heybabyzr0

Honorary Members

View Profile See their activity

Posts
63
Joined
November 24, 2010
Last visited
December 9, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by heybabyzr0

Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Gringo, I am having one more problem this morning. Twice the computer has frozen and I get a popup saying Dr. Watson has encountered a problem post mortum. The computer then freezes and I must reboot.
- December 8, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Gringo, I have run the cleaners. Thank you for all your help in restoring my computer. Justin
- December 8, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

EST Scan results are attached in this post since the last post had html markup. I've no idea why the html showed up in the post. EST.txt
- December 6, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

<p>EST Scan Log:</p> <p> </p> <p> </p> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP633\A0203750.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP651\A0206918.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DownloadAdmin.D application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP656\A0209375.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Toolbar.CrossRider.A application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP656\A0209409.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/OpenInstall application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP658\A0209831.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.CrossRider.B application</div> <div> </div>
- December 6, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

No issues running any of the programs this time. The computer speed, audio, and video seem to be ok. Boot up time is still very slow but, this is an old computer. The browser I use, Chrome, still looks "different." Yesterday sites using Java would not load or would load very slowly. After following your instruction in the above post, those sites seem to be loading better. MBAM Log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Just :: TOSHIBA-USER [administrator] 12/6/2012 2:27:20 AM mbam-log-2012-12-06 (02-27-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234501 Time elapsed: 20 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:29:53 AM, on 12/6/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Desktop\HijackThis.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator') O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 9324 bytes
- December 6, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

µTorrent 2350 2350_Help 2350Trb 2Wire Wireless Client 32 Bit HP CIO Components Installer Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader X (10.1.4) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player 11.6 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AiO_Scan AiOSoftware ALPS Touch Pad Driver Android USB Driver Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AVG 2013 BufferChm C4200 C4200_doccd c4200_Help CD/DVD Drive Acoustic Silencer Connect Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DivX Setup DocProc DocProcQFolder DocumentViewer DVD-RAM Driver eSupportQFolder Fax FileZilla Client 3.5.3 Free Video to MP3 Converter version 5.0.19.1015 Google Chrome Google Update Helper HiJackThis Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) HP Customer Participation Program 9.0 HP Image Zone 4.7 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Product Assistant HP PSC & OfficeJet 4.7 HP Solution Center 9.0 HP Update HPProductAssistant HPSystemDiagnostics InstantShare Java 7 Update 9 Java Auto Updater JDownloader 0.9 kuler Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MFC RunTime files Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Help Viewer 1.0 Microsoft IntelliPoint 6.1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVC80_x86 MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 6 Service Pack 2 (KB954459) Mysteryville Notebook Maximizer Notepad++ PanoStandAlone PC Connectivity Solution PdaNet for Android 3.50 PDF Settings CS4 PhotoGallery Photoshop Camera Raw Platform ProductContext PS_AIO_ProductContext PS_AIO_Software PS_AIO_Software_min PSSWCORE QFolder QuickTime RarZilla Free Unrar Readme RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver RealUpgrade 1.1 RegAlyzer Roxio Burn Engine Samsung New PC Studio Scan ScannerCopy Scribus 1.4.1 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB975713) Segoe UI Sex Sim SkinsHP1 SlimCleaner SolutionCenter Sonic DLA Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Status Suite Shared Configuration CS4 Super Collapse 3 swMSM TBS WMP Plug-in Toolbox TOSHIBA Access TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Fax Extension TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Management Utility Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver Touch and Launch TouchPad On/Off Utility TrayApp Unload UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Word 2007 Help (KB963665) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982664) Update for Windows XP (KB951978) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 VIA Platform Device Manager VideoToolkit01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Windows Defender Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Photo Gallery Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows XP Service Pack 3 Wise Disk Cleaner 5.93
- December 4, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I ran the new script in Combo Fix. The program still froze up. I tried twice and gave in 1.5 hours to work but still nothing but a frozen program.
- December 4, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I tried running ComboFix using the script provided twice. Both times the program froze up. I did not click anything with the mouse one the program started and I disabled the antivirus program.
- December 3, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

OK, The boot up was a bit faster. The browser in Chrome looks different. Audio and Video are playing back fine. My anti-virus, AVG, popped up saying it detected a threat called ACS.EXE. I did not take any action. Justin ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Service relational stopped successfully! Service relational deleted successfully! File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found. Error: No service named 18059 was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\18059 deleted successfully. File globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found not found. Service mnsframework stopped successfully! Service mnsframework deleted successfully! File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found. Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.selectedEngine C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\skin folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale\en-US folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\lib folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com folder moved successfully. Folder C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode\ not found. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml moved successfully. C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68 moved successfully. C:\Documents and Settings\All Users\Application Data\ci256wkm68 moved successfully. C:\WINDOWS\Lzugogevu.dat moved successfully. C:\WINDOWS\Bzacujekafiyaci.bin moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Just\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Just\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User User: Just ->Java cache emptied: 1505574 bytes User: LocalService User: NetworkService User: Owner Total Java Files Cleaned = 1.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 760 bytes User: All Users User: Default User User: Just ->Flash cache emptied: 9523 bytes User: LocalService ->Flash cache emptied: 343 bytes User: NetworkService ->Flash cache emptied: 29349 bytes User: Owner Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12012012_151716
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Here is the OTL Attachment: OTL.Txt
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Don't know why its posting like this
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

<p> </p> <div>Sorry. I really don't know what happened in my last post.</div> <div>Here is the OTL Report:</div> <div> </div> <div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div> <div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Just\Desktop</div> <div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 8.0.6001.18702)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div> <div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div> <div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users</div> <div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div> <div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\WINDOWS\system32\acs.exe ()</div> <div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>MOD - C:\WINDOWS\system32\acs.exe ()</div> <div> </div> <div> </div> <div>========== Services (SafeList) ==========</div> <div> </div> <div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div> <div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div> <div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div> <div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div> <div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div> <div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div> <div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div> <div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div> <div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div> <div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div> <div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div> <div>DRV - (PCIDump) -- File not found</div> <div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div> <div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div> <div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div> <div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div> <div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div> <div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div> <div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div> <div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div> <div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div> <div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div> <div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div> <div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div> <div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div> <div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div> <div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div> <div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div> <div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div> <div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div> <div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div> <div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div> <div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div> <div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div> <div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div> <div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div> <div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div> <div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div> <div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div> <div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div> <div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div> <div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div> <div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div> <div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div> <div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div> <div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div> <div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div> <div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div> <div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div> <div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div> <div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div> <div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div> <div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div> <div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div> <div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div> <div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div> <div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div> <div> </div> <div> </div> <div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..browser.search.defaultenginename: "bing"</div> <div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div> <div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div> <div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.useDBForOrder: true</div> <div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div> <div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div> <div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div> <div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div> <div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div> <div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div> <div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div> <div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div> <div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div> <div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div> <div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ftp_port: 8080</div> <div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.gopher_port: 8080</div> <div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.socks_port: 8080</div> <div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ssl_port: 8080</div> <div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div> <div>FF - prefs.js..network.proxy.http_port: 61333</div> <div>FF - prefs.js..network.proxy.type: 1</div> <div> </div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div> </div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div> <div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div> <div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div> <div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div> <div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div> <div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div> <div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div> <div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div> <div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div> <div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div> <div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div> <div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div> <div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div> <div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div> <div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div> <div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div> <div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Google (Enabled)</div> <div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div> <div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div> <div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div> <div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div> <div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div> <div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div> <div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div> <div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div> <div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div> <div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div> <div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div> <div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div> <div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div> <div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div> <div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div> <div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div> <div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div> <div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div> <div> </div> <div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div> <div>O1 - Hosts: 127.0.0.1 localhost</div> <div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div> <div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div> <div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div> <div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div> <div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div> <div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div> <div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div> <div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div> <div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div> <div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div> <div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div> <div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div> <div>O24 - Desktop Components:0 () - </div> <div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div> <div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div> <div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div> <div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div> <div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div> <div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div> <div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div> <div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div> <div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div> <div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div> <div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div> <div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div> <div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div> <div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div> <div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div> <div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div> <div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div> <div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div> <div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div> <div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div> <div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div> <div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div> <div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div> <div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div> <div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div> <div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div> <div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div> <div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div> <div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div> <div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div> <div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div> <div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div> <div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div> <div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div> <div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div> <div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div> <div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div> <div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div> <div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div> <div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div> <div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div> <div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div> <div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div> <div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div> <div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div> <div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div> <div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div> <div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div> <div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div> <div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div> <div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div> <div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div> <div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div> <div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div> <div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div> <div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div> <div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div> <div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div> <div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div> <div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div> <div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div> <div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div> <div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div> <div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div> <div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div> <div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div> <div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div> <div> </div> <div>========== ZeroAccess Check ==========</div> <div> </div> <div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Apartment</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Free</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Both</div> <div> </div> <div>< End of report ></div>
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

