.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/09/06 20:12:06 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010/08/19 16:25:00 | 000,272,864 | ---- | M] () [Disabled | Stopped] -- H:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100) SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Family\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/03/25 09:56:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010/02/03 12:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010/01/06 05:21:00 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX) DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/01/28 16:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/01/28 16:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2007/05/02 17:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2003/07/16 12:05:32 | 000,001,247 | ---- | M] () [Kernel | System | Stopped] -- H:\Program Files\Land Desktop 2004\Land\changer.lsp -- (Changer) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {17DB2045-0C50-4102-BB7E-7D79B78F489D} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{17DB2045-0C50-4102-BB7E-7D79B78F489D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{11FC9A64-3DD3-4EE1-8330-843181AE3E5C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d19e2f1&v=7.4.22.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: h:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:35:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/06 09:24:36 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://search.avg.com/?d=4dde38c6&v=7.4.22.4&i=26&tp=ggl-chrome&q={searchTerms} CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = h:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Google Update (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Unity Player (Enabled) = H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: Gmail = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Se&nd to OneNote - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - H:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/28 16:00:27 | 000,000,088 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell - "" = AutoRun O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ec0eb8a-696a-11e0-a746-8aaf280856b2}\Shell\AutoRun\command - "" = K:\KODAK_Software_Downloader.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/25 10:28:54 | 000,594,432 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe [2012/03/16 15:41:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\Malwarebytes [2012/03/16 15:41:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/16 15:41:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/03/16 15:41:13 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/03/16 15:41:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys [2012/03/16 15:41:12 | 000,000,000 | ---D | C] -- H:\Program Files\Malwarebytes' Anti-Malware [2012/03/16 07:38:44 | 000,000,000 | RHSD | C] -- H:\cmdcons [2012/03/16 07:35:59 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe [2012/03/16 07:35:59 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe [2012/03/16 07:35:59 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe [2012/03/16 07:35:59 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe [2012/03/16 07:35:53 | 000,000,000 | ---D | C] -- H:\WINDOWS\ERDNT [2012/03/16 07:35:52 | 000,000,000 | --SD | C] -- H:\ComboFix [2012/03/15 10:14:48 | 000,000,000 | ---D | C] -- H:\Qoobox [2012/03/14 12:06:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\jorgen [2012/03/13 08:06:54 | 000,000,000 | ---D | C] -- H:\WINDOWS\Minidump [2012/03/12 23:32:24 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\ships [2012/03/10 20:37:49 | 000,000,000 | ---D | C] -- H:\Malwarebytes [2012/03/08 14:28:45 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- H:\WINDOWS\System32\drivers\mcdbus.sys [2012/03/08 14:28:44 | 000,000,000 | ---D | C] -- H:\Program Files\MagicDisc [2012/03/08 09:11:44 | 000,000,000 | ---D | C] -- H:\Program Files\MagicISO [2012/03/06 15:29:46 | 000,000,000 | ---D | C] -- H:\Program Files\BitTorrent [2012/03/06 15:28:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\BitTorrent [2012/03/06 12:33:33 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2012/03/03 23:19:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\.minecraft [6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/25 10:41:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/03/25 10:20:14 | 000,000,280 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job [2012/03/25 10:20:13 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2012/03/25 10:20:13 | 000,000,288 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job [2012/03/25 10:20:02 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/03/25 10:20:01 | 000,000,266 | ---- | M] () -- H:\WINDOWS\tasks\AutoKMS.job [2012/03/25 10:19:53 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2012/03/25 09:56:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/03/25 09:56:39 | 000,000,802 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/03/25 09:56:39 | 000,000,784 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/25 09:13:46 | 092,621,341 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/03/25 00:49:56 | 000,278,561 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Minecraft.exe [2012/03/24 17:42:36 | 000,113,434 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\shavedmonkeyalien.rns [2012/03/23 18:04:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/03/21 14:23:14 | 000,505,612 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2012/03/21 14:23:14 | 000,089,332 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2012/03/20 22:24:43 | 000,246,024 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\doing it.rns [2012/03/20 12:20:55 | 000,000,616 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\ReCycle.lnk [2012/03/18 17:12:32 | 000,290,434 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/03/18 14:10:47 | 000,262,826 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\the killing mist.rns [2012/03/18 14:09:08 | 000,181,652 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\practicewobble.rns [2012/03/16 14:36:27 | 000,188,633 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache [2012/03/16 14:36:24 | 000,195,586 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache [2012/03/16 14:29:43 | 000,000,036 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache [2012/03/16 07:38:49 | 000,000,327 | RHS- | M] () -- H:\boot.ini [2012/03/15 13:00:10 | 000,046,592 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/15 10:30:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe [2012/03/13 22:04:05 | 000,411,080 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2012/03/13 21:52:53 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK [2012/03/12 11:02:39 | 000,008,143 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\fishtank.jpg [2012/03/12 07:20:21 | 000,161,968 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\swing chop.1.rns [2012/03/10 10:11:43 | 000,001,039 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/03/09 19:04:37 | 000,001,021 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Google Gold.lnk [2012/03/09 19:00:32 | 000,001,039 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Google Chrome.lnk [2012/03/09 00:01:24 | 000,133,884 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\crazyshit.rns [2012/03/06 15:29:49 | 000,000,668 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2012/03/02 09:07:09 | 000,182,512 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\swing chop.rns [2012/03/01 00:29:44 | 000,208,056 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\hard.1.rns [2012/02/27 00:02:04 | 000,007,260 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\smakit.drp [2012/02/25 18:32:45 | 000,174,150 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\hard.rns [2012/02/24 17:02:41 | 000,265,438 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\begin the nibeg.rns [2012/02/24 17:01:05 | 000,181,822 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\stabacat.1.rns [2012/02/24 11:06:18 | 000,157,288 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\groovydoob.rns [6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/25 09:56:39 | 000,000,802 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/03/25 09:56:39 | 000,000,784 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/25 00:49:56 | 000,278,561 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Minecraft.exe [2012/03/24 17:42:36 | 000,113,434 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\shavedmonkeyalien.rns [2012/03/20 12:20:55 | 000,000,616 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\ReCycle.lnk [2012/03/19 22:43:26 | 000,246,024 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\doing it.rns [2012/03/16 14:36:27 | 000,188,633 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache [2012/03/16 14:36:24 | 000,195,586 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache [2012/03/16 14:29:43 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache [2012/03/16 07:38:49 | 000,000,210 | ---- | C] () -- H:\Boot.bak [2012/03/16 07:38:46 | 000,260,272 | RHS- | C] () -- H:\cmldr [2012/03/16 07:35:59 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe [2012/03/16 07:35:59 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe [2012/03/16 07:35:59 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe [2012/03/16 07:35:59 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe [2012/03/16 07:35:59 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe [2012/03/12 11:02:51 | 000,008,143 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\fishtank.jpg [2012/03/10 10:11:43 | 000,001,039 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/03/09 19:04:18 | 000,001,021 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Google Gold.lnk [2012/03/09 00:26:15 | 000,262,826 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\the killing mist.rns [2012/03/06 15:29:49 | 000,000,668 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2012/03/06 12:37:37 | 000,001,039 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Google Chrome.lnk [2012/03/02 10:56:21 | 000,181,652 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\practicewobble.rns [2012/03/02 10:14:01 | 000,161,968 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\swing chop.1.rns [2012/03/01 00:42:20 | 000,182,512 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\swing chop.rns [2012/02/27 00:04:54 | 000,133,884 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\crazyshit.rns [2012/02/27 