Fcvolunteer Posted March 28, 2012 ID:538110 Share Posted March 28, 2012 I noticed redirects for google search results and when I did image results i was only being shown the top two rows of results. I did a scan with Malwarebytes with both the quick scan and full scan and the results are "no malicious items were detected"Now I can't even open a new browser window without getting the error "this webpage is not available". I know my internet connection is working though. I have streaming music that is still playing I just can't go to any new sites.(I'm posting this from a different computer :-) )I was following instructions i found on 2-viruses.com and I did steps 1-5 checking the hosts, DNS settings, Proxy settings, and IE add-ons. When I got to #6 I rescanned with Malwarebytes and still got nothing. Then I downloaded and scanned with Spyware Doctor from PC Tools and it found:Trojan.Fake.Alert (4 infections)- Registry Key:HKEY_USERS\S-1-5-18\Software\avsoft- Registry Value to be Repaired:HKEY_LOCAL _MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, UserinitHKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExtHKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHiddenTrackware.Tracking Cookies!rem (1 infections)- Browser Cookie:content, yieldmanager.com/ content.yieldmanager.comApplication.TrackingCookies (21 infections)Adware.DiscoveryLive!rem (1 infections)Spyware.Known_Bad_Sites (1 infections)RogueAntiSpyware.AntivirusSystemPro (43 infections)I'm also seeing a pop-up window from Internet Explorer (which I didn't open) that says, "The webpage you are viewing is trying to close the window. Do you want to close this window?"What do I do? I also have Trend Micro Titanium Maximum Security 2012 and their quick and full scans haven't found anything either. (I hate paying for Anti-virus software that doesn't work and I then need to spend more money covering its tracks :-( )Thanks in advance for any help! Link to post Share on other sites More sharing options...
Larusso Posted March 30, 2012 ID:538358 Share Posted March 30, 2012 Hymy name is Daniel and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Let me look a little bit closer over your system. You can use an USB drive to transfer the tools and the logs I need for review Download DDS and save it to your desktop from here or hereDouble click dds to run the tool.When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop and post them in your next reply Link to post Share on other sites More sharing options...
Fcvolunteer Posted March 30, 2012 Author ID:538457 Share Posted March 30, 2012 Hi Daniel,Thanks for your response. Here's what changes since I first posted. I tried to run the dds in safe mode and it kept freezing. I had a deadline I had to meet and I really needed my computer and files so I contacted our computer person at work who told me to use combofix via flash drive (since I couldnt access the internet on my computer). It also froze and didnt work. Then she told me to try Kaspersky's remover at this link: http://www.bleepingc...sing-tdsskiller. That worked! I now have my computer back and am even using it to reply. I've just ran the dds and posted the results below so you can tell me if I'm all clean..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14Run by Rochel at 13:10:56 on 2012-03-30Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.1588 [GMT -4:00].AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}FW: ZoneAlarm Firewall *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Logicool\Logicool Vid\vid.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exeC:\Program Files\Southwest Airlines\Ding\Ding.exeC:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exeC:\Program Files\MamaBargains\MamaBargains\MamaBargains.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\Client\Console\0.3.7.8\Spoon-Console.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exeC:\Program Files\IObit\Advanced SystemCare 5\Asc.exeC:\Program Files\IObit\Advanced SystemCare 5\ASCService.exeC:\Program Files\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exeC:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\SearchProtocolHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://chabadnc.org/uSearch Page = hxxp://www.live.comuInternet Settings,ProxyOverride = *.local;<local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dllBHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe SearchBHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: {8854823A-E915-ADFF-BA70-E2C1456C2F56} - No FileBHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - c:\progra~1\videod~1\VIDEOD~1.DLLBHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No FileTB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllTB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dllTB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileTB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB: {2B171655-A70C-5C18-B693-6CB5DC269D41} - No FileEB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dlluRun: [Logicool Vid] "c:\program files\logicool\logicool vid\vid.exe" -bootmodeuRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduleruRun: [Google Update] "c:\documents and settings\rochel\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStartuRun: [Akamai NetSession Interface] "c:\documents and settings\rochel\local settings\application data\akamai\netsession_win.exe"mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeStartupFolder: c:\docume~1\rochel\startm~1\programs\startup\cnette~1.lnk - c:\documents and settings\rochel\application data\cbs interactive\cnet techtracker\TechTracker.exeStartupFolder: c:\docume~1\rochel\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exeStartupFolder: c:\docume~1\rochel\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rochel\application data\dropbox\bin\Dropbox.exeStartupFolder: c:\docume~1\rochel\startm~1\programs\startup\mamaba~1.lnk - c:\program files\mamabargains\mamabargains\MamaBargains.exeStartupFolder: c:\docume~1\rochel\startm~1\programs\startup\spoons~1.lnk - c:\documents and settings\rochel\local settings\application data\spoon\3.32.2.12\Spoon-Sandbox-Native.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeuPolicies-explorer: NoInstrumentation = 1 (0x1)IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLLDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{BD92DCD7-91FF-45DA-A8C2-724596A291F2} : DhcpNameServer = 192.168.1.254Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dllHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dllNotify: igfxcui - igfxdev.dllNotify: LMIinit - LMIinit.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\rochel\application data\mozilla\firefox\profiles\foef8ybj.default\FF - prefs.js: network.proxy.type - 0FF - plugin: c:\documents and settings\rochel\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\rochel\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\rochel\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: c:\documents and settings\rochel\local settings\application data\spoon\3.32.2.12\npMozillaSpoonPlugin.dllFF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dllFF - plugin: c:\program files\nos\bin\np_gp.dllFF - plugin: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\npToolbarChrome.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll.---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.============= SERVICES / DRIVERS ===============.R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-4-16 24064]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-14 13496]R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-3-29 68368]R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-7 913752]R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-3-29 200632]R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-14 821080]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-12 47640]R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-4-16 176640]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-7-9 31848]S0 bhyylicz;bhyylicz; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 136176]S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 136176]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-7-9 31848]S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-2-21 90240]S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-2-21 14976]S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-2-21 121856]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]S4 LMIRfsClientNP;LMIRfsClientNP; [x].=============== Created Last 30 ================.2012-03-30 02:06:09 -------- d-----w- c:\program files\Windows Media Connect 22012-03-30 02:04:48 -------- d-----w- c:\windows\system32\LogFiles2012-03-30 00:56:51 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-03-30 00:56:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-03-30 00:56:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-03-30 00:56:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-03-30 00:46:00 -------- d-----w- c:\program files\Trend Micro2012-03-30 00:06:35 -------- d-----w- C:\TDSSKiller_Quarantine2012-03-29 22:01:03 -------- d-sha-r- C:\cmdcons2012-03-29 21:48:54 -------- d-s---w- C:\ComboFix2012-03-29 19:11:58 98816 ----a-w- c:\windows\sed.exe2012-03-29 19:11:58 518144 ----a-w- c:\windows\SWREG.exe2012-03-29 19:11:58 256000 ----a-w- c:\windows\PEV.exe2012-03-29 19:11:58 208896 ----a-w- c:\windows\MBR.exe2012-03-27 23:42:49 -------- d-----w- C:\temp2012-03-27 20:12:41 -------- d-----w- c:\documents and settings\rochel\local settings\application data\Trend Micro2012-03-27 20:10:44 56 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-03-27 20:09:44 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro2012-03-27 19:36:33 -------- d-----w- c:\documents and settings\rochel\local settings\application data\Akamai2012-03-21 22:42:30 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll2012-03-21 22:42:30 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll.==================== Find3M ====================.2012-02-06 23:42:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys2012-02-02 04:40:23 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe2012-01-31 21:57:00 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe2012-01-22 18:42:08 30218224 ----a-w- c:\program files\asc-setup.exe2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-01-02 00:51:06 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe2011-12-12 04:22:42 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe2011-12-08 20:55:12 108 ----a-w- c:\program files\hirtcamp.com2011-08-19 15:16:26 3089056 ----a-w- c:\program files\install_flash_player.exe2011-07-24 16:14:49 65981368 ----a-w- c:\program files\AVSVideoConverter.exe2011-07-24 15:17:47 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe2011-07-24 15:08:49 858940 ----a-w- c:\program files\toolbar_setup411.exe2011-07-24 15:02:39 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe2011-07-24 14:40:59 8532623 ----a-w- c:\program files\gfsetup.exe2011-07-17 19:08:28 14276088 ----a-w- c:\program files\picasa38-setup.exe2011-06-15 01:46:53 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe2011-05-29 21:55:13 56923744 ----a-w- c:\program files\setup_av_free.exe2011-05-25 23:03:06 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe2011-05-13 15:48:06 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe2011-04-29 17:06:26 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe2011-04-12 00:54:39 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe2011-04-11 20:27:11 5689312 ----a-w- c:\program files\ARO2011_tbt.exe2011-04-06 17:58:21 80298280 ----a-w- c:\program files\iTunesSetup.exe2010-11-23 20:48:32 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe2010-11-14 04:02:39 2443360 ----a-w- c:\program files\divine-setup.exe2010-10-04 18:26:50 947592 ----a-w- c:\program files\SkypeSetup.exe2010-09-28 15:42:01 225672 ----a-w- c:\program files\CrucialScan.exe2010-09-27 00:53:46 469504 ----a-w- c:\program files\ACTPrinterSetup.exe2010-09-15 22:39:25 7633259 ----a-w- c:\program files\fmcjsetup.exe2010-09-15 22:31:20 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe2010-09-15 05:02:32 2007072 ----a-w- c:\program files\mp3joiner_setup.exe2010-07-21 02:42:10 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe2010-07-21 02:38:11 689560 ----a-w- c:\program files\iobituninstaller.exe2010-07-19 21:59:01 2411072 ----a-w- c:\program files\MP3Cutter.EXE2010-07-19 20:52:01 38084600 ----a-w- c:\program files\tunebite.exe2010-06-24 18:32:11 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe2010-06-22 18:43:31 32532792 ----a-w- c:\program files\SafariSetup.exe2010-05-06 20:35:21 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe2010-04-19 03:01:09 562848 ----a-w- c:\program files\GoogleEarthSetup.exe2010-04-19 02:08:54 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe2010-04-16 21:47:38 4071176 ----a-w- c:\program files\registrybooster.exe2010-02-22 02:35:11 82452960 ----a-w- c:\program files\a897_PCStudio.exe2010-01-08 03:20:15 11029387 ----a-w- c:\program files\aoaaudioextractor.exe2009-12-02 18:38:58 6599680 ----a-w- c:\program files\DingInstall-1.05.exe2009-11-10 05:28:41 72946 ----a-w- c:\program files\ears.com2009-11-02 00:40:48 21785928 ----a-w- c:\program files\cuteftppro.exe2009-10-30 18:03:32 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe2009-10-23 01:01:31 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe2009-09-08 17:35:07 4938616 ----a-w- c:\program files\Silverlight.exe2009-07-28 04:05:17 1876292 ----a-w- c:\program files\freeripmp3.exe2009-07-28 03:51:46 2693610 ----a-w- c:\program files\swmsetup.exe2009-07-28 02:57:43 12154344 ----a-w- c:\program files\SFTPMSI.exe2009-07-23 15:26:02 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe2009-07-17 16:37:23 3654395 ----a-w- c:\program files\ybkfull.exe2009-07-10 16:46:12 1234120 ----a-w- c:\program files\wrar380.exe2009-07-08 19:02:41 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe2009-04-30 23:14:45 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe2009-04-29 17:09:51 63049904 ----a-w- c:\program files\avg_free_stf_en_85_285a1462.exe2009-04-29 17:04:51 2967800 ----a-w- c:\program files\mbam-setup.exe2009-04-24 20:49:12 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe2009-04-24 20:33:09 342437920 ----a-w- c:\program files\AcroPro90_efg.exe2004-05-25 03:01:46 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe.============= FINISH: 13:12:25.26 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 4/23/2009 9:34:20 PMSystem Uptime: 3/29/2012 9:18:58 PM (16 hours ago).Motherboard: Dell Inc. | | 0T656FProcessor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz | CPU | 2659/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 298 GiB total, 224.107 GiB free.D: is CDROM (CDFS)E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP18: 1/1/2012 2:04:36 AM - System CheckpointRP19: 1/2/2012 1:33:43 PM - System CheckpointRP20: 1/3/2012 4:44:09 PM - System CheckpointRP21: 1/4/2012 7:14:00 PM - System CheckpointRP22: 1/8/2012 7:05:32 AM - System CheckpointRP23: 1/9/2012 5:44:57 PM - System CheckpointRP24: 1/11/2012 3:00:37 AM - Software Distribution Service 3.0RP25: 1/11/2012 11:32:39 PM - Installed Windows XP KB2585542.RP26: 1/11/2012 11:33:37 PM - Installed Windows XP KB2632503.RP27: 1/16/2012 11:35:34 PM - System CheckpointRP28: 1/18/2012 3:36:18 AM - System CheckpointRP29: 1/19/2012 3:59:07 AM - System CheckpointRP30: 1/20/2012 4:17:45 AM - System CheckpointRP31: 1/22/2012 8:54:20 AM - System CheckpointRP32: 1/23/2012 10:24:10 AM - System CheckpointRP33: 1/24/2012 10:34:09 AM - System CheckpointRP34: 1/25/2012 4:50:01 PM - System CheckpointRP35: 1/27/2012 8:15:30 AM - System CheckpointRP36: 1/28/2012 8:34:09 AM - System CheckpointRP37: 1/29/2012 8:38:49 AM - System CheckpointRP38: 1/30/2012 8:12:39 PM - System CheckpointRP39: 2/1/2012 3:39:26 AM - System CheckpointRP40: 2/2/2012 12:50:38 AM - IObit Uninstaller restore pointRP41: 2/3/2012 3:01:58 PM - System CheckpointRP42: 2/5/2012 2:42:29 AM - System CheckpointRP43: 2/6/2012 7:47:52 PM - System CheckpointRP44: 2/8/2012 1:22:37 AM - System CheckpointRP45: 2/9/2012 8:34:29 AM - System CheckpointRP46: 2/10/2012 9:30:34 AM - System CheckpointRP47: 2/12/2012 1:42:32 PM - System CheckpointRP48: 2/13/2012 4:36:30 PM - System CheckpointRP49: 2/14/2012 7:58:01 PM - System CheckpointRP50: 2/16/2012 3:00:18 AM - Software Distribution Service 3.0RP51: 2/17/2012 6:05:41 AM - System CheckpointRP52: 2/18/2012 10:34:05 PM - System CheckpointRP53: 2/20/2012 4:21:22 AM - System CheckpointRP54: 2/21/2012 6:49:17 AM - System CheckpointRP55: 2/22/2012 12:25:55 PM - System CheckpointRP56: 2/23/2012 2:35:08 PM - System CheckpointRP57: 2/24/2012 3:41:11 PM - System CheckpointRP58: 2/26/2012 9:50:25 AM - System CheckpointRP59: 2/27/2012 11:41:08 AM - System CheckpointRP60: 2/28/2012 1:40:23 PM - System CheckpointRP61: 3/1/2012 5:01:37 PM - System CheckpointRP62: 3/2/2012 5:50:56 PM - System CheckpointRP63: 3/3/2012 7:45:21 PM - System CheckpointRP64: 3/4/2012 9:08:56 PM - System CheckpointRP65: 3/7/2012 1:17:00 PM - System CheckpointRP66: 3/8/2012 3:00:44 AM - Software Distribution Service 3.0RP67: 3/9/2012 1:13:38 PM - System CheckpointRP68: 3/11/2012 1:26:12 AM - System CheckpointRP69: 3/12/2012 1:43:49 AM - System CheckpointRP70: 3/13/2012 1:49:14 AM - System CheckpointRP71: 3/14/2012 2:06:23 AM - System CheckpointRP72: 3/14/2012 3:00:17 AM - Software Distribution Service 3.0RP73: 3/20/2012 1:26:56 AM - System CheckpointRP74: 3/21/2012 3:36:48 AM - System CheckpointRP75: 3/22/2012 8:05:11 AM - System CheckpointRP76: 3/23/2012 12:49:24 PM - Installed Adobe Reader X (10.1.2).RP77: 3/25/2012 6:59:45 AM - System CheckpointRP78: 3/26/2012 7:30:53 AM - System CheckpointRP79: 3/27/2012 7:56:37 AM - System CheckpointRP80: 3/27/2012 3:36:29 PM - Installed Akamai NetSession InterfaceRP81: 3/27/2012 3:53:54 PM - avast! Free Antivirus SetupRP82: 3/28/2012 11:19:06 PM - Restore OperationRP83: 3/29/2012 10:02:34 AM - Software Distribution Service 3.0RP84: 3/29/2012 8:45:37 PM - Installed Akamai NetSession InterfaceRP85: 3/29/2012 10:02:48 PM - Printer Driver PrimoPDF InstalledRP86: 3/29/2012 10:03:50 PM - Installed Windows Media Player 11RP87: 3/29/2012 10:04:43 PM - Installed Windows XP Wudf01000.RP88: 3/29/2012 10:06:38 PM - Installed Windows XP MSCompPackV1.RP89: 3/30/2012 3:00:19 AM - Software Distribution Service 3.0.==== Installed Programs ======================.Act PrinterACTPrinter Win ClientAdobe AIRAdobe Anchor Service CS3Adobe Asset Services CS3Adobe Bridge CS3Adobe Bridge Start MeetingAdobe Camera Raw 4.0Adobe CMapsAdobe Community HelpAdobe Content ViewerAdobe Creative Suite 5.5 Web PremiumAdobe Default Language CS3Adobe Device Central CS3Adobe Download AssistantAdobe Download ManagerAdobe Dreamweaver CS3Adobe Dreamweaver CS5.5Adobe ExtendScript Toolkit 2Adobe Extension Manager CS3Adobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Flash Professional CS5.5Adobe Help Viewer CS3Adobe InDesign CS5.5Adobe PDF Library FilesAdobe Reader X (10.1.2)Adobe SetupAdobe Shockwave Player 11.6Adobe Type SupportAdobe Update Manager CS3Adobe Version Cue CS3 ClientAdobe Widget BrowserAdvanced SystemCare 5Akamai NetSession InterfaceApple Application SupportApple Mobile Device SupportApple Software UpdateAVS Update Manager 1.0AVS Video Converter 8AVS4YOU Software Navigator 1.4BonjourBonjour Print ServicesBusiness Contact Manager for Outlook 2007 SP2CarboniteChoice GuardCNET TechTrackerCoffeeCup Free FTPCorel VideoStudio 12CuteFTP 8 ProfessionalDING!DropboxFocus MP3 Cutter Joiner 3.5FreeRIP v3.1Full Tilt PokerGame BoosterGanttProjectGoogle ChromeGoogle Earth Plug-inGoogle Talk PluginGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB953955)Hotfix for Windows XP (KB954434)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB958347)Hotfix for Windows XP (KB959252)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Intel® Graphics Media Accelerator DriverIObit Malware FighteriTunesJava™ 6 Update 14Junk Mail filter updateLogicool VidLogicool Webcam SoftwareLogMeInMamaBargainsMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business 2007Microsoft Office Small Business 2007 TrialMicrosoft Office Small Business Connectivity ComponentsMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Microsoft_VC90_MFCLOC_x86Mozilla Firefox 9.0.1 (x86 en-US)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 ParserOGA Notifier 2.0.0048.0PDF Settings CS5Picaboo XPicasa 3PixiePack Codec PackPower MP3 Recorder Cutter v5.2.0.0PowerDVDPrimoPDF -- brought to you by Nitro PDF SoftwareQuickTimeRocketLifeRoxio Activation ModuleRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express Labeler 3Roxio Update ManagerSAMSUNG Mobile Modem Driver SetSAMSUNG Mobile Modem V2 SoftwareSamsung New PC StudioSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UIShape CollageSkype ToolbarsSkype™ 4.2Smart Defrag 2SmartDraw 2012SmartSound Quicktracks PluginSonic CinePlayer Decoder PackSpoon Sandbox Manager 3.32swMSMTrend Micro TitaniumTrend Micro Titanium Maximum Security 2012TunebiteUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596789) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2597970) 32-Bit EditionUpdate for Microsoft Office Excel 2007 (KB2596596) 32-Bit EditionUpdate for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB2447568)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Internet Explorer 8 (KB2632503)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB898461)Update for Windows XP (KB951618-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Video Download FileBulldog ToolbarVideo Download Toolbar 2.1.0.0VideoStudioWebFldrs XPWindows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Notifications (KB905474)Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Upload ToolWindows Live WriterWindows Management Framework CoreWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 11Windows Presentation FoundationWindows Search 4.0WinRAR archiverXML Paper Specification Shared Components Pack 1.0.