<p>OTL Report:</p> <p> </p> <p> </p> <div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div> <div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Just\Desktop</div> <div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 8.0.6001.18702)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div> <div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div> <div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users</div> <div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div> <div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\WINDOWS\system32\acs.exe ()</div> <div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>MOD - C:\WINDOWS\system32\acs.exe ()</div> <div> </div> <div> </div> <div>========== Services (SafeList) ==========</div> <div> </div> <div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div> <div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div> <div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div> <div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div> <div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div> <div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div> <div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div> <div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div> <div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div> <div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div> <div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div> <div>DRV - (PCIDump) -- File not found</div> <div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div> <div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div> <div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div> <div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div> <div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div> <div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div> <div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div> <div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div> <div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div> <div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div> <div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div> <div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div> <div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div> <div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div> <div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div> <div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div> <div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div> <div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div> <div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div> <div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div> <div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div> <div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div> <div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div> <div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div> <div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div> <div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div> <div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div> <div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div> <div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div> <div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div> <div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div> <div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div> <div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div> <div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div> <div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div> <div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div> <div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div> <div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div> <div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div> <div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div> <div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div> <div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div> <div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div> <div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div> <div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div> <div> </div> <div> </div> <div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..browser.search.defaultenginename: "bing"</div> <div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div> <div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div> <div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.useDBForOrder: true</div> <div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div> <div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div> <div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div> <div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div> <div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div> <div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div> <div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div> <div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div> <div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div> <div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div> <div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ftp_port: 8080</div> <div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.gopher_port: 8080</div> <div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.socks_port: 8080</div> <div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ssl_port: 8080</div> <div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div> <div>FF - prefs.js..network.proxy.http_port: 61333</div> <div>FF - prefs.js..network.proxy.type: 1</div> <div> </div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div> </div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div> <div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div> <div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div> <div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div> <div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div> <div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div> <div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div> <div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div> <div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div> <div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div> <div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div> <div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div> <div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div> <div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div> <div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div> <div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div> <div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Google (Enabled)</div> <div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div> <div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div> <div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div> <div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div> <div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div> <div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div> <div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div> <div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div> <div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div> <div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div> <div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div> <div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div> <div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div> <div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div> <div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div> <div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div> <div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div> <div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div> <div> </div> <div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div> <div>O1 - Hosts: 127.0.0.1 localhost</div> <div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div> <div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div> <div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div> <div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div> <div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div> <div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div> <div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div> <div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div> <div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div> <div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div> <div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div> <div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div> <div>O24 - Desktop Components:0 () - </div> <div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div> <div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div> <div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div> <div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div> <div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div> <div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div> <div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div> <div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div> <div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div> <div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div> <div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div> <div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div> <div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div> <div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div> <div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div> <div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div> <div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div> <div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div> <div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div> <div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div> <div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div> <div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div> <div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div> <div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div> <div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div> <div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div> <div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div> <div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div> <div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div> <div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div> <div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div> <div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div> <div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div> <div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div> <div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div> <div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div> <div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div> <div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div> <div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div> <div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div> <div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div> <div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div> <div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div> <div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div> <div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div> <div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div> <div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div> <div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div> <div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div> <div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div> <div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div> <div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div> <div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div> <div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div> <div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div> <div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div> <div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div> <div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div> <div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div> <div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div> <div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div> <div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div> <div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div> <div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div> <div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div> <div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div> <div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div> <div> </div> <div>========== ZeroAccess Check ==========</div> <div> </div> <div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Apartment</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Free</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Both</div> <div> </div> <div>< End of report ></div> <div> </div>
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Ok, Followed your instructions. After reboot, the loading process is still painfully slow. Once the everything got loaded, programs open faster. There has not been any video or audio problems!
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Computer is still running slow. Audio and video is also still choppy.
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

<p> </p> <div>ComboFix 12-11-29.02 - Just 11/30/2012 19:28:59.1.2 - x86</div> <div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.877 [GMT -6:00]</div> <div>Running from: c:\documents and settings\Just\Desktop\ComboFix.exe</div> <div>Command switches used :: /nombr</div> <div>AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div> <div>AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\documents and settings\Administrator\WINDOWS</div> <div>c:\documents and settings\All Users\Application Data\18472756</div> <div>c:\documents and settings\All Users\Application Data\19521332</div> <div>c:\documents and settings\All Users\Application Data\TEMP</div> <div>c:\documents and settings\Default User\WINDOWS</div> <div>c:\documents and settings\Just\Application Data\Adobe\plugs</div> <div>c:\documents and settings\Just\Application Data\Adobe\shed</div> <div>c:\documents and settings\Just\Application Data\Love</div> <div>c:\documents and settings\Just\Application Data\Love\mari0\options.txt</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome.manifest</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome\content\overlay.xul</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\install.rdf</div> <div>c:\documents and settings\Just\WINDOWS</div> <div>c:\program files\LP</div> <div>c:\windows\AutoRun.ini</div> <div>c:\windows\EventSystem.log</div> <div>c:\windows\iun6002.exe</div> <div>c:\windows\system32\AutoRun.inf</div> <div>c:\windows\system32\Cache</div> <div>c:\windows\system32\Cache\272512937d9e61a4.fb</div> <div>c:\windows\system32\Cache\287204568329e189.fb</div> <div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div> <div>c:\windows\system32\Cache\2c53092c95605355.fb</div> <div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div> <div>c:\windows\system32\Cache\3917078cb68ec657.fb</div> <div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div> <div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div> <div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div> <div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div> <div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div> <div>c:\windows\system32\Cache\9da7a57257febd31.fb</div> <div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div> <div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div> <div>c:\windows\system32\Cache\c1fa887b03019701.fb</div> <div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div> <div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div> <div>c:\windows\system32\Cache\d2e94710a5708128.fb</div> <div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div> <div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div> <div>c:\windows\system32\config\systemprofile\WINDOWS</div> <div>c:\windows\system32\dds_trash_log.cmd</div> <div>c:\windows\system32\URTTemp</div> <div>c:\windows\system32\URTTemp\fusion.dll</div> <div>c:\windows\system32\URTTemp\mscoree.dll</div> <div>c:\windows\system32\URTTemp\mscoree.dll.local</div> <div>c:\windows\system32\URTTemp\mscorsn.dll</div> <div>c:\windows\system32\URTTemp\mscorwks.dll</div> <div>c:\windows\system32\URTTemp\msvcr71.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe</div> <div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div> <div>2012-11-27 18:32 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>143872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div> <div>2012-11-27 18:31 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div> <div>2012-11-25 05:04 . 2012-11-25 05:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Realtek AC97</div> <div>2012-11-22 14:04 . 2012-11-22 14:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\xing shared</div> <div>2012-11-17 12:09 . 2006-07-31 17:27<span class="Apple-tab-span" style="white-space:pre"> </span>217088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcrmv.exe</div> <div>2012-11-17 12:09 . 2006-07-31 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>315392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcupd.exe</div> <div>2012-11-15 18:09 . 2012-11-15 18:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Safer Networking</div> <div>2012-11-15 18:08 . 2012-11-15 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Safer Networking</div> <div>2012-11-15 00:43 . 2012-11-15 00:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\AVG2013</div> <div>2012-11-14 21:44 . 2012-11-14 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div> <div>2012-11-13 12:43 . 2012-11-15 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Local Settings\Application Data\Avg2013</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-11-27 18:30 . 2012-07-15 02:16<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div> <div>2012-11-27 18:30 . 2010-12-16 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2012-11-22 14:02 . 2006-07-11 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div> <div>2012-10-22 19:02 . 2012-10-22 19:02<span class="Apple-tab-span" style="white-space:pre"> </span>179936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsdriverx.sys</div> <div>2012-10-15 09:48 . 2012-10-15 09:48<span class="Apple-tab-span" style="white-space:pre"> </span>55776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidshx.sys</div> <div>2012-10-05 09:32 . 2012-10-05 09:32<span class="Apple-tab-span" style="white-space:pre"> </span>93536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx86.sys</div> <div>2012-10-02 09:30 . 2012-10-02 09:30<span class="Apple-tab-span" style="white-space:pre"> </span>159712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgldx86.sys</div> <div>2012-09-30 00:54 . 2012-03-31 20:49<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>164832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtdix.sys</div> <div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>177376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avglogx.sys</div> <div>2012-09-21 09:45 . 2012-09-21 09:45<span class="Apple-tab-span" style="white-space:pre"> </span>19936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsshimx.sys</div> <div>2012-09-14 09:05 . 2012-09-14 09:05<span class="Apple-tab-span" style="white-space:pre"> </span>35552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgrkx86.sys</div> <div>2011-04-30 04:46 . 2011-04-30 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\0429201123462546.bat</div> <div>2008-03-18 11:06 . 2008-03-18 11:07<span class="Apple-tab-span" style="white-space:pre"> </span>774144<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RngInterstitial.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]</div> <div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]</div> <div>"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 638976]</div> <div>"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]</div> <div>"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 135168]</div> <div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</div> <div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div> <div>"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]</div> <div>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-22 296096]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div> <div>.</div> <div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div> <div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div> <div>.</div> <div>c:\documents and settings\Just\Start Menu\Programs\Startup\</div> <div>PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-11-22 484976]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div> <div>@="Driver"</div> <div>.</div> <div>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]</div> <div>"AdobeBridge"=</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]</div> <div>"NPSStartup"=</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div> <div>"DisableNotifications"= 1 (0x1)</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div> <div>"%windir%\\system32\\sessmgr.exe"=</div> <div>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=</div> <div>"c:\\Program Files\\uTorrent\\uTorrent.exe"=</div> <div>"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div> <div>"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4</div> <div>"27910:TCP"= 27910:TCP:UFO AI</div> <div>.</div> <div>R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]</div> <div>R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]</div> <div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]</div> <div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]</div> <div>R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]</div> <div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]</div> <div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]</div> <div>R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 2:40 PM 4816]</div> <div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 9:00 PM 399432]</div> <div>R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/19/2011 7:18 AM 148520]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2012 2:49 PM 22856]</div> <div>R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/11/2012 6:28 PM 13440]</div> <div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/6/2012 7:00 PM 5814392]</div> <div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2012 2:49 PM 676936]</div> <div>S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [8/18/2012 8:09 PM 106496]</div> <div>S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/18/2012 4:04 AM 42592]</div> <div>S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [8/24/2012 2:28 AM 45608]</div> <div>S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [11/2/2011 7:58 AM 404256]</div> <div>S4 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]</div> <div>S4 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/18/2011 5:14 PM 36608]</div> <div>S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]</div> <div>S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]</div> <div>S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]</div> <div>S4 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [8/18/2012 8:09 PM 512000]</div> <div>S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [10/13/2009 5:01 PM 52888]</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - 19560129</div> <div>*Deregistered* - 19560129</div> <div>*Deregistered* - aswMBR</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs</div> <div>KLOGNT</div> <div>DM9102</div> <div>w800mdfl</div> <div>DevUpper</div> <div>scramby</div> <div>adobeactivefilemonitor4.0</div> <div>nv4</div> <div>acprfmgrsvc</div> <div>IOSLINK</div> <div>oracledbconsoleorcl</div> <div>MA8032C</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div> <div>.</div> <div>2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>- c:\documents and settings\Just\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 17:32]</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-09-30 c:\windows\Tasks\ReclaimerResumeInstall_Just.job</div> <div>- c:\documents and settings\Just\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-30 22:23]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = www.yahoo.com</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>.</div> <div>.</div> <div>------- File Associations -------</div> <div>.</div> <div>regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1</div> <div>.txt=</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)</div> <div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div> <div>SafeBoot-80275046.sys</div> <div>SafeBoot-87008857.sys</div> <div>SafeBoot-94267917.sys</div> <div>SafeBoot-klmdb.sys</div> <div>SafeBoot-WinDefend</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2012-11-30 19:53</div> <div>Windows 5.1.2600 Service Pack 3 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div> <div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div> <div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div> <div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div> <div>.</div> <div>--------------------- DLLs Loaded Under Running Processes ---------------------</div> <div>.</div> <div>- - - - - - - > 'winlogon.exe'(1068)</div> <div>c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll</div> <div>.</div> <div>Completion time: 2012-11-30 19:59:06</div> <div>ComboFix-quarantined-files.txt 2012-12-01 01:59</div> <div>.</div> <div>Pre-Run: 8,098,377,728 bytes free</div> <div>Post-Run: 9,064,124,416 bytes free</div> <div>.</div> <div>- - End Of File - - B73DAE9CCAA09511CAC0233572641D04</div> <div> </div>
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