00:02:04 | 000,007,260 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\smakit.drp [2012/02/25 18:32:51 | 000,208,056 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\hard.1.rns [2012/02/24 20:10:50 | 000,174,150 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\hard.rns [2012/02/15 19:48:01 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll [2012/02/14 13:47:00 | 000,331,263 | ---- | C] () -- H:\WINDOWS\LOOP.exe [2011/09/01 15:27:54 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\prvlcl.dat [2011/08/04 17:58:40 | 000,000,564 | ---- | C] () -- H:\WINDOWS\link32.INI [2011/07/11 15:18:32 | 000,002,528 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\$_hpcst$.hpc [2011/05/20 07:12:04 | 000,000,059 | ---- | C] () -- H:\WINDOWS\ANS2000.INI [2011/05/20 07:12:04 | 000,000,020 | -H-- | C] () -- H:\WINDOWS\akebook.ini [2011/05/20 07:12:04 | 000,000,004 | -H-- | C] () -- H:\WINDOWS\a3kebook.ini [2011/02/28 13:25:30 | 000,053,299 | ---- | C] () -- H:\WINDOWS\System32\pthreadVC.dll [2011/02/11 22:11:08 | 000,048,588 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat [2011/02/03 11:51:41 | 000,046,592 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/05 00:18:14 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI [2010/12/30 12:08:00 | 000,000,129 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat [2010/12/30 11:56:05 | 000,112,410 | ---- | C] () -- H:\WINDOWS\hpoins07.dat [2010/12/30 11:56:05 | 000,021,124 | ---- | C] () -- H:\WINDOWS\hpomdl07.dat [2010/12/28 13:18:32 | 000,000,090 | ---- | C] () -- H:\WINDOWS\QBChanUtil_Trigger.ini [2010/12/28 08:46:38 | 000,204,800 | ---- | C] () -- H:\WINDOWS\System32\igfxCoIn_v4820.dll [2010/12/28 08:34:30 | 000,049,152 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe [2010/12/27 16:28:52 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat [2010/12/27 16:24:54 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat [2010/12/27 11:13:49 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI [2010/12/27 11:12:49 | 000,411,080 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2010/06/06 10:20:02 | 000,065,344 | ---- | C] () -- H:\WINDOWS\System32\PDFreDirectMonNT.dll ========== LOP Check ========== [2011/07/27 20:35:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Autodesk [2011/11/08 23:41:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2012 [2010/12/28 13:18:31 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files [2012/03/25 09:13:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData [2010/12/28 13:18:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Nuance [2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PDF reDirect [2012/02/14 13:48:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Propellerhead Software [2010/12/28 13:24:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\SQL Anywhere 11 [2011/01/05 09:00:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon [2011/01/05 08:55:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Western Digital [2010/12/29 08:43:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/01/11 21:19:05 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756} [2011/01/12 07:14:46 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{C5A0D307-9319-4B00-9734-C0F4B0454A7B} [2012/03/25 00:50:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.minecraft [2011/07/27 20:43:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Autodesk [2011/11/08 23:32:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\AVG2012 [2012/03/14 09:18:16 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\BitTorrent [2011/10/20 10:13:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\ChessBase [2011/01/23 23:13:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\dtband [2011/08/18 22:04:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoft [2011/03/13 22:00:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoftIEHelpers [2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\NetMedia Providers [2010/12/30 11:43:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\OpenOffice.org [2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PDF reDirect [2011/12/27 12:57:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PhotoScape [2012/02/14 13:48:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Propellerhead Software [2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Publish Providers [2011/01/23 23:13:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\somototoolbar [2010/12/28 14:24:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Sony [2010/12/29 01:05:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Unity [2012/03/06 15:25:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\uTorrent [2011/01/05 08:55:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Western Digital [2012/03/25 10:20:01 | 000,000,266 | ---- | M] () -- H:\WINDOWS\Tasks\AutoKMS.job ========== Purity Check ========== < End of report >
- March 25, 2012
- 17 replies

Sign In

chefhop

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by chefhop

redirect virus?

redirect virus?

redirect virus?

redirect virus?

redirect virus?

redirect virus?

redirect virus?

redirect virus?

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Malwarebytes won't update or run

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information