==== Event Viewer Messages From Past Week ========.3/29/2012 5:23:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}3/29/2012 2:27:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}3/29/2012 10:35:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmactmon tmcomm tmeext tmevtmgr tmtdi3/28/2012 9:34:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%21479424023/28/2012 9:00:15 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.3/28/2012 9:00:00 PM, error: Schedule [7901] - The At70.job command failed to start due to the following error: %%21479424023/28/2012 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%21479424023/28/2012 8:34:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%21479424023/28/2012 8:34:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%21479424023/28/2012 8:11:29 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).3/28/2012 8:00:00 PM, error: Schedule [7901] - The At69.job command failed to start due to the following error: %%21479424023/28/2012 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%21479424023/28/2012 8:00:00 AM, error: Schedule [7901] - The At57.job command failed to start due to the following error: %%21479424023/28/2012 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%21479424023/28/2012 7:34:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%21479424023/28/2012 7:34:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%21479424023/28/2012 7:00:19 PM, error: Schedule [7901] - The At68.job command failed to start due to the following error: %%21479424023/28/2012 7:00:09 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%21479424023/28/2012 7:00:00 AM, error: Schedule [7901] - The At56.job command failed to start due to the following error: %%21479424023/28/2012 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%21479424023/28/2012 6:34:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%21479424023/28/2012 6:34:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%21479424023/28/2012 6:00:00 PM, error: Schedule [7901] - The At67.job command failed to start due to the following error: %%21479424023/28/2012 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%21479424023/28/2012 6:00:00 AM, error: Schedule [7901] - The At55.job command failed to start due to the following error: %%21479424023/28/2012 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%21479424023/28/2012 5:34:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%21479424023/28/2012 5:34:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%21479424023/28/2012 5:00:00 PM, error: Schedule [7901] - The At66.job command failed to start due to the following error: %%21479424023/28/2012 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%21479424023/28/2012 5:00:00 AM, error: Schedule [7901] - The At54.job command failed to start due to the following error: %%21479424023/28/2012 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%21479424023/28/2012 4:34:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%21479424023/28/2012 4:34:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%21479424023/28/2012 4:00:00 PM, error: Schedule [7901] - The At65.job command failed to start due to the following error: %%21479424023/28/2012 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%21479424023/28/2012 4:00:00 AM, error: Schedule [7901] - The At53.job command failed to start due to the following error: %%21479424023/28/2012 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%21479424023/28/2012 3:34:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%21479424023/28/2012 3:34:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%21479424023/28/2012 3:00:01 PM, error: Schedule [7901] - The At64.job command failed to start due to the following error: %%21479424023/28/2012 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%21479424023/28/2012 3:00:00 AM, error: Schedule [7901] - The At52.job command failed to start due to the following error: %%21479424023/28/2012 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%21479424023/28/2012 2:34:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%21479424023/28/2012 2:34:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%21479424023/28/2012 2:00:00 PM, error: Schedule [7901] - The At63.job command failed to start due to the following error: %%21479424023/28/2012 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%21479424023/28/2012 2:00:00 AM, error: Schedule [7901] - The At51.job command failed to start due to the following error: %%21479424023/28/2012 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%21479424023/28/2012 12:44:00 AM, error: Schedule [7901] - The At49.job command failed to start due to the following error: %%21479424023/28/2012 12:36:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%21479424023/28/2012 12:34:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%21479424023/28/2012 11:29:29 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.3/28/2012 11:00:02 PM, error: Schedule [7901] - The At72.job command failed to start due to the following error: %%21479424023/28/2012 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%21479424023/28/2012 10:37:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}3/28/2012 10:35:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmactmon tmcomm tmeext tmevtmgr tmtdi WS2IFSL3/28/2012 10:35:54 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.3/28/2012 10:35:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.3/28/2012 10:35:54 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.3/28/2012 10:35:54 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.3/28/2012 10:35:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}3/28/2012 10:35:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}3/28/2012 10:00:00 PM, error: Schedule [7901] - The At71.job command failed to start due to the following error: %%21479424023/28/2012 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%21479424023/28/2012 1:34:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%21479424023/28/2012 1:34:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%21479424023/28/2012 1:00:00 PM, error: Schedule [7901] - The At62.job command failed to start due to the following error: %%21479424023/28/2012 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%21479424023/28/2012 1:00:00 AM, error: Schedule [7901] - The At50.job command failed to start due to the following error: %%21479424023/28/2012 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%21479424023/27/2012 9:34:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%21479424023/27/2012 9:00:00 AM, error: Schedule [7901] - The At58.job command failed to start due to the following error: %%21479424023/27/2012 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%21479424023/27/2012 7:47:51 PM, error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).3/27/2012 12:00:00 PM, error: Schedule [7901] - The At61.job command failed to start due to the following error: %%21479424023/27/2012 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%21479424023/27/2012 11:34:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%21479424023/27/2012 11:34:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%21479424023/27/2012 11:00:00 AM, error: Schedule [7901] - The At60.job command failed to start due to the following error: %%21479424023/27/2012 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%21479424023/27/2012 10:34:01 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%21479424023/27/2012 10:34:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%21479424023/27/2012 10:00:00 AM, error: Schedule [7901] - The At59.job command failed to start due to the following error: %%21479424023/27/2012 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%21479424023/26/2012 12:34:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402.==== End Of File =========================== Link to post Share on other sites More sharing options...
Larusso Posted March 30, 2012 ID:538486 Share Posted March 30, 2012 Hy there, could you please post the TDSSKiller logfile. Foundable in C:\tdsskiller_<date>_<time>.txt Link to post Share on other sites More sharing options...
Fcvolunteer Posted March 30, 2012 Author ID:538489 Share Posted March 30, 2012 20:03:52.0953 1756 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:1820:03:52.0984 1756 ============================================================20:03:52.0984 1756 Current date / time: 2012/03/29 20:03:52.098420:03:52.0984 1756 SystemInfo:20:03:52.0984 1756 20:03:52.0984 1756 OS Version: 5.1.2600 ServicePack: 3.020:03:52.0984 1756 Product type: Workstation20:03:52.0984 1756 ComputerName: ROCHELHOMEPC20:03:52.0984 1756 UserName: Administrator20:03:52.0984 1756 Windows directory: C:\WINDOWS20:03:52.0984 1756 System windows directory: C:\WINDOWS20:03:52.0984 1756 Processor architecture: Intel x8620:03:52.0984 1756 Number of processors: 220:03:52.0984 1756 Page size: 0x100020:03:52.0984 1756 Boot type: Safe boot20:03:52.0984 1756 ============================================================20:03:59.0812 1756 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005420:03:59.0812 1756 Drive \Device\Harddisk1\DR6 - Size: 0x3EF00000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'20:03:59.0812 1756 \Device\Harddisk0\DR0:20:03:59.0812 1756 MBR used20:03:59.0812 1756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2541A2B020:03:59.0812 1756 \Device\Harddisk1\DR6:20:03:59.0812 1756 MBR used20:03:59.0812 1756 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x6, StartLBA 0x1E0, BlocksNum 0x1F762020:03:59.0843 1756 Initialize success20:03:59.0843 1756 ============================================================20:04:29.0640 1788 ============================================================20:04:29.0640 1788 Scan started20:04:29.0640 1788 Mode: Manual;20:04:29.0640 1788 ============================================================20:04:31.0000 1788 Abiosdsk - ok20:04:31.0234 1788 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS20:04:31.0234 1788 abp480n5 - ok20:04:31.0484 1788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys20:04:31.0531 1788 ACPI - ok20:04:31.0734 1788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys20:04:31.0734 1788 ACPIEC - ok20:04:32.0031 1788 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys20:04:32.0109 1788 ADIHdAudAddService - ok20:04:32.0312 1788 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys20:04:32.0343 1788 adpu160m - ok20:04:32.0546 1788 AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe20:04:32.0656 1788 AdvancedSystemCareService5 - ok20:04:32.0906 1788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys20:04:32.0937 1788 aec - ok20:04:33.0187 1788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys20:04:33.0234 1788 AFD - ok20:04:33.0453 1788 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys20:04:33.0484 1788 agp440 - ok20:04:33.0671 1788 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys20:04:33.0687 1788 agpCPQ - ok20:04:33.0875 1788 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys20:04:33.0875 1788 Aha154x - ok20:04:34.0062 1788 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys20:04:34.0078 1788 aic78u2 - ok20:04:34.0265 1788 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys20:04:34.0281 1788 aic78xx - ok20:04:34.0468 