<p>This time, ComboFix worked.</p> <p>This is the report:</p> <p> </p> <p> </p> <div>ComboFix 12-11-29.02 - Just 11/30/2012 19:28:59.1.2 - x86</div> <div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.877 [GMT -6:00]</div> <div>Running from: c:\documents and settings\Just\Desktop\ComboFix.exe</div> <div>Command switches used :: /nombr</div> <div>AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div> <div>AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\documents and settings\Administrator\WINDOWS</div> <div>c:\documents and settings\All Users\Application Data\18472756</div> <div>c:\documents and settings\All Users\Application Data\19521332</div> <div>c:\documents and settings\All Users\Application Data\TEMP</div> <div>c:\documents and settings\Default User\WINDOWS</div> <div>c:\documents and settings\Just\Application Data\Adobe\plugs</div> <div>c:\documents and settings\Just\Application Data\Adobe\shed</div> <div>c:\documents and settings\Just\Application Data\Love</div> <div>c:\documents and settings\Just\Application Data\Love\mari0\options.txt</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome.manifest</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome\content\overlay.xul</div> <div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\install.rdf</div> <div>c:\documents and settings\Just\WINDOWS</div> <div>c:\program files\LP</div> <div>c:\windows\AutoRun.ini</div> <div>c:\windows\EventSystem.log</div> <div>c:\windows\iun6002.exe</div> <div>c:\windows\system32\AutoRun.inf</div> <div>c:\windows\system32\Cache</div> <div>c:\windows\system32\Cache\272512937d9e61a4.fb</div> <div>c:\windows\system32\Cache\287204568329e189.fb</div> <div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div> <div>c:\windows\system32\Cache\2c53092c95605355.fb</div> <div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div> <div>c:\windows\system32\Cache\3917078cb68ec657.fb</div> <div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div> <div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div> <div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div> <div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div> <div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div> <div>c:\windows\system32\Cache\9da7a57257febd31.fb</div> <div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div> <div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div> <div>c:\windows\system32\Cache\c1fa887b03019701.fb</div> <div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div> <div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div> <div>c:\windows\system32\Cache\d2e94710a5708128.fb</div> <div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div> <div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div> <div>c:\windows\system32\config\systemprofile\WINDOWS</div> <div>c:\windows\system32\dds_trash_log.cmd</div> <div>c:\windows\system32\URTTemp</div> <div>c:\windows\system32\URTTemp\fusion.dll</div> <div>c:\windows\system32\URTTemp\mscoree.dll</div> <div>c:\windows\system32\URTTemp\mscoree.dll.local</div> <div>c:\windows\system32\URTTemp\mscorsn.dll</div> <div>c:\windows\system32\URTTemp\mscorwks.dll</div> <div>c:\windows\system32\URTTemp\msvcr71.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe</div> <div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div> <div>2012-11-27 18:32 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>143872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div> <div>2012-11-27 18:31 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div> <div>2012-11-25 05:04 . 2012-11-25 05:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Realtek AC97</div> <div>2012-11-22 14:04 . 2012-11-22 14:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\xing shared</div> <div>2012-11-17 12:09 . 2006-07-31 17:27<span class="Apple-tab-span" style="white-space:pre"> </span>217088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcrmv.exe</div> <div>2012-11-17 12:09 . 2006-07-31 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>315392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcupd.exe</div> <div>2012-11-15 18:09 . 2012-11-15 18:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Safer Networking</div> <div>2012-11-15 18:08 . 2012-11-15 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Safer Networking</div> <div>2012-11-15 00:43 . 2012-11-15 00:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\AVG2013</div> <div>2012-11-14 21:44 . 2012-11-14 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div> <div>2012-11-13 12:43 . 2012-11-15 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Local Settings\Application Data\Avg2013</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-11-27 18:30 . 2012-07-15 02:16<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div> <div>2012-11-27 18:30 . 2010-12-16 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2012-11-22 14:02 . 2006-07-11 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div> <div>2012-10-22 19:02 . 2012-10-22 19:02<span class="Apple-tab-span" style="white-space:pre"> </span>179936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsdriverx.sys</div> <div>2012-10-15 09:48 . 2012-10-15 09:48<span class="Apple-tab-span" style="white-space:pre"> </span>55776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidshx.sys</div> <div>2012-10-05 09:32 . 2012-10-05 09:32<span class="Apple-tab-span" style="white-space:pre"> </span>93536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx86.sys</div> <div>2012-10-02 09:30 . 2012-10-02 09:30<span class="Apple-tab-span" style="white-space:pre"> </span>159712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgldx86.sys</div> <div>2012-09-30 00:54 . 2012-03-31 20:49<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>164832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtdix.sys</div> <div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>177376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avglogx.sys</div> <div>2012-09-21 09:45 . 2012-09-21 09:45<span class="Apple-tab-span" style="white-space:pre"> </span>19936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsshimx.sys</div> <div>2012-09-14 09:05 . 2012-09-14 09:05<span class="Apple-tab-span" style="white-space:pre"> </span>35552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgrkx86.sys</div> <div>2011-04-30 04:46 . 2011-04-30 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\0429201123462546.bat</div> <div>2008-03-18 11:06 . 2008-03-18 11:07<span class="Apple-tab-span" style="white-space:pre"> </span>774144<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RngInterstitial.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]</div> <div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]</div> <div>"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 638976]</div> <div>"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]</div> <div>"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 135168]</div> <div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</div> <div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div> <div>"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]</div> <div>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-22 296096]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div> <div>.</div> <div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div> <div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div> <div>.</div> <div>c:\documents and settings\Just\Start Menu\Programs\Startup\</div> <div>PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-11-22 484976]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div> <div>@="Driver"</div> <div>.</div> <div>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]</div> <div>"AdobeBridge"=</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]</div> <div>"NPSStartup"=</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div> <div>"DisableNotifications"= 1 (0x1)</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div> <div>"%windir%\\system32\\sessmgr.exe"=</div> <div>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=</div> <div>"c:\\Program Files\\uTorrent\\uTorrent.exe"=</div> <div>"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div> <div>"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4</div> <div>"27910:TCP"= 27910:TCP:UFO AI</div> <div>.</div> <div>R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]</div> <div>R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]</div> <div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]</div> <div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]</div> <div>R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]</div> <div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]</div> <div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]</div> <div>R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 2:40 PM 4816]</div> <div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 9:00 PM 399432]</div> <div>R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/19/2011 7:18 AM 148520]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2012 2:49 PM 22856]</div> <div>R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/11/2012 6:28 PM 13440]</div> <div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/6/2012 7:00 PM 5814392]</div> <div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2012 2:49 PM 676936]</div> <div>S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [8/18/2012 8:09 PM 106496]</div> <div>S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/18/2012 4:04 AM 42592]</div> <div>S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [8/24/2012 2:28 AM 45608]</div> <div>S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [11/2/2011 7:58 AM 404256]</div> <div>S4 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]</div> <div>S4 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/18/2011 5:14 PM 36608]</div> <div>S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]</div> <div>S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]</div> <div>S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]</div> <div>S4 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [8/18/2012 8:09 PM 512000]</div> <div>S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [10/13/2009 5:01 PM 52888]</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - 19560129</div> <div>*Deregistered* - 19560129</div> <div>*Deregistered* - aswMBR</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs</div> <div>KLOGNT</div> <div>DM9102</div> <div>w800mdfl</div> <div>DevUpper</div> <div>scramby</div> <div>adobeactivefilemonitor4.0</div> <div>nv4</div> <div>acprfmgrsvc</div> <div>IOSLINK</div> <div>oracledbconsoleorcl</div> <div>MA8032C</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div> <div>.</div> <div>2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>- c:\documents and settings\Just\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 17:32]</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div> <div>.</div> <div>2012-09-30 c:\windows\Tasks\ReclaimerResumeInstall_Just.job</div> <div>- c:\documents and settings\Just\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-30 22:23]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = www.yahoo.com</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>.</div> <div>.</div> <div>------- File Associations -------</div> <div>.</div> <div>regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1</div> <div>.txt=</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)</div> <div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div> <div>SafeBoot-80275046.sys</div> <div>SafeBoot-87008857.sys</div> <div>SafeBoot-94267917.sys</div> <div>SafeBoot-klmdb.sys</div> <div>SafeBoot-WinDefend</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2012-11-30 19:53</div> <div>Windows 5.1.2600 Service Pack 3 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div> <div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div> <div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div> <div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div> <div>.</div> <div>--------------------- DLLs Loaded Under Running Processes ---------------------</div> <div>.</div> <div>- - - - - - - > 'winlogon.exe'(1068)</div> <div>c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll</div> <div>.</div> <div>Completion time: 2012-11-30 19:59:06</div> <div>ComboFix-quarantined-files.txt 2012-12-01 01:59</div> <div>.</div> <div>Pre-Run: 8,098,377,728 bytes free</div> <div>Post-Run: 9,064,124,416 bytes free</div> <div>.</div> <div>- - End Of File - - B73DAE9CCAA09511CAC0233572641D04</div> <div> </div>
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

TDDS Report: 16:28:14.0890 4732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:28:16.0500 4732 ============================================================ 16:28:16.0500 4732 Current date / time: 2012/11/30 16:28:16.0500 16:28:16.0500 4732 SystemInfo: 16:28:16.0500 4732 16:28:16.0515 4732 OS Version: 5.1.2600 ServicePack: 3.0 16:28:16.0515 4732 Product type: Workstation 16:28:16.0515 4732 ComputerName: TOSHIBA-USER 16:28:16.0515 4732 UserName: Just 16:28:16.0515 4732 Windows directory: C:\WINDOWS 16:28:16.0515 4732 System windows directory: C:\WINDOWS 16:28:16.0515 4732 Processor architecture: Intel x86 16:28:16.0515 4732 Number of processors: 2 16:28:16.0515 4732 Page size: 0x1000 16:28:16.0515 4732 Boot type: Normal boot 16:28:16.0515 4732 ============================================================ 16:28:42.0890 4732 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 16:28:43.0343 4732 ============================================================ 16:28:43.0375 4732 \Device\Harddisk0\DR0: 16:28:43.0812 4732 MBR partitions: 16:28:43.0812 4732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41 16:28:43.0812 4732 ============================================================ 16:28:46.0343 4732 C: <-> \Device\Harddisk0\DR0\Partition1 16:28:46.0343 4732 ============================================================ 16:28:46.0343 4732 Initialize success 16:28:46.0343 4732 ============================================================ 16:28:57.0890 9232 ============================================================ 16:28:57.0890 9232 Scan started 16:28:57.0890 9232 Mode: Manual; 16:28:57.0890 9232 ============================================================ 16:29:50.0968 9232 ================ Scan system memory ======================== 16:29:50.0968 9232 System memory - ok 16:29:50.0984 9232 ================ Scan services ============================= 16:30:04.0703 9232 18059 - ok 16:30:04.0765 9232 Abiosdsk - ok 16:30:04.0828 9232 abp480n5 - ok 16:30:05.0562 9232 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:30:05.0796 9232 ACPI - ok 16:30:06.0125 9232 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 16:30:06.0171 9232 ACPIEC - ok 16:30:06.0375 9232 [ 414DFC28E08096CE36A1B6D2F9A15A37 ] ACS C:\WINDOWS\System32\ACS.exe 16:30:06.0453 9232 ACS - ok 16:30:06.0656 9232 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys 16:30:06.0906 9232 adfs - ok 16:30:06.0953 9232 adpu160m - ok 16:30:07.0296 9232 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 16:30:07.0515 9232 aec - ok 16:30:07.0796 9232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 16:30:08.0828 9232 AFD - ok 16:30:11.0078 9232 [ 052343CD49C8DA20C48958CFE73C7D44 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys 16:30:14.0171 9232 AgereSoftModem - ok 16:30:14.0203 9232 Aha154x - ok 16:30:14.0218 9232 aic78u2 - ok 16:30:14.0250 9232 aic78xx - ok 16:30:15.0375 9232 [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS 16:30:16.0265 9232 ALCXSENS - ok 16:30:20.0750 9232 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS 16:30:26.0234 9232 ALCXWDM - ok 16:30:26.0390 9232 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 16:30:26.0437 9232 Alerter - ok 16:30:26.0578 9232 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 16:30:26.0656 9232 ALG - ok 16:30:26.0687 9232 AliIde - ok 16:30:26.0703 9232 amsint - ok 16:30:26.0906 9232 [ 3ED81E8B4709D13E5A38DB2D8E792B28 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 16:30:27.0031 9232 ApfiltrService - ok 16:30:27.0140 9232 AppMgmt - ok 16:30:27.0703 9232 [ B38FBCD95B8E4C130CF78A1DF7F04523 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys 16:30:28.0265 9232 AR5211 - ok 16:30:28.0375 9232 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 16:30:28.0734 9232 Arp1394 - ok 16:30:28.0765 9232 asc - ok 16:30:28.0796 9232 asc3350p - ok 16:30:28.0828 9232 asc3550 - ok 16:30:29.0031 9232 [ 54AB078660E536DA72B21A27F56B035B ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys 16:30:29.0078 9232 Aspi32 - ok 16:30:30.0406 9232 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 16:30:31.0343 9232 aspnet_state - ok 16:30:31.0531 9232 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:30:31.0562 9232 AsyncMac - ok 16:30:31.0718 9232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 16:30:31.0718 9232 atapi - ok 16:30:31.0750 9232 Atdisk - ok 16:30:32.0281 9232 [ 174C7EE63011017CA12E31CED195581D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe 16:30:32.0875 9232 Ati HotKey Poller - ok 16:30:33.0703 9232 [ 4938AD74DE9088F70922FABF86912EEE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 16:30:34.0640 9232 ati2mtag - ok 16:30:34.0796 9232 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:30:34.0875 9232 Atmarpc - ok 16:30:35.0093 9232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 16:30:35.0234 9232 AudioSrv - ok 16:30:35.0406 9232 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 16:30:35.0453 9232 audstub - ok 16:30:42.0765 9232 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe 16:30:50.0843 9232 AVGIDSAgent - ok 16:30:51.0125 9232 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 16:30:51.0687 9232 AVGIDSDriver - ok 16:30:51.0890 9232 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys 16:30:51.0968 9232 AVGIDSHX - ok 16:30:52.0125 9232 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 16:30:52.0156 9232 AVGIDSShim - ok 16:30:52.0500 9232 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 16:30:52.0796 9232 Avgldx86 - ok 16:30:53.0093 9232 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys 16:30:53.0406 9232 Avglogx - ok 16:30:53.0718 9232 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 16:30:53.0828 9232 Avgmfx86 - ok 16:30:54.0000 9232 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 16:30:54.0046 9232 Avgrkx86 - ok 16:30:54.0375 9232 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys 16:30:54.0593 9232 Avgtdix - ok 16:30:54.0906 9232 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe 16:30:55.0218 9232 avgwd - ok 16:30:55.0437 9232 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 16:30:55.0515 9232 Beep - ok 16:30:56.0015 9232 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 16:30:56.0906 9232 BITS - ok 16:30:57.0125 9232 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll 16:30:57.0265 9232 Browser - ok 16:30:57.0718 9232 [ 10D5FB74EE18EA49C30DAAA203C0E0EC ] caboagp C:\WINDOWS\system32\DRIVERS\atisgkaf.sys 16:30:57.0734 9232 caboagp - ok 16:30:59.0171 9232 catchme - ok 16:30:59.0406 9232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 16:30:59.0578 9232 cbidf2k - ok 16:30:59.0937 9232 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 16:31:00.0000 9232 CCDECODE - ok 16:31:00.0031 9232 cd20xrnt - ok 16:31:00.0187 9232 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 16:31:00.0218 9232 Cdaudio - ok 16:31:00.0359 9232 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 16:31:00.0453 9232 Cdfs - ok 16:31:00.0484 9232 Cdr4_xp - ok 16:31:00.0609 9232 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:31:00.0718 9232 Cdrom - ok 16:31:01.0109 9232 [ EDFB15C5AF45B381277E6A275680C81D ] CeEPwrSvc C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe 16:31:01.0203 9232 CeEPwrSvc - ok 16:31:01.0578 9232 [ 183691781D89AF30395DEB4CCE310FD6 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 16:31:01.0625 9232 CFSvcs - ok 16:31:01.0656 9232 Changer - ok 16:31:01.0875 9232 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 16:31:01.0921 9232 CiSvc - ok 16:31:02.0046 9232 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 16:31:02.0109 9232 ClipSrv - ok 16:31:02.0859 9232 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:31:05.0218 9232 clr_optimization_v2.0.50727_32 - ok 16:31:05.0609 9232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:31:07.0140 9232 clr_optimization_v4.0.30319_32 - ok 16:31:07.0250 9232 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16:31:07.0296 9232 CmBatt - ok 16:31:07.0437 9232 CmdIde - ok 16:31:07.0625 9232 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 16:31:07.0687 9232 Compbatt - ok 16:31:07.0750 9232 COMSysApp - ok 16:31:07.0796 9232 Cpqarray - ok 16:31:08.0000 9232 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 16:31:08.0078 9232 CryptSvc - ok 16:31:08.0109 9232 dac2w2k - ok 16:31:08.0156 9232 dac960nt - ok 16:31:08.0781 9232 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 16:31:09.0312 9232 DcomLaunch - ok 16:31:09.0468 9232 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 16:31:09.0703 9232 Dhcp - ok 16:31:09.0828 9232 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 16:31:09.0890 9232 Disk - ok 16:31:09.0921 9232 dmadmin - ok 16:31:10.0968 9232 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 16:31:12.0015 9232 dmboot - ok 16:31:12.0265 9232 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 16:31:12.0468 9232 dmio - ok 16:31:12.0765 9232 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 16:31:12.0796 9232 dmload - ok 16:31:12.0953 9232 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 16:31:13.0000 9232 dmserver - ok 16:31:13.0093 9232 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 16:31:13.0203 9232 DMusic - ok 16:31:13.0375 9232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 16:31:13.0437 9232 Dnscache - ok 16:31:13.0875 9232 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 16:31:14.0187 9232 Dot3svc - ok 16:31:14.0218 9232 dpti2o - ok 16:31:14.0328 9232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 16:31:14.0390 9232 drmkaud - ok 16:31:14.0734 9232 [ 19F07389ADE563B46E99626FD675070D ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys 16:31:14.0859 9232 drvmcdb - ok 16:31:14.0953 9232 [ 0FFE2F06E9103A4FBD5E6418CA044D1C ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys 16:31:15.0015 9232 drvnddm - ok 16:31:15.0250 9232 [ 77C4901986FC7A83E853B300E80D234B ] DVD-RAM_Service C:\WINDOWS\System32\DVDRAMSV.exe 16:31:15.0453 9232 DVD-RAM_Service - ok 16:31:15.0640 9232 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 16:31:15.0718 9232 EapHost - ok 16:31:15.0734 9232 easytether - ok 16:31:15.0875 9232 [ 5DD48EC0D82B708857EEDD5A59BE5BC5 ] ECioctl C:\WINDOWS\system32\Drivers\ECioctl.sys 16:31:17.0375 9232 ECioctl - ok 16:31:17.0640 9232 [ A1CCDCB2E1EB8A6C3AF879463BA2BE89 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 16:31:17.0843 9232 EMSCR - ok 16:31:17.0953 9232 [ 0B07768AE046F9ED6A75E5BC75660828 ] EPOWER C:\WINDOWS\system32\Drivers\hkdrv.sys 16:31:19.0765 9232 EPOWER - ok 16:31:19.0937 9232 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 16:31:20.0000 9232 ERSvc - ok 16:31:20.0187 9232 [ EC2A61FABD6F311D2A8596C280EFBA6F ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 16:31:20.0234 9232 ESDCR - ok 16:31:20.0796 9232 [ 328C7B07F4BE4826D33B826396305686 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 16:31:21.0312 9232 ESMCR - ok 16:31:21.0531 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 16:31:21.0718 9232 Eventlog - ok 16:31:22.0093 9232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll 16:31:22.0484 9232 EventSystem - ok 16:31:22.0703 9232 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 16:31:22.0953 9232 Fastfat - ok 16:31:23.0312 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 16:31:23.0484 9232 FastUserSwitchingCompatibility - ok 16:31:24.0218 9232 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe 16:31:24.0515 9232 Fax - ok 16:31:24.0687 9232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 16:31:24.0734 9232 Fdc - ok 16:31:24.0890 9232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 16:31:24.0921 9232 Fips - ok 16:31:26.0406 9232 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:31:27.0968 9232 FLEXnet Licensing Service - ok 16:31:28.0062 9232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 16:31:28.0109 9232 Flpydisk - ok 16:31:28.0328 9232 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 16:31:28.0640 9232 FltMgr - ok 16:31:28.0843 9232 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS 16:31:29.0000 9232 FsUsbExDisk - ok 16:31:29.0312 9232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:31:29.0406 9232 Fs_Rec - ok 16:31:29.0703 9232 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:31:29.0796 9232 Ftdisk - ok 16:31:30.0015 9232 [ 5271DFDC3C390FE46D69220784CB0D2E ] Generalusbserialser20675 C:\WINDOWS\system32\DRIVERS\CT_U_USBSER.sys 16:31:30.0156 9232 Generalusbserialser20675 - ok 16:31:30.0437 9232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:31:30.0531 9232 Gpc - ok 16:31:31.0343 9232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 16:31:31.0609 9232 gupdate - ok 16:31:31.0890 9232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:31:31.0890 9232 gupdatem - ok 16:31:32.0187 9232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 16:31:32.0250 9232 helpsvc - ok 16:31:32.0406 9232 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 16:31:32.0468 9232 HidServ - ok 16:31:32.0750 9232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:31:32.0812 9232 HidUsb - ok 16:31:32.0968 9232 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 16:31:33.0062 9232 hkmsvc - ok 16:31:33.0093 9232 hpn - ok 16:31:34.0437 9232 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 16:31:34.0984 9232 hpqcxs08 - ok 16:31:35.0234 9232 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 16:31:35.0406 9232 hpqddsvc - ok 16:31:35.0671 9232 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 16:31:36.0140 9232 HPZid412 - ok 16:31:36.0265 9232 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16:31:36.0312 9232 HPZipr12 - ok 16:31:36.0453 9232 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 16:31:36.0500 9232 HPZius12 - ok 16:31:36.0984 9232 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 16:31:37.0390 9232 HTTP - ok 16:31:37.0781 9232 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 16:31:37.0859 9232 HTTPFilter - ok 16:31:37.0890 9232 i2omgmt - ok 16:31:37.0906 9232 i2omp - ok 16:31:38.0015 9232 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:31:38.0078 9232 i8042prt - ok 16:31:38.0406 9232 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 