1788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll20:04:34.0468 1788 Alerter - ok20:04:34.0656 1788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe20:04:34.0671 1788 ALG - ok20:04:34.0859 1788 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys20:04:34.0859 1788 AliIde - ok20:04:35.0046 1788 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys20:04:35.0062 1788 alim1541 - ok20:04:35.0250 1788 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys20:04:35.0250 1788 amdagp - ok20:04:35.0453 1788 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys20:04:35.0453 1788 amsint - ok20:04:35.0546 1788 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe20:04:35.0562 1788 Apple Mobile Device - ok20:04:35.0812 1788 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll20:04:35.0859 1788 AppMgmt - ok20:04:36.0078 1788 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys20:04:36.0093 1788 asc - ok20:04:36.0312 1788 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys20:04:36.0312 1788 asc3350p - ok20:04:36.0500 1788 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys20:04:36.0515 1788 asc3550 - ok20:04:36.0656 1788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe20:04:36.0734 1788 aspnet_state - ok20:04:36.0937 1788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys20:04:36.0953 1788 AsyncMac - ok20:04:37.0171 1788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys20:04:37.0171 1788 atapi - ok20:04:37.0343 1788 Atdisk - ok20:04:37.0562 1788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys20:04:37.0562 1788 Atmarpc - ok20:04:37.0781 1788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll20:04:37.0796 1788 AudioSrv - ok20:04:37.0968 1788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys20:04:37.0984 1788 audstub - ok20:04:38.0093 1788 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe20:04:38.0125 1788 BcmSqlStartupSvc - ok20:04:38.0328 1788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys20:04:38.0328 1788 Beep - ok20:04:38.0531 1788 bhyylicz - ok20:04:38.0828 1788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll20:04:38.0984 1788 BITS - ok20:04:39.0140 1788 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe20:04:39.0218 1788 Bonjour Service - ok20:04:39.0468 1788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll20:04:39.0484 1788 Browser - ok20:04:40.0062 1788 CarboniteService (9bbed669da150776fef3343f48f92fb0) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe20:04:40.0531 1788 CarboniteService - ok20:04:40.0765 1788 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys20:04:40.0781 1788 cbidf - ok20:04:40.0968 1788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys20:04:40.0968 1788 cbidf2k - ok20:04:41.0171 1788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys20:04:41.0187 1788 CCDECODE - ok20:04:41.0359 1788 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys20:04:41.0359 1788 cd20xrnt - ok20:04:41.0578 1788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys20:04:41.0578 1788 Cdaudio - ok20:04:41.0781 1788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys20:04:41.0796 1788 Cdfs - ok20:04:42.0000 1788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys20:04:42.0015 1788 Cdrom - ok20:04:42.0187 1788 Changer - ok20:04:42.0390 1788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe20:04:42.0390 1788 CiSvc - ok20:04:42.0578 1788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe20:04:42.0593 1788 ClipSrv - ok20:04:42.0718 1788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe20:04:42.0796 1788 clr_optimization_v2.0.50727_32 - ok20:04:43.0031 1788 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys20:04:43.0031 1788 CmdIde - ok20:04:43.0187 1788 COMSysApp - ok20:04:43.0406 1788 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys20:04:43.0406 1788 Cpqarray - ok20:04:43.0656 1788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll20:04:43.0656 1788 CryptSvc - ok20:04:43.0890 1788 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys20:04:43.0937 1788 dac2w2k - ok20:04:44.0109 1788 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys20:04:44.0125 1788 dac960nt - ok20:04:44.0406 1788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll20:04:44.0484 1788 DcomLaunch - ok20:04:44.0703 1788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll20:04:44.0734 1788 Dhcp - ok20:04:44.0937 1788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys20:04:44.0953 1788 Disk - ok20:04:45.0140 1788 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS20:04:45.0156 1788 DLABMFSM - ok20:04:45.0328 1788 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS20:04:45.0343 1788 DLABOIOM - ok20:04:45.0515 1788 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS20:04:45.0515 1788 DLACDBHM - ok20:04:45.0687 1788 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS20:04:45.0703 1788 DLADResM - ok20:04:45.0906 1788 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS20:04:45.0921 1788 DLAIFS_M - ok20:04:46.0093 1788 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS20:04:46.0109 1788 DLAOPIOM - ok20:04:46.0281 1788 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS20:04:46.0281 1788 DLAPoolM - ok20:04:46.0500 1788 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS20:04:46.0500 1788 DLARTL_M - ok20:04:46.0734 1788 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS20:04:46.0750 1788 DLAUDFAM - ok20:04:46.0953 1788 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS20:04:46.0968 1788 DLAUDF_M - ok20:04:47.0125 1788 dmadmin - ok20:04:47.0531 1788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys20:04:47.0718 1788 dmboot - ok20:04:47.0953 1788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys20:04:48.0000 1788 dmio - ok20:04:48.0171 1788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys20:04:48.0171 1788 dmload - ok20:04:48.0375 1788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll20:04:48.0375 1788 dmserver - ok20:04:48.0609 1788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys20:04:48.0625 1788 DMusic - ok20:04:48.0843 1788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll20:04:48.0843 1788 Dnscache - ok20:04:49.0062 1788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll20:04:49.0093 1788 Dot3svc - ok20:04:49.0296 1788 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys20:04:49.0312 1788 dpti2o - ok20:04:49.0500 1788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys20:04:49.0500 1788 drmkaud - ok20:04:49.0734 1788 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS20:04:49.0765 1788 DRVMCDB - ok20:04:49.0968 1788 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS20:04:49.0968 1788 DRVNDDM - ok20:04:50.0140 1788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll20:04:50.0156 1788 EapHost - ok20:04:50.0343 1788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll20:04:50.0343 1788 ERSvc - ok20:04:50.0578 1788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe20:04:50.0578 1788 Eventlog - ok20:04:50.0843 1788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll20:04:50.0906 1788 EventSystem - ok20:04:51.0140 1788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys20:04:51.0171 1788 Fastfat - ok20:04:51.0390 1788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll20:04:51.0437 1788 FastUserSwitchingCompatibility - ok20:04:51.0703 1788 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe20:04:51.0765 1788 Fax - ok20:04:51.0968 1788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys20:04:51.0968 1788 Fdc - ok20:04:52.0156 1788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys20:04:52.0171 1788 Fips - ok20:04:52.0406 1788 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe20:04:52.0562 1788 FLEXnet Licensing Service - ok20:04:52.0765 1788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys20:04:52.0765 1788 Flpydisk - ok20:04:52.0984 1788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys20:04:53.0015 1788 FltMgr - ok20:04:53.0125 1788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe20:04:53.0140 1788 FontCache3.0.0.0 - ok20:04:53.0312 1788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys20:04:53.0312 1788 Fs_Rec - ok20:04:53.0546 1788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys20:04:53.0578 1788 Ftdisk - ok20:04:53.0781 1788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys20:04:53.0781 1788 GEARAspiWDM - ok20:04:53.0968 1788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys20:04:53.0984 1788 Gpc - ok20:04:54.0109 1788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe20:04:54.0140 1788 gupdate - ok20:04:54.0187 1788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe20:04:54.0187 1788 gupdatem - ok20:04:54.0281 1788 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe20:04:54.0312 1788 gusvc - ok20:04:54.0609 1788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys20:04:54.0609 1788 HDAudBus - ok20:04:54.0765 1788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll20:04:54.0781 1788 helpsvc - ok20:04:54.0968 1788 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll20:04:54.0968 1788 HidServ - ok20:04:55.0156 1788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys20:04:55.0156 1788 hidusb - ok20:04:55.0343 1788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll20:04:55.0375 1788 hkmsvc - ok20:04:55.0578 1788 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys20:04:55.0593 1788 hpn - ok20:04:55.0843 1788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys20:04:55.0906 1788 HTTP - ok20:04:56.0093 1788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll20:04:56.0093 1788 HTTPFilter - ok20:04:56.0312 1788 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys20:04:56.0312 1788 i2omgmt - ok20:04:56.0500 1788 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys20:04:56.0500 1788 i2omp - ok20:04:58.0140 1788 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys20:04:59.0609 1788 ialm - ok20:04:59.0937 1788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe20:05:00.0156 1788 idsvc - ok20:05:00.0390 1788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys20:05:00.0390 1788 Imapi - ok20:05:00.0609 1788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe20:05:00.0640 1788 ImapiService - ok20:05:00.0906 1788 IMFservice (491fb9e6c0bd1383884d64ea5b886ad8) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe20:05:00.0921 1788 IMFservice - ok20:05:01.0140 1788 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys20:05:01.0140 1788 ini910u - ok20:05:01.0359 1788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys20:05:01.0359 1788 IntelIde - ok20:05:01.0562 1788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys20:05:01.0578 1788 intelppm - ok20:05:01.0765 1788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys20:05:01.0781 1788 Ip6Fw - ok20:05:01.0953 1788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys20:05:01.0968 1788 IpFilterDriver - ok20:05:02.0140 1788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys20:05:02.0140 1788 IpInIp - ok20:05:02.0375 1788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys20:05:02.0406 1788 IpNat - ok20:05:02.0671 1788 