16:31:42.0343 9232 IDriverT - ok 16:31:42.0421 9232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 16:31:42.0484 9232 Imapi - ok 16:31:43.0453 9232 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 16:31:43.0765 9232 ImapiService - ok 16:31:43.0968 9232 ini910u - ok 16:31:44.0000 9232 IntelIde - ok 16:31:44.0640 9232 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:31:44.0828 9232 intelppm - ok 16:31:45.0250 9232 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 16:31:45.0328 9232 ip6fw - ok 16:31:45.0515 9232 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:31:45.0640 9232 IpFilterDriver - ok 16:31:46.0234 9232 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:31:46.0312 9232 IpInIp - ok 16:31:46.0593 9232 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:31:46.0968 9232 IpNat - ok 16:31:47.0265 9232 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:31:47.0390 9232 IPSec - ok 16:31:47.0531 9232 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys 16:31:47.0734 9232 irda - ok 16:31:48.0031 9232 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 16:31:48.0140 9232 IRENUM - ok 16:31:48.0296 9232 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll 16:31:48.0359 9232 Irmon - ok 16:31:48.0531 9232 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:31:48.0593 9232 isapnp - ok 16:31:50.0281 9232 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 16:31:50.0515 9232 JavaQuickStarterService - ok 16:31:50.0796 9232 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:31:50.0875 9232 Kbdclass - ok 16:31:51.0093 9232 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 16:31:51.0281 9232 kmixer - ok 16:31:51.0515 9232 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 16:31:51.0734 9232 KSecDD - ok 16:31:52.0187 9232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 16:31:52.0328 9232 lanmanserver - ok 16:31:52.0609 9232 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 16:31:52.0953 9232 lanmanworkstation - ok 16:31:52.0984 9232 lbrtfdc - ok 16:31:53.0140 9232 [ B716D4D759663BC4174FD0A379DA8E50 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys 16:31:54.0453 9232 libusb0 - ok 16:31:55.0359 9232 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 16:31:55.0390 9232 LmHosts - ok 16:31:55.0484 9232 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 16:31:55.0531 9232 MBAMProtector - ok 16:31:56.0328 9232 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 16:31:56.0671 9232 MBAMScheduler - ok 16:31:57.0562 9232 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 16:31:58.0984 9232 MBAMService - ok 16:31:59.0750 9232 [ 67B6F4E0DB57DD2020A2415294BA4ED8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe 16:32:04.0968 9232 McciCMService - ok 16:32:05.0015 9232 mcdbus - ok 16:32:05.0187 9232 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16:32:05.0218 9232 MDC8021X - ok 16:32:05.0531 9232 [ 766A1D242F4390DDF1243084898A20C9 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys 16:32:05.0609 9232 meiudf - ok 16:32:06.0031 9232 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 16:32:06.0109 9232 Messenger - ok 16:32:06.0375 9232 [ 688B626FCA708EE9EB161CAD1F7363A9 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys 16:32:06.0640 9232 mfeapfk - ok 16:32:07.0750 9232 [ 44184F32392FA2E94D08D056CE750D56 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys 16:32:08.0593 9232 mfehidk - ok 16:32:09.0109 9232 [ 6991A9EA5E74E6035B8DAB17A7572CF3 ] mfevtp C:\WINDOWS\system32\mfevtps.exe 16:32:09.0656 9232 mfevtp - ok 16:32:09.0812 9232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 16:32:09.0828 9232 mnmdd - ok 16:32:10.0093 9232 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 16:32:10.0203 9232 mnmsrvc - ok 16:32:10.0390 9232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 16:32:10.0421 9232 Modem - ok 16:32:10.0609 9232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:32:10.0640 9232 Mouclass - ok 16:32:10.0812 9232 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:32:11.0234 9232 mouhid - ok 16:32:11.0625 9232 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 16:32:11.0687 9232 MountMgr - ok 16:32:11.0703 9232 MR97310_USB_DUAL_CAMERA - ok 16:32:11.0734 9232 mraid35x - ok 16:32:12.0468 9232 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 16:32:15.0031 9232 MREMP50 - ok 16:32:15.0046 9232 MREMP50a64 - ok 16:32:15.0234 9232 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 16:32:15.0968 9232 MRESP50 - ok 16:32:16.0000 9232 MRESP50a64 - ok 16:32:16.0468 9232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:32:16.0734 9232 MRxDAV - ok 16:32:17.0843 9232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:32:18.0515 9232 MRxSmb - ok 16:32:18.0671 9232 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe 16:32:18.0859 9232 MSDTC - ok 16:32:18.0968 9232 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 16:32:19.0156 9232 Msfs - ok 16:32:19.0187 9232 MSIServer - ok 16:32:19.0453 9232 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:32:19.0515 9232 MSKSSRV - ok 16:32:19.0734 9232 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:32:19.0765 9232 MSPCLOCK - ok 16:32:19.0875 9232 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 16:32:19.0906 9232 MSPQM - ok 16:32:20.0000 9232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:32:20.0062 9232 mssmbios - ok 16:32:21.0078 9232 MSSQL$SQLEXPRESS - ok 16:32:21.0546 9232 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 16:32:21.0671 9232 MSSQLServerADHelper100 - ok 16:32:22.0125 9232 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 16:32:22.0156 9232 MSTEE - ok 16:32:22.0640 9232 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 16:32:22.0828 9232 Mup - ok 16:32:23.0046 9232 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 16:32:23.0171 9232 NABTSFEC - ok 16:32:23.0843 9232 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 16:32:24.0203 9232 napagent - ok 16:32:24.0640 9232 [ E78CE4B8E70CCC1A6E63008C3660867C ] NCHSSVAD C:\WINDOWS\system32\drivers\nchssvad.sys 16:32:26.0250 9232 NCHSSVAD - ok 16:32:26.0578 9232 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 16:32:26.0781 9232 NDIS - ok 16:32:26.0921 9232 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys 16:32:26.0968 9232 ndiscm - ok 16:32:27.0093 9232 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 16:32:27.0109 9232 NdisIP - ok 16:32:27.0296 9232 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:32:27.0546 9232 NdisTapi - ok 16:32:27.0656 9232 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:32:27.0687 9232 Ndisuio - ok 16:32:27.0828 9232 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:32:27.0921 9232 NdisWan - ok 16:32:28.0093 9232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 16:32:28.0406 9232 NDProxy - ok 16:32:28.0515 9232 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll 16:32:28.0546 9232 Net Driver HPZ12 - ok 16:32:28.0609 9232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 16:32:28.0750 9232 NetBIOS - ok 16:32:28.0906 9232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 16:32:29.0062 9232 NetBT - ok 16:32:29.0296 9232 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 16:32:29.0406 9232 NetDDE - ok 16:32:29.0593 9232 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 16:32:29.0593 9232 NetDDEdsdm - ok 16:32:29.0656 9232 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys 16:32:29.0687 9232 Netdevio - ok 16:32:29.0796 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 16:32:29.0812 9232 Netlogon - ok 16:32:29.0984 9232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 16:32:30.0140 9232 Netman - ok 16:32:30.0234 9232 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 16:32:30.0296 9232 NIC1394 - ok 16:32:30.0578 9232 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 16:32:30.0765 9232 Nla - ok 16:32:30.0796 9232 NMSAccess - ok 16:32:30.0859 9232 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 16:32:30.0890 9232 Npfs - ok 16:32:31.0703 9232 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 16:32:32.0578 9232 Ntfs - ok 16:32:32.0796 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 16:32:32.0812 9232 NtLmSsp - ok 16:32:33.0484 9232 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 16:32:34.0078 9232 NtmsSvc - ok 16:32:34.0187 9232 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 16:32:34.0312 9232 NuidFltr - ok 16:32:34.0421 9232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 16:32:34.0437 9232 Null - ok 16:32:34.0546 9232 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:32:34.0593 9232 NwlnkFlt - ok 16:32:34.0781 9232 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:32:34.0843 9232 NwlnkFwd - ok 16:32:35.0500 9232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:32:36.0109 9232 odserv - ok 16:32:36.0296 9232 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 16:32:36.0375 9232 ohci1394 - ok 16:32:36.0640 9232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:32:36.0984 9232 ose - ok 16:32:37.0203 9232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 16:32:37.0312 9232 Parport - ok 16:32:37.0375 9232 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 16:32:37.0421 9232 PartMgr - ok 16:32:37.0500 9232 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 16:32:37.0515 9232 ParVdm - ok 16:32:37.0625 9232 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 16:32:37.0687 9232 pccsmcfd - ok 16:32:37.0812 9232 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 16:32:37.0968 9232 PCI - ok 16:32:38.0000 9232 PCIDump - ok 16:32:38.0078 9232 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 16:32:38.0078 9232 PCIIde - ok 16:32:38.0359 9232 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 16:32:38.0515 9232 Pcmcia - ok 16:32:38.0546 9232 PDCOMP - ok 16:32:38.0578 9232 PDFRAME - ok 16:32:38.0640 9232 PDRELI - ok 16:32:38.0671 9232 PDRFRAME - ok 16:32:38.0703 9232 perc2 - ok 16:32:38.0734 9232 perc2hib - ok 16:32:39.0390 9232 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE 16:32:39.0796 9232 PEVSystemStart - ok 16:32:39.0890 9232 [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc C:\WINDOWS\system32\drivers\pfc.sys 16:32:40.0218 9232 pfc - ok 16:32:40.0406 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 16:32:40.0406 9232 PlugPlay - ok 16:32:40.0531 9232 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 16:32:40.0593 9232 Pml Driver HPZ12 - ok 16:32:40.0656 9232 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys 16:32:41.0078 9232 pneteth - ok 16:32:41.0359 9232 [ DCDF0421A1C14F2923E298A30FD7636D ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys 16:32:41.0390 9232 Point32 - ok 16:32:41.0437 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 16:32:41.0453 9232 PolicyAgent - ok 16:32:41.0562 9232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:32:41.0625 9232 PptpMiniport - ok 16:32:41.0718 9232 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 16:32:41.0765 9232 Processor - ok 16:32:41.0843 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 16:32:41.0859 9232 ProtectedStorage - ok 16:32:42.0000 9232 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 16:32:42.0140 9232 PSched - ok 16:32:42.0250 9232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:32:42.0296 9232 Ptilink - ok 16:32:42.0328 9232 ql1080 - ok 16:32:42.0390 9232 Ql10wnt - ok 16:32:42.0437 9232 ql12160 - ok 16:32:42.0484 9232 ql1240 - ok 16:32:42.0531 9232 ql1280 - ok 16:32:42.0750 9232 [ 3B68696914E467BBE827D2552B5B85EF ] qrkis C:\WINDOWS\system32\DRIVERS\qrkis.sys 16:32:44.0000 9232 qrkis - ok 16:32:44.0093 9232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:32:44.0125 9232 RasAcd - ok 16:32:44.0296 9232 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 16:32:44.0375 9232 RasAuto - ok 16:32:44.0468 9232 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys 16:32:44.0484 9232 Rasirda - ok 16:32:44.0546 9232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:32:44.0625 9232 Rasl2tp - ok 16:32:44.0859 9232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 16:32:45.0015 9232 RasMan - ok 16:32:45.0078 9232 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:32:45.0109 9232 RasPppoe - ok 16:32:45.0234 9232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 16:32:45.0250 9232 Raspti - ok 16:32:45.0453 9232 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:32:45.0640 9232 Rdbss - ok 16:32:45.0781 9232 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:32:45.0828 9232 RDPCDD - ok 16:32:46.0234 9232 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 16:32:46.0578 9232 RDPWD - ok 16:32:46.0843 9232 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 16:32:47.0109 9232 RDSessMgr - ok 16:32:47.0234 9232 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 16:32:47.0281 9232 redbook - ok 16:32:47.0421 9232 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 16:32:47.0484 9232 RemoteAccess - ok 16:32:47.0593 9232 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe 16:32:47.0656 9232 RpcLocator - ok 16:32:47.0968 9232 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 16:32:47.0984 9232 RpcSs - ok 16:32:48.0265 9232 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 16:32:48.0437 9232 RsFx0102 - ok 16:32:48.0578 9232 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe 16:32:48.0671 9232 RSVP - ok 16:32:48.0781 9232 [ 29F9879A1FD386F7251AE9FDADB2CBF1 ] RTL8023 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys 16:32:48.0843 9232 RTL8023 - ok 16:32:49.0031 9232 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 16:32:49.0140 9232 RTL8023xp - ok 16:32:49.0234 9232 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 16:32:49.0250 9232 rtl8139 - ok 16:32:49.0281 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 16:32:49.0296 9232 SamSs - ok 16:32:49.0390 9232 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 16:32:49.0453 9232 SCardSvr - ok 16:32:49.0625 9232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 16:32:49.0765 9232 Schedule - ok 16:32:49.0828 9232 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:32:49.0875 9232 Secdrv - ok 16:32:49.0921 9232 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 16:32:49.0937 9232 seclogon - ok 16:32:49.0984 9232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 16:32:50.0015 9232 SENS - ok 16:32:50.0093 9232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 16:32:50.0140 9232 Serial - ok 16:32:50.0656 9232 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 16:32:52.0062 9232 ServiceLayer - ok 16:32:52.0187 9232 [ 56250672235BBE54BA8A4963B1AC997C ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys 16:32:52.0218 9232 sfdrv01 - ok 16:32:52.0281 9232 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys 16:32:52.0281 9232 sfhlp02 - ok 16:32:52.0343 9232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 16:32:52.0359 9232 Sfloppy - ok 16:32:52.0390 9232 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys 16:32:52.0406 9232 sfsync02 - ok 16:32:52.0671 9232 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 16:32:52.0921 9232 SharedAccess - ok 16:32:53.0046 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 16:32:53.0046 9232 ShellHWDetection - ok 16:32:53.0062 9232 Simbad - ok 16:32:53.0093 9232 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 16:32:53.0093 9232 SLIP - ok 16:32:53.0171 9232 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys 16:32:53.0203 9232 SMCIRDA - ok 16:32:53.0234 9232 Sparrow - ok 16:32:53.0281 9232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 16:32:53.0281 9232 splitter - ok 16:32:53.0390 9232 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 16:32:53.0421 9232 Spooler - ok 16:32:53.0703 9232 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 16:32:53.0984 9232 SQLAgent$SQLEXPRESS - ok 16:32:54.0062 9232 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 16:32:54.0109 9232 sr - ok 16:32:54.0250 9232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 16:32:54.0375 9232 srservice - ok 16:32:54.0687 9232 [ 3EED76A0C1412F52860F7E7EAB5AECCA ] SRS_AE_Service C:\WINDOWS\system32\drivers\SRS_AE_i386.sys 16:32:55.0000 9232 SRS_AE_Service - ok 16:32:55.0234 9232 [ 25ECEA986742275ECB23A1CB6BC87A61 ] SRS_SSCFilter C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 16:32:55.0515 9232 SRS_SSCFilter - ok 16:32:55.0796 9232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 16:32:56.0078 9232 Srv - ok 16:32:56.0250 9232 [ 2024A857CC3351662655EE32B60254A1 ] SrvcEKIOMngr C:\WINDOWS\system32\Drivers\EKIoMngr.sys 16:32:57.0421 9232 SrvcEKIOMngr - ok 16:32:57.0515 9232 [ DDAC6148D760D3854CAE2409D4046D07 ] SrvcEPIOMngr C:\WINDOWS\system32\Drivers\EPIoMngr.sys 16:32:57.0796 9232 SrvcEPIOMngr - ok 16:32:57.0906 9232 [ BB30A993E1CD2C74B9160B82F95AA3EA ] SrvcSSIOMngr C:\WINDOWS\system32\Drivers\SSIoMngr.sys 16:32:58.0296 9232 SrvcSSIOMngr - ok 16:32:58.0453 9232 [ 0C2FE008042012CD24FCDCEDC7EC8832 ] SrvcTPIOMngr C:\WINDOWS\system32\Drivers\TPIoMngr.sys 16:32:58.0656 9232 SrvcTPIOMngr - ok 16:32:58.0703 9232 [ 7C0C9BDCA2D351FF3B4F9B69F99AA995 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys 16:32:58.0718 9232 sscdbhk5 - ok 16:32:58.0796 9232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 16:32:58.0859 9232 SSDPSRV - ok 16:32:58.0921 9232 [ A2BE8FBFA987E95D70CFED0E2DACDA6D ] SSKBFD C:\WINDOWS\system32\Drivers\sskbfd.sys 16:32:59.0000 9232 SSKBFD - ok 16:32:59.0062 9232 [ 31726706D54894D5059F7471111A87BB ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys 16:32:59.0078 9232 ssrtln - ok 16:32:59.0343 9232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 16:32:59.0562 9232 stisvc - ok 16:32:59.0625 9232 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 16:32:59.0640 9232 streamip - ok 16:32:59.0703 9232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 16:32:59.0703 9232 swenum - ok 16:32:59.0765 9232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 16:32:59.0812 9232 swmidi - ok 16:32:59.0828 9232 SwPrv - ok 16:32:59.0984 9232 [ 74E8543A4647A53A26788D5ED3C2172F ] Swupdtmr c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe 16:33:00.0187 9232 Swupdtmr - ok 16:33:00.0218 9232 symc810 - ok 16:33:00.0234 9232 symc8xx - ok 16:33:00.0250 9232 sym_hi - ok 16:33:00.0265 9232 sym_u3 - ok 16:33:00.0328 9232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 16:33:00.0375 9232 sysaudio - ok 16:33:00.0468 9232 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 16:33:00.0531 9232 SysmonLog - ok 16:33:00.0609 9232 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys 16:33:00.0937 9232 tap0901 - ok 16:33:01.0250 9232 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 16:33:01.0421 9232 TapiSrv - ok 16:33:01.0484 9232 [ EECA2B57545E7B7BE949B5E70E31444F ] TBiosDrv C:\WINDOWS\System32\drivers\TBiosDrv.sys 16:33:01.0734 9232 TBiosDrv - ok 16:33:02.0140 9232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:33:02.0390 9232 Tcpip - ok 16:33:02.0453 9232 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 16:33:02.0468 9232 TDPIPE - ok 16:33:02.0515 9232 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 16:33:02.0531 9232 TDTCP - ok 16:33:02.0593 9232 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 16:33:02.0625 9232 TermDD - ok 16:33:02.0843 9232 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 16:33:03.0046 9232 TermService - ok 16:33:03.0156 9232 [ E269D9FEDFC0F56A247CAD1A63796520 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys 16:33:03.0171 9232 tfsnboio - ok 16:33:03.0234 9232 [ 3C1E664EFE8A77A39BD6C75D5A528F71 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys 16:33:03.0265 9232 tfsncofs - ok 16:33:03.0296 9232 [ D31218FF783E87796FF6FC08947B7B1A ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys 16:33:03.0296 9232 tfsndrct - ok 16:33:03.0312 9232 [ 2C6BB69577142532CA2D500EB9F13D33 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys 16:33:03.0328 9232 tfsndres - ok 16:33:03.0406 9232 [ E426978F51AF4A6A35570ECED8D1E1F3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys 16:33:03.0468 9232 tfsnifs - ok 16:33:03.0500 9232 [ 38C8E56FA7E82C977507C1FDCBF3A294 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys 16:33:03.0515 9232 tfsnopio - ok 16:33:03.0531 9232 [ AE9E9BF9BDE115D1B343A2E520450B4E ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys 16:33:03.0546 9232 tfsnpool - ok 16:33:03.0640 9232 [ 1CD2D88DD844D77E7B3DA0CEF4108EA1 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys 16:33:03.0703 9232 tfsnudf - ok 16:33:03.0812 9232 [ D992C38EC8E99729C02179932D16A700 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys 16:33:03.0875 9232 tfsnudfa - ok 16:33:04.0015 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 16:33:04.0015 9232 Themes - ok 16:33:04.0062 9232 TosIde - ok 16:33:04.0187 9232 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 16:33:04.0250 9232 TrkWks - ok 16:33:04.0328 9232 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 16:33:04.0375 9232 Udfs - ok 16:33:04.0765 9232 [ 54A4A93A984E5C30B5CAB9257A0A05BF ] UDisk Monitor C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe 16:33:05.0953 9232 UDisk Monitor - ok 16:33:05.0968 9232 ultra - ok 16:33:06.0390 9232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 16:33:06.0640 9232 Update - ok 16:33:06.0828 9232 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 16:33:06.0968 9232 upnphost - ok 16:33:07.0015 9232 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 16:33:07.0031 9232 UPS - ok 16:33:07.0125 9232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:33:07.0156 9232 usbccgp - ok 16:33:07.0203 9232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:33:07.0234 9232 usbehci - ok 16:33:07.0296 9232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:33:07.0343 9232 usbhub - ok 16:33:07.0375 9232 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:33:07.0390 9232 usbohci - ok 16:33:07.0437 9232 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:33:07.0468 9232 usbprint - ok 16:33:07.0500 9232 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:33:07.0515 9232 usbscan - ok 16:33:07.0562 9232 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:33:07.0578 9232 USBSTOR - ok 16:33:07.0656 9232 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 16:33:07.0703 9232 usbuhci - ok 16:33:07.0734 9232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 16:33:07.0750 9232 VgaSave - ok 16:33:07.0765 9232 ViaIde - ok 16:33:07.0890 9232 [ 00046AA2E396EDC2238556E740A8E5AF ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys 16:33:07.0984 9232 viamraid - ok 16:33:08.0062 9232 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 16:33:08.0109 9232 VolSnap - ok 16:33:08.0265 9232 [ 4775579D1AE9C881A6F2F7739858E7CD ] VRAID Log Service C:\Program Files\VIA\RAID\vialogsv.exe 16:33:08.0312 9232 VRAID Log Service - ok 16:33:08.0531 9232 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 16:33:08.0734 9232 VSS - ok 16:33:08.0890 9232 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 16:33:09.0015 9232 W32Time - ok 16:33:09.0093 9232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:33:09.0125 9232 Wanarp - ok 16:33:09.0125 9232 wanatw - ok 16:33:09.0468 9232 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 16:33:09.0765 9232 Wdf01000 - ok 16:33:09.0765 9232 WDICA - ok 16:33:09.0859 9232 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 16:33:09.0921 9232 wdmaud - ok 16:33:10.0015 9232 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 16:33:10.0078 9232 WebClient - ok 16:33:10.0406 9232 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 16:33:10.0500 9232 winmgmt - ok 16:33:10.0593 9232 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys 16:33:10.0625 9232 WinUSB - ok 16:33:10.0687 9232 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 16:33:10.0703 9232 WmdmPmSN - ok 16:33:10.0843 9232 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 16:33:10.0921 9232 WmiApSrv - ok 16:33:11.0640 9232 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:33:12.0328 9232 WMPNetworkSvc - ok 16:33:13.0093 9232 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:33:13.0593 9232 WPFFontCache_v0400 - ok 16:33:13.0656 9232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:33:13.0671 9232 WS2IFSL - ok 16:33:13.0781 9232 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 16:33:13.0843 9232 wscsvc - ok 16:33:13.0921 9232 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 16:33:13.0937 9232 WSTCODEC - ok 16:33:14.0000 9232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 16:33:14.0015 9232 wuauserv - ok 16:33:14.0312 9232 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:33:14.0500 9232 WudfPf - ok 16:33:14.0593 9232 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:33:14.0671 9232 WudfRd - ok 16:33:14.0750 9232 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 16:33:14.0796 9232 WudfSvc - ok 16:33:15.0203 9232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 16:33:15.0531 9232 WZCSVC - ok 16:33:15.0671 9232 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 16:33:15.0750 9232 xmlprov - ok 16:33:16.0296 9232 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 16:33:16.0750 9232 YahooAUService - ok 16:33:16.0906 9232 ================ Scan global =============================== 16:33:17.0140 9232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 16:33:17.0562 9232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 16:33:17.0984 9232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 16:33:18.0093 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 16:33:18.0109 9232 [Global] - ok 16:33:18.0125 9232 ================ Scan MBR ================================== 16:33:18.0187 9232 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 16:33:19.0437 9232 \Device\Harddisk0\DR0 - ok 16:33:19.0437 9232 ================ Scan VBR ================================== 16:33:19.0453 9232 [ 3BC193B1A972A5A954ED1F28A6544DCA ] \Device\Harddisk0\DR0\Partition1 16:33:19.0468 9232 \Device\Harddisk0\DR0\Partition1 - ok 16:33:19.0468 9232 ============================================================ 16:33:19.0468 9232 Scan finished 16:33:19.0468 9232 ============================================================ 16:33:19.0500 4224 Detected object count: 0 16:33:19.0500 4224 Actual detected object count: 0 aswMBR Report: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-30 16:34:37 ----------------------------- 16:34:37.718 OS Version: Windows 5.1.2600 Service Pack 3 16:34:37.718 Number of processors: 2 586 0x304 16:34:37.718 ComputerName: TOSHIBA-USER UserName: Just 16:34:45.890 Initialize success 17:01:31.421 AVAST engine defs: 12113001 17:02:11.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 17:02:11.578 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3 17:02:11.796 Disk 0 MBR read successfully 17:02:11.812 Disk 0 MBR scan 17:02:12.281 Disk 0 Windows XP default MBR code 17:02:12.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63 17:02:12.687 Disk 0 scanning sectors +117210240 17:02:13.703 Disk 0 scanning C:\WINDOWS\system32\drivers 17:03:20.593 Service scanning 17:05:51.234 Modules scanning 17:06:24.000 Disk 0 trace - called modules: 17:06:24.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys 17:06:24.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a64fab8] 17:06:24.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008f[0x8a5f19e8] 17:06:24.093 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5fa940] 17:06:24.093 \Driver\atapi[0x8a622f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60] 17:06:27.625 AVAST engine scan C:\WINDOWS 17:07:40.250 AVAST engine scan C:\WINDOWS\system32 17:32:12.437 AVAST engine scan C:\WINDOWS\system32\drivers 17:33:25.437 AVAST engine scan C:\Documents and Settings\Just 18:00:11.593 AVAST engine scan C:\Documents and Settings\All Users 18:03:16.125 Scan finished successfully 18:04:37.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Just\Desktop\MBR.dat" 18:04:37.234 The log file has been saved successfully to "C:\Documents and Settings\Just\Desktop\aswMBR1.txt"
- December 1, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I ran combo fix. It prompted me to update the program and so I did. However, the program froze and so did my computer. The computer is still running slowly with audio and video problems.
- November 29, 2012
- 37 replies
Computer Problems