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe20:05:02.0875 1788 iPod Service - ok20:05:03.0078 1788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys20:05:03.0109 1788 IPSec - ok20:05:03.0312 1788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys20:05:03.0312 1788 IRENUM - ok20:05:03.0515 1788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys20:05:03.0531 1788 isapnp - ok20:05:03.0625 1788 JavaQuickStarterService (44ffba62f0f426b581759c49aafec2e2) C:\Program Files\Java\jre6\bin\jqs.exe20:05:03.0671 1788 JavaQuickStarterService - ok20:05:03.0890 1788 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys20:05:03.0937 1788 k57w2k - ok20:05:04.0171 1788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys20:05:04.0171 1788 Kbdclass - ok20:05:04.0406 1788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys20:05:04.0421 1788 kbdhid - ok20:05:04.0718 1788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys20:05:04.0750 1788 kmixer - ok20:05:04.0984 1788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys20:05:05.0000 1788 KSecDD - ok20:05:05.0218 1788 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll20:05:05.0250 1788 LanmanServer - ok20:05:05.0468 1788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll20:05:05.0500 1788 lanmanworkstation - ok20:05:05.0671 1788 lbrtfdc - ok20:05:05.0890 1788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll20:05:05.0890 1788 LmHosts - ok20:05:05.0984 1788 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys20:05:06.0000 1788 LMIInfo - ok20:05:06.0078 1788 LMIMaint (500f1e4461075d602ce77109a9a3d634) C:\Program Files\LogMeIn\x86\RaMaint.exe20:05:06.0109 1788 LMIMaint - ok20:05:06.0281 1788 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys20:05:06.0296 1788 lmimirr - ok20:05:06.0468 1788 LMIRfsClientNP - ok20:05:06.0671 1788 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys20:05:06.0687 1788 LMIRfsDriver - ok20:05:06.0750 1788 LogMeIn (9015122d04c195bdab88febcbae229db) C:\Program Files\LogMeIn\x86\LogMeIn.exe20:05:06.0765 1788 LogMeIn - ok20:05:06.0968 1788 LVPr2Mon (f4d5180e84bca0b7caa68a39ca770cb7) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys20:05:06.0968 1788 LVPr2Mon - ok20:05:07.0093 1788 LVPrcSrv (6c6362c5febcebbb76c991899b5223a7) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe20:05:07.0125 1788 LVPrcSrv - ok20:05:07.0390 1788 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys20:05:07.0390 1788 MBAMProtector - ok20:05:07.0640 1788 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe20:05:07.0796 1788 MBAMService - ok20:05:08.0015 1788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll20:05:08.0015 1788 Messenger - ok20:05:08.0140 1788 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe20:05:08.0156 1788 Microsoft Office Groove Audit Service - ok20:05:08.0406 1788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys20:05:08.0406 1788 mnmdd - ok20:05:08.0625 1788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe20:05:08.0640 1788 mnmsrvc - ok20:05:08.0843 1788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys20:05:08.0843 1788 Modem - ok20:05:09.0062 1788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys20:05:09.0078 1788 Mouclass - ok20:05:09.0250 1788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys20:05:09.0250 1788 mouhid - ok20:05:09.0484 1788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys20:05:09.0500 1788 MountMgr - ok20:05:09.0671 1788 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys20:05:09.0687 1788 mraid35x - ok20:05:09.0937 1788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys20:05:09.0968 1788 MRxDAV - ok20:05:10.0265 1788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys20:05:10.0375 1788 MRxSmb - ok20:05:10.0578 1788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe20:05:10.0578 1788 MSDTC - ok20:05:10.0765 1788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys20:05:10.0765 1788 Msfs - ok20:05:10.0921 1788 MSIServer - ok20:05:11.0125 1788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys20:05:11.0140 1788 MSKSSRV - ok20:05:11.0312 1788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys20:05:11.0312 1788 MSPCLOCK - ok20:05:11.0500 1788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys20:05:11.0500 1788 MSPQM - ok20:05:11.0734 1788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys20:05:11.0734 1788 mssmbios - ok20:05:11.0828 1788 MSSQL$MSSMLBIZ - ok20:05:11.0890 1788 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe20:05:11.0921 1788 MSSQLServerADHelper - ok20:05:12.0125 1788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys20:05:12.0125 1788 MSTEE - ok20:05:12.0343 1788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys20:05:12.0375 1788 Mup - ok20:05:12.0578 1788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys20:05:12.0593 1788 NABTSFEC - ok20:05:12.0843 1788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll20:05:12.0921 1788 napagent - ok20:05:13.0140 1788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys20:05:13.0187 1788 NDIS - ok20:05:13.0359 1788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys20:05:13.0375 1788 NdisIP - ok20:05:13.0593 1788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys20:05:13.0593 1788 NdisTapi - ok20:05:13.0765 1788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys20:05:13.0781 1788 Ndisuio - ok20:05:13.0968 1788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys20:05:14.0000 1788 NdisWan - ok20:05:14.0218 1788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys20:05:14.0234 1788 NDProxy - ok20:05:14.0406 1788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys20:05:14.0421 1788 NetBIOS - ok20:05:14.0656 1788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys20:05:14.0703 1788 NetBT - ok20:05:14.0921 1788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe20:05:14.0953 1788 NetDDE - ok20:05:14.0984 1788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe20:05:14.0984 1788 NetDDEdsdm - ok20:05:15.0171 1788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe20:05:15.0171 1788 Netlogon - ok20:05:15.0406 1788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll20:05:15.0453 1788 Netman - ok20:05:15.0609 1788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe20:05:15.0640 1788 NetTcpPortSharing - ok20:05:15.0875 1788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll20:05:15.0921 1788 Nla - ok20:05:16.0140 1788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys20:05:16.0156 1788 Npfs - ok20:05:16.0468 1788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys20:05:16.0625 1788 Ntfs - ok20:05:16.0828 1788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe20:05:16.0843 1788 NtLmSsp - ok20:05:17.0187 1788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll20:05:17.0296 1788 NtmsSvc - ok20:05:17.0500 1788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys20:05:17.0500 1788 Null - ok20:05:17.0703 1788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys20:05:17.0718 1788 NwlnkFlt - ok20:05:17.0921 1788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys20:05:17.0921 1788 NwlnkFwd - ok20:05:18.0140 1788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE20:05:18.0250 1788 odserv - ok20:05:18.0328 1788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE20:05:18.0375 1788 ose - ok20:05:18.0609 1788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys20:05:18.0640 1788 Parport - ok20:05:18.0828 1788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys20:05:18.0843 1788 PartMgr - ok20:05:19.0015 1788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys20:05:19.0015 1788 ParVdm - ok20:05:19.0218 1788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys20:05:19.0234 1788 PCI - ok20:05:19.0406 1788 PCIDump - ok20:05:19.0593 1788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys20:05:19.0593 1788 PCIIde - ok20:05:19.0812 1788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys20:05:19.0843 1788 Pcmcia - ok20:05:20.0015 1788 PDCOMP - ok20:05:20.0203 1788 PDFRAME - ok20:05:20.0375 1788 PDRELI - ok20:05:20.0546 1788 PDRFRAME - ok20:05:20.0734 1788 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys20:05:20.0734 1788 perc2 - ok20:05:20.0921 1788 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys20:05:20.0921 1788 perc2hib - ok20:05:21.0187 1788 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE20:05:21.0250 1788 PEVSystemStart - ok20:05:22.0140 1788 PID_PEPI (bd8c6c254835ea14ec0242f76009cbc4) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS20:05:22.0859 1788 PID_PEPI - ok20:05:23.0093 1788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe20:05:23.0093 1788 PlugPlay - ok20:05:23.0265 1788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe20:05:23.0281 1788 PolicyAgent - ok20:05:23.0500 1788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys20:05:23.0515 1788 PptpMiniport - ok20:05:23.0703 1788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe20:05:23.0703 1788 ProtectedStorage - ok20:05:23.0890 1788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys20:05:23.0906 1788 PSched - ok20:05:24.0078 1788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys20:05:24.0093 1788 Ptilink - ok20:05:24.0296 1788 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys20:05:24.0312 1788 PxHelp20 - ok20:05:24.0546 1788 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys20:05:24.0546 1788 ql1080 - ok20:05:24.0734 1788 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys20:05:24.0734 1788 Ql10wnt - ok20:05:24.0921 1788 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys20:05:24.0937 1788 ql12160 - ok20:05:25.0125 1788 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys20:05:25.0140 1788 ql1240 - ok20:05:25.0328 1788 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys20:05:25.0343 1788 ql1280 - ok20:05:25.0531 1788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys20:05:25.0531 1788 RasAcd - ok20:05:25.0750 1788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll20:05:25.0765 1788 RasAuto - ok20:05:25.0984 1788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys20:05:26.0000 1788 Rasl2tp - ok20:05:26.0203 1788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll20:05:26.0250 1788 RasMan - ok20:05:26.0437 1788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys20:05:26.0437 1788 RasPppoe - ok20:05:26.0625 1788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys20:05:26.0625 1788 Raspti - ok20:05:26.0843 1788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys20:05:26.0875 1788 Rdbss - ok20:05:27.0046 1788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys20:05:27.0062 1788 RDPCDD - ok20:05:27.0296 1788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys20:05:27.0343 1788 rdpdr - ok20:05:27.0593 1788 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys20:05:27.0625 1788 RDPWD - ok20:05:27.0843 1788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe20:05:27.0875 1788 RDSessMgr - ok20:05:28.0078 1788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys20:05:28.0093 1788 redbook - ok20:05:28.0281 1788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll20:05:28.0296 1788 RemoteAccess - ok20:05:28.0500 1788 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll20:05:28.0515 1788 RemoteRegistry - ok20:05:28.0734 1788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe20:05:28.0750 1788 RpcLocator - ok20:05:29.0031 1788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll20:05:29.0031 1788 RpcSs - ok20:05:29.0234 1788 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys20:05:29.0234 1788 RRNetCap - ok20:05:29.0250 1788 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys20:05:29.0250 1788 RRNetCapMP - ok20:05:29.0453 1788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe20:05:29.0500 1788 RSVP - ok20:05:29.0671 1788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe20:05:29.0671 1788 SamSs - ok20:05:29.0906 1788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe20:05:29.0937 1788 SCardSvr - ok20:05:30.0234 1788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll20:05:30.0296 1788 Schedule - ok20:05:30.0546 1788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys20:05:30.0546 1788 Secdrv - ok20:05:30.0781 1788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll20:05:30.0781 1788 seclogon - ok20:05:31.0000 1788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll20:05:31.0015 1788 SENS - ok20:05:31.0187 1788 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys20:05:31.0203 1788 Serenum - ok20:05:31.0421 1788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys20:05:31.0437 1788 Serial - ok20:05:31.0656 1788 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys20:05:31.0671 1788 SFAUDIO - ok20:05:31.0875 1788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys20:05:31.0875 1788 Sfloppy - ok20:05:32.0156 1788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll20:05:32.0250 1788 SharedAccess - ok20:05:32.0468 1788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll20:05:32.0468 1788 ShellHWDetection - ok20:05:32.0625 1788 Simbad - ok20:05:32.0843 1788 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys20:05:32.0843 1788 sisagp - ok20:05:33.0046 1788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys20:05:33.0062 1788 SLIP - ok20:05:33.0250 1788 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys20:05:33.0250 1788 SmartDefragDriver - ok20:05:33.0453 1788 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys20:05:33.0468 1788 Sparrow - ok20:05:33.0671 1788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys20:05:33.0687 1788 splitter - ok20:05:33.0890 1788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe20:05:33.0906 1788 Spooler - ok20:05:34.0031 1788 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe20:05:34.0093 1788 SQLBrowser - ok20:05:34.0156 1788 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe20:05:34.0171 1788 SQLWriter - ok20:05:34.0421 1788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys20:05:34.0437 1788 sr - ok20:05:34.0687 1788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll20:05:34.0734 1788 srservice - ok20:05:35.0000 1788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys20:05:35.0093 1788 Srv - ok20:05:35.0328 1788 sscebus (29ae754f4e9dcc08dcfd4aef07375d52) C:\WINDOWS\system32\DRIVERS\sscebus.sys20:05:35.0343 1788 sscebus - ok20:05:35.0546 1788 sscemdfl (48de57f9c5a7f39ec3ea5cfbf163b811) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys20:05:35.0546 1788 sscemdfl - ok20:05:35.0750 1788 sscemdm (600d634c721e57e4b89d3dfdd381cdb7) C:\WINDOWS\system32\DRIVERS\sscemdm.sys20:05:35.0781 1788 sscemdm - ok20:05:35.0968 1788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll20:05:36.0000 1788 SSDPSRV - ok20:05:36.0250 1788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll20:05:36.0328 1788 stisvc - ok20:05:36.0500 1788 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe20:05:36.0515 1788 stllssvr - ok20:05:36.0734 1788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys20:05:36.0734 1788 streamip - ok20:05:36.0953 1788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys20:05:36.0953 1788 swenum - ok20:05:37.0171 1788 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe20:05:37.0296 1788 SwitchBoard - ok20:05:37.0546 1788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys20:05:37.0562 1788 swmidi - ok20:05:37.0718 1788 SwPrv - ok20:05:37.0921 1788 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys20:05:37.0921 1788 symc810 - ok20:05:38.0140 1788 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys20:05:38.0140 1788 symc8xx - ok20:05:38.0328 1788 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys20:05:38.0328 1788 sym_hi - ok20:05:38.0531 1788 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys20:05:38.0531 1788 sym_u3 - ok20:05:38.0765 1788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys20:05:38.0781 1788 sysaudio - ok20:05:39.0000 1788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe20:05:39.0015 1788 SysmonLog - ok20:05:39.0265 1788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll20:05:39.0312 1788 TapiSrv - ok20:05:39.0515 1788 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys20:05:39.0531 1788 tbhsd - ok20:05:39.0812 1788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys20:05:39.0906 1788 Tcpip - ok20:05:40.0109 1788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys20:05:40.0125 1788 TDPIPE - ok20:05:40.0312 1788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys20:05:40.0312 1788 TDTCP - ok20:05:40.0531 1788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys20:05:40.0531 1788 TermDD - ok20:05:40.0812 1788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll20:05:40.0890 1788 TermService - ok20:05:41.0109 1788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll20:05:41.0109 1788 Themes - ok20:05:41.0296 1788 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe20:05:41.0312 1788 TlntSvr - ok20:05:41.0484 1788 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys20:05:41.0484 1788 TosIde - ok20:05:41.0703 1788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll20:05:41.0718 1788 TrkWks - ok20:05:41.0921 1788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys20:05:41.0937 1788 Udfs - ok20:05:42.0062 1788 UleadBurningHelper (810883e6225c0037f2553d964fc866e3) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe20:05:42.0093 1788 UleadBurningHelper - ok20:05:42.0281 1788 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys20:05:42.0296 1788 ultra - ok20:05:42.0671 1788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys20:05:42.0812 1788 Update - ok20:05:43.0078 1788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll20:05:43.0125 1788 upnphost - ok20:05:43.0312 1788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe20:05:43.0312 1788 UPS - ok20:05:43.0531 1788 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys20:05:43.0546 1788 USBAAPL - ok20:05:43.0765 1788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys20:05:43.0781 1788 usbaudio - ok20:05:43.0984 1788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys20:05:43.0984 1788 usbccgp - ok20:05:44.0203 1788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys20:05:44.0203 1788 usbehci - ok20:05:44.0437 1788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys20:05:44.0453 1788 usbhub - ok20:05:44.0671 1788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys20:05:44.0671 1788 usbscan - ok20:05:44.0890 1788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS20:05:44.0890 1788 USBSTOR - ok20:05:45.0078 1788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys20:05:45.0078 1788 usbuhci - ok20:05:45.0328 1788 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys20:05:45.0359 1788 usbvideo - ok20:05:45.0578 1788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys20:05:45.0578 1788 VgaSave - ok20:05:45.0781 1788 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys20:05:45.0796 1788 viaagp - ok20:05:45.0984 1788 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys20:05:45.0984 1788 ViaIde - ok20:05:46.0171 1788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys20:05:46.0187 1788 VolSnap - ok20:05:46.0437 1788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe20:05:46.0515 1788 VSS - ok20:05:46.0734 1788 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll20:05:46.0781 1788 w32time - ok20:05:46.0984 1788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys20:05:47.0000 1788 Wanarp - ok20:05:47.0156 1788 WDICA - ok20:05:47.0421 1788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys20:05:47.0437 1788 wdmaud - ok20:05:47.0625 1788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll20:05:47.0640 1788 WebClient - ok20:05:47.0921 1788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll20:05:47.0953 1788 winmgmt - ok20:05:48.0406 1788 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll20:05:48.0718 1788 WinRM - ok20:05:48.0953 1788 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll20:05:48.0968 1788 WmdmPmSN - ok20:05:49.0296 1788 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll20:05:49.0437 1788 Wmi - ok20:05:49.0656 1788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe20:05:49.0687 1788 WmiApSrv - ok20:05:49.0921 1788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys20:05:49.0937 1788 WS2IFSL - ok20:05:50.0171 1788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll20:05:50.0187 1788 wscsvc - ok20:05:50.0343 1788 WSearch - ok20:05:50.0546 1788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS20:05:50.0562 1788 WSTCODEC - ok20:05:50.0750 1788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll20:05:50.0750 1788 wuauserv - ok20:05:51.0046 1788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll20:05:51.0171 1788 WZCSVC - ok20:05:51.0375 1788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll20:05:51.0421 1788 xmlprov - ok20:05:51.0468 1788 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR020:05:51.0500 1788 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected20:05:51.0500 1788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)20:05:51.0515 1788 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR620:05:51.0515 1788 \Device\Harddisk1\DR6 - ok20:05:51.0562 1788 Boot (0x1200) (7019eb4ed7475397299dcfc0ef612fee) \Device\Harddisk0\DR0\Partition020:05:51.0562 1788 \Device\Harddisk0\DR0\Partition0 - ok20:05:51.0578 1788 Boot (0x1200) (ea94d10371f902e50906ebd662495cb5) \Device\Harddisk1\DR6\Partition020:05:51.0578 1788 \Device\Harddisk1\DR6\Partition0 - ok20:05:51.0593 1788 ============================================================20:05:51.0593 1788 Scan finished20:05:51.0593 1788 ============================================================20:05:51.0609 1780 Detected object count: 120:05:51.0609 1780 Actual detected object count: 120:06:35.0796 1780 \Device\Harddisk0\DR0\# - copied to quarantine20:06:35.0796 1780 \Device\Harddisk0\DR0 - copied to quarantine20:06:35.0875 1780 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine20:06:35.0875 1780 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine20:06:35.0875 1780 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine20:06:35.0890 1780 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine20:06:35.0906 1780 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine20:06:35.0906 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot20:06:35.0906 1780 \Device\Harddisk0\DR0 - ok20:06:36.0171 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure20:06:52.0390 1752 Deinitialize success Link to post Share on other sites More sharing options...