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Report from Security Check: Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG 2013 `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Wise Disk Cleaner 5.93 SlimCleaner Java 7 Update 9 Adobe Flash Player 11.3.300.257 Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` Report from adwcleaner: # AdwCleaner v2.009 - Logfile created 11/28/2012 at 21:59:00 # Updated 24/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Just - TOSHIBA-USER # Boot Mode : Normal # Running from : C:\Documents and Settings\Just\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0 Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\Just\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Just\Local Settings\Application Data\blekkotb Folder Deleted : C:\Documents and Settings\Just\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Trymedia ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v18.0.1025.162 File : C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2320 octets] - [28/11/2012 21:59:00] ########## EOF - C:\AdwCleaner[s1].txt - [2380 octets] ########## Report from RougeKiller: RogueKiller V8.3.1 [Nov 26 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Just [Admin rights] Mode : Scan -- Date : 11/28/2012 22:20:34 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 17 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\18059 (globalroot\systemroot\system32\drivers\18059.sys) -> FOUND [services][HJNAME] HKLM\[...]\ControlSet001\Services\mnsframework (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND [services][HJNAME] HKLM\[...]\ControlSet001\Services\relational (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet003\Services\18059 (globalroot\systemroot\system32\drivers\18059.sys) -> FOUND [services][HJNAME] HKLM\[...]\ControlSet003\Services\mnsframework (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND [services][HJNAME] HKLM\[...]\ControlSet003\Services\relational (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND [PROXY FF] 7b2u35gy.default\ 127.0.0.1:61333 -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Just\Application Data\Adobe\plugs --> FOUND [Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Just\Application Data\Adobe\shed --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync02.sys @ 0xF7717D60) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: IC25N060ATMR04-0 +++++ --- User --- [MBR] 9d1bf7d970a1eee6be744f48508c878b [bSP] d5d822a81171860c2954de9b8504e2d7 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11282012_02d2220.txt >> RKreport[1]_S_11282012_02d2220.txt
- November 29, 2012
- 37 replies
Computer Problems

heybabyzr0 posted a topic in Resolved Malware Removal Logs

About two weeks ago my computer began running very slowly. Audio and Video is very choppy. The system as a whole has dramatically slowed down. I have run MalwareBytes but there is no change in the computer. I tried running DDS in normal start up and in safe mode however, the computer froze in both modes. I was able to scan with HiJackThis. Below is the log. I am grateful for any help. Justin Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:56:20 PM, on 11/28/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Real\RealPlayer\RecordingManager.exe C:\Program Files\PdaNet for Android\smsagent.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\explorer.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator') O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 10021 bytes
- November 28, 2012
- 37 replies
Possible Infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I uninstalled UTorrent I ran combo fix. During the scan, I received two different pop ups. One stated that Rootkit "Zero Access" was found. The other simply said that a rootkit was detected. Combo Fix ran for about ten minutes before freezing. In the distant past I had been instructed to run combo fix. I had the same problem with the program freezing and freezing my computer.
- April 4, 2012
- 6 replies
Possible Infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Here are the items you requested. Malwarebytes' Anti Malware log Uninstall list New HiJackThis Log Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.03.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 :: TOSHIBA-USER [administrator] 4/2/2012 11:44:54 PM mbam-log-2012-04-02 (23-44-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254759 Time elapsed: 12 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) µTorrent 2Wire Wireless Client 32 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe AIR Adobe Anchor Service CS3 Adobe Anchor Service CS4 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe Device Central CS4 Adobe Dreamweaver CS3 Adobe Dreamweaver CS3 Adobe Drive CS4 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS3 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS4 Adobe Media Player Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader X (10.1.1) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Setup Adobe Shockwave Player 11.6 Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Update Manager CS4 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update AT&T Connection Services Manager Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver ATT-PRT22 AviSynth 2.5 Bonjour CD/DVD Drive Acoustic Silencer Connect DivX Setup DVD-RAM Driver FileZilla Client 3.4.0 Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2633952) HP Customer Participation Program 9.0 HP Image Zone 4.7 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Product Assistant HP PSC & OfficeJet 4.7 HP Solution Center 9.0 HP Update iTunes Java 6 Update 29 Java 7 Java SE Development Kit 7 JDownloader 0.9 kuler Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft ASP.NET MVC 2 Microsoft Automated Troubleshooting Services Shim Microsoft Choice Guard Microsoft Help Viewer 1.0 Microsoft Help Viewer 1.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 MSVC80_x86 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 6 Service Pack 2 (KB954459) Mysteryville NetBeans IDE 7.0.1 Notebook Maximizer PC Connectivity Solution PDF Settings CS4 Photoshop Camera Raw QuickTime RarZilla Free Unrar RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver RealUpgrade 1.1 Ringtone Maker 1.6 Roxio Burn Engine Samsung New PC Studio Samsung New PC Studio SamsungConnectivityCableDriver SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923789) Segoe UI SimCity 2000® Special Edition Sonic DLA Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Suite Shared Configuration CS4 Super Collapse 3 SUPERAntiSpyware swMSM TBS WMP Plug-in TOSHIBA Access TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Fax Extension TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Management Utility Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver Touch and Launch TouchPad On/Off Utility Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Word 2007 Help (KB963665) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982664) Update for Windows XP (KB2641690) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 VIA Platform Device Manager Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Windows Defender Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Live Photo Gallery Windows Media Format 11 runtime Windows Media Player 11 Wise Disk Cleaner 5.93 Yahoo! Install Manager Yahoo! Software Update Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:38:20 AM, on 4/3/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [dnb system restore] %TEMP%\sgvtbs.exe O4 - HKCU\..\Run: [divxupdater] %TEMP%\rvfktc.exe O4 - HKCU\..\Run: [Media Streamer] %TEMP%\tgbssm.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9650 bytes
- April 3, 2012
- 6 replies
Possible Infection

heybabyzr0 posted a topic in Resolved Malware Removal Logs

Currently most of the programs under the start menu are missing. This is an older computer that has been infected in the past. I'm hoping to make this computer last a bit longer until I can get a new one. The program DDS.scr would not download. DDS.com did down load but froze the computer while running. This is the "Hijackthis," log. Any help is very much needed. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:32:46 PM, on 3/31/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [dnb system restore] %TEMP%\sgvtbs.exe O4 - HKCU\..\Run: [divxupdater] %TEMP%\rvfktc.exe O4 - HKCU\..\Run: [Media Streamer] %TEMP%\tgbssm.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11418 bytes
- March 31, 2012
- 6 replies
Can't cure infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Yes, Malwarebytes is running in normal mode.
- March 22, 2011
- 12 replies

Events

Profiles

Forums

Everything posted by heybabyzr0

Important Information