Larusso Posted March 31, 2012 ID:538577 Share Posted March 31, 2012 I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofixYou should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 1, 2012 Author ID:538837 Share Posted April 1, 2012 Hi Daniel,Thanks for your concern. I actually did run ComboFix and the request of a helper, it just wasn't a helper from Malwarebytes. As I mentioned earlier,I contacted our computer person at work who told me to use combofixJust so youshould know, (I don't know if it's important or not) I ran combofix now and after completeing stage 5 the screen went blue and i got a really long error message saying,A problem has been detected and windows has been shut down to prevent damage to your computer.Plug and play detected and error most likely caused bu a faulty driver.If this is the first time you've seen the stop error screen, restart your computer.If this screen appears again follow these steps:Check to make sure any new hardware or software is properly installed. If this is a new installation ask your hardware or software manufacturer for any windows updates you might need.If problems continue disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable compnents, restart your computer, press F8 to select advanced startup options and then select safe mode.Technical Information:*** STOP: 0x000000CA (0x00000004, 0x898DEC98, 0x00000000, 0x00000000)ComboFix 12-03-31.03 - Rochel 03/31/2012 22:13:38.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2139 [GMT -4:00]Running from: c:\documents and settings\Rochel\Desktop\ComboFix.exeAV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Rochel\Systemc:\documents and settings\Rochel\System\win_qs8.jqxc:\program files\ARO2011_tbt.exec:\program files\avg_free_stf_en_85_285a1462.exec:\program files\somototoolbar\vmNTemplatex.dllC:\setup.exec:\windows\EventSystem.logc:\windows\Fonts\OptimaBold.ttfc:\windows\system32\fsc.txtc:\windows\system32\ide.txtc:\windows\system32\klgd.bmpc:\windows\system32\lpe.txtc:\windows\system32\xef.txtc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\XSxS.c:\windows\system32\drivers\i8042prt.sys . . . is missing!!..((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))..2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 22012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll.<pre>c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exec:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe</pre>.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]"Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk]path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnkbackup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]c:\program files\AVAST Software\Avast\avastUI.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"="c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"="c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management"1166:TCP"= 1166:TCP:Akamai NetSession Interface"5000:UDP"= 5000:UDP:Akamai NetSession Interface.R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/14/2011 9:55 PM 13496]R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368]R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/7/2011 12:02 PM 913752]R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632]R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/14/2011 9:54 PM 821080]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S0 bhyylicz;bhyylicz; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240]S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976]S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe.Contents of the 'Scheduled Tasks' folder.2012-03-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46].2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-01 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://chabadnc.org/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\FF - prefs.js: network.proxy.type - 0FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.- - - - ORPHANS REMOVED - - - -.BHO-{8854823A-E915-ADFF-BA70-E2C1456C2F56} - (no file)Toolbar-Locked - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-03-31 22:24Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... ..c:\docume~1\Rochel\LOCALS~1\Temp\CSCA.tmp.scan completed successfullyhidden files: 1.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85"oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c"naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85"oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00"najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2"hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2"ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1068)c:\windows\system32\LMIinit.dll.- - - - - - - > 'explorer.exe'(5320)c:\windows\system32\WININET.dllc:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dllc:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Roxio\Drag-to-Disc\Shellex.dllc:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLLc:\program files\Roxio\Drag-to-Disc\ShellRes.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\LMIRfsClientNP.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Carbonite\Carbonite Backup\carboniteservice.exec:\program files\Java\jre6\bin\jqs.exec:\program files\LogMeIn\x86\RaMaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\windows\system32\SearchIndexer.exec:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exec:\program files\Southwest Airlines\Ding\Ding.exec:\windows\system32\igfxsrvc.exec:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exec:\program files\MamaBargains\MamaBargains\MamaBargains.exec:\documents and settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\SearchProtocolHost.exec:\documents and settings\Rochel\Local Settings\Application Data\Spoon\Client\Console\0.3.7.8\Spoon-Console.exec:\windows\system32\wscntfy.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2012-03-31 22:31:39 - machine was rebootedComboFix-quarantined-files.txt 2012-04-01 02:31.Pre-Run: 240,775,045,120 bytes freePost-Run: 241,108,897,792 bytes free.- - End Of File - - 58D1895F0606E79453C8EF62193A8403 Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 1, 2012 Author ID:538838 Share Posted April 1, 2012 oops, I meant to add that after I got that error message I removed my usb drive and restarted the computer and ran combofix again and everything ran as it should have and produced the log I included in my last post.Thanks Link to post Share on other sites More sharing options...
Larusso Posted April 1, 2012 ID:539012 Share Posted April 1, 2012 Hy there.Download OTL to your Desktop. Double click on the icon to run it. Under the box paste this inactivexnetsvcsmsconfig%SYSTEMDRIVE%\*.%PROGRAMFILES%\*.exe%LOCALAPPDATA%\*.exe%systemroot%\*. /mp /s%systemroot%\system32\*.manifest /3/md5starti8042prt.sysexplorer.exeregedit.exewinlogon.exewininit.exeuserinit.exe/md5stopHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsCREATERESTOREPOINTMake sure all other windows are closed to let it run uninterrupted. Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please post both logfiles in your next reply. Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 2, 2012 Author ID:539108 Share Posted April 2, 2012 OTL logfile created on: 4/1/2012 7:54:04 PM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rochel\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.73% Memory free4.83 Gb Paging File | 3.87 Gb Available in Paging File | 80.20% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 298.05 Gb Total Space | 224.76 Gb Free Space | 75.41% Space Free | Partition Type: NTFSDrive D: | 7.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: ROCHELHOMEPC | User Name: Rochel | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/01 19:47:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rochel\Desktop\OTL.exePRC - [2012/03/29 20:46:27 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exePRC - [2012/03/29 20:46:27 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exePRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exePRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exePRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exePRC - [2012/02/27 09:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exePRC - [2012/02/27 09:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exePRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exePRC - [2012/01/27 16:06:16 | 002,324,872 | ---- | M] (Code Systems Corporation) -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox.exePRC - [2012/01/27 16:05:31 | 008,646,816 | ---- | M] (Code Systems Corporation) -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\Client\Console\0.3.7.8\Spoon-Console.exePRC - [2011/12/02 10:36:39 | 000,142,848 | ---- | M] () -- C:\Program Files\MamaBargains\MamaBargains\MamaBargains.exePRC - [2011/12/01 16:24:20 | 002,624,512 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exePRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exePRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exePRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exePRC - [2009/10/01 21:31:48 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exePRC - [2009/10/01 21:31:39 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exePRC - [2009/06/02 08:59:46 | 005,451,536 | ---- | M] (Logicool Co., Ltd) -- C:\Program Files\Logicool\Logicool Vid\Vid.exePRC - [2009/04/30 16:01:10 | 000,150,040 | ---- | M] (Logicool Co., Ltd) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exePRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exePRC - [2008/06/09 11:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exePRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exePRC - [2006/06/22 15:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe========== Modules (No Company Name) ==========MOD - [2012/03/29 20:46:48 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dllMOD - [2012/03/29 20:46:32 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dllMOD - [2012/03/29 20:46:29 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dllMOD - [2012/03/29 20:46:27 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dllMOD - [2012/03/29 20:46:27 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dllMOD - [2012/03/29 20:46:27 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dllMOD - [2012/02/16 04:09:09 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dllMOD - [2012/02/16 04:09:06 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dllMOD - [2012/02/16 04:09:03 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dllMOD - [2012/02/16 04:08:59 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllMOD - [2012/02/16 04:08:54 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dllMOD - [2012/02/16 04:08:49 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dllMOD - [2012/02/16 04:08:42 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllMOD - [2012/02/16 04:08:41 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dllMOD - [2012/02/16 04:08:38 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dllMOD - [2012/01/22 14:33:46 | 004,770,176 | ---- | M] () -- c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dllMOD - [2011/12/02 10:36:39 | 000,142,848 | ---- | M] () -- C:\Program Files\MamaBargains\MamaBargains\MamaBargains.exeMOD - [2011/12/01 16:24:20 | 002,624,512 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exeMOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bplMOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bplMOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bplMOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dllMOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2009/10/01 21:31:39 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dllMOD - [2009/06/02 09:00:22 | 000,138,000 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\plugins\imageformats\qjpeg4.dllMOD - [2009/06/02 09:00:22 | 000,035,088 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\plugins\imageformats\qico4.dllMOD - [2009/06/02 09:00:20 | 000,028,944 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\plugins\imageformats\qgif4.dllMOD - [2009/06/02 08:59:34 | 000,027,408 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\SDL.dllMOD - [2009/06/02 08:59:24 | 000,363,792 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\qtxml4.dllMOD - [2009/06/02 08:59:12 | 011,311,888 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtWebKit4.dllMOD - [2009/06/02 08:59:00 | 000,199,952 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\qtsql4.dllMOD - [2009/06/02 08:58:50 | 000,475,408 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtOpenGL4.dllMOD - [2009/06/02 08:58:38 | 007,704,336 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtGui4.dllMOD - [2009/06/02 08:58:38 | 000,968,976 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtNetwork4.dllMOD - [2009/06/02 08:58:26 | 002,140,944 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtCore4.dllMOD - [2009/06/02 08:58:16 | 000,291,600 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\phonon4.dllMOD - [2008/07/19 16:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dllMOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dllMOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dllMOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)SRV - [2009/10/01 21:31:48 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)SRV - [2009/04/30 16:01:10 | 000,150,040 | ---- | M] (Logicool Co., Ltd) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)SRV - [2009/04/24 16:48:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)SRV - [2008/06/09 11:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rochel\LOCALS~1\Temp\mbr.sys -- (mbr)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Rochel\LOCALS~1\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | Boot | Stopped] -- -- (bhyylicz)DRV - [2012/03/29 20:46:34 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)DRV - [2012/03/29 20:46:34 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)DRV - [2012/03/29 20:46:34 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)DRV - [2012/03/29 20:46:34 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)DRV - [2010/07/09 16:34:44 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)DRV - [2010/07/09 16:34:36 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)DRV - [2010/07/09 16:34:36 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)DRV - [2009/10/01 21:31:40 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)DRV - [2009/05/13 12:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)DRV - [2009/05/13 12:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)DRV - [2009/05/13 12:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)DRV - [2009/04/30 22:55:58 | 002,686,872 | ---- | M] (Logicool Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)DRV - [2009/04/30 16:00:24 | 000,024,984 | ---- | M] (Logicool Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)DRV - [2008/07/16 00:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink DRV - [2008/07/15 23:40:58 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1IE - HKLM\..\SearchScopes,DefaultScope = {F8305D7D-CF69-465a-9003-813C6013A702}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:lyglkqaff6i&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:h6z8ss-efx2&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://chabadnc.org/IE - HKCU\..\SearchScopes,DefaultScope = {7D25A8ED-6A9F-4ADB-ACE0-F2F75D1F165B}IE - HKCU\..\SearchScopes\{7D25A8ED-6A9F-4ADB-ACE0-F2F75D1F165B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>========== FireFox ==========FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2FF - prefs.js..extensions.enabledItems: gmail_sigs@blankcanvasweb.com:1.16.1bFF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23FF - prefs.js..network.proxy.type: 0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not foundFF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustCheckerFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/29 21:34:58 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/29 20:56:07 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/29 21:35:08 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 18:42:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/23 12:49:57 | 000,000,000 | ---D | M][2009/04/23 23:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Extensions[2012/03/26 08:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions[2010/05/06 14:16:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/05/06 14:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash[2011/07/24 11:21:12 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}[2012/03/26 08:08:09 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}[2010/06/24 00:42:00 | 000,000,000 | ---D | M] (FatWallet Tools) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\fatcash@fatwallet.com[2010/03/12 15:58:44 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\LogMeInClient@logmein.com[2011/04/29 13:19:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\nostmp[2011/03/28 19:22:10 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\personas@christopher.beard[2010/07/19 18:00:48 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\support@predictad.com[2012/03/26 08:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\trash[2012/01/01 21:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROCHEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FOEF8YBJ.DEFAULT\EXTENSIONS\{65E41D20-F092-41B7-BB83-C6E8A9AB0F57}.XPI() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROCHEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FOEF8YBJ.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROCHEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FOEF8YBJ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI[2012/03/21 18:42:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012/02/20 12:27:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/02/20 12:27:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLLCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Spoon Plugin (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\npMozillaSpoonPlugin.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dllCHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\CHR - Extension: TrendMicro Toolbar = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\O1 HOSTS File: ([2012/03/31 22:22:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Video Download Toolbar Intercept) - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\Program Files\VideoDownloadToolbar\VideoDownloadToolbarIntercept.dll (Sakysoft s.r.l. uninominale)O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)O4 - HKCU..\Run: [Logicool Vid] C:\Program Files\Logicool\Logicool Vid\vid.exe (Logicool Co., Ltd)O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe ()O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\MamaBargains.lnk = C:\Program Files\MamaBargains\MamaBargains\MamaBargains.exe ()O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.32.lnk = C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox-Native.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92DCD7-91FF-45DA-A8C2-724596A291F2}: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VMActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUserActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET FrameworkActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /installActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,InstallActiveX: {8A1AD540-DEA7-C34D-5DE8-81DFBB3BB0D2} - Internet ExplorerActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUserActiveX: {8FF315A8-BB70-6141-9204-18040C39E700} - Browser CustomizationsActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax ProviderActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exeActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -ActiveX: {B55E267B-4F86-930D-DCB4-FF690BF0259C} - Microsoft Windows Media PlayerActiveX: {BB9C99C7-FFFE-3E43-2401-112C4D9599BC} - Vector Graphics Rendering (VML)ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET FrameworkActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET FrameworkActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash PlayerActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdateActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exeActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfigActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUPActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUPActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOEActiveX: Microsoft Base Smart Card Crypto Provider Package -NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk - C:\Documents and Settings\Rochel\Application Data\Microsoft\Installer\{8048F8E1-4A09-4EE8-BC72-01B49B999CE4}\_ACF4DAA81DB585838F4CFA.exe - ()MsConfig - StartUpReg: avast - hkey= - key= - File not foundMsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 0CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/04/01 19:47:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rochel\Desktop\OTL.exe[2012/03/31 22:25:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS[2012/03/31 21:47:09 | 004,452,445 | R--- | C] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\ComboFix.exe[2012/03/30 13:10:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rochel\Start Menu\Programs\Administrative Tools[2012/03/30 13:10:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\dds.com[2012/03/29 22:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2[2012/03/29 22:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF[2012/03/29 22:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles[2012/03/29 22:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrimoPDF[2012/03/29 20:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rochel\Start Menu\Programs\Trend Micro Titanium Maximum Security 2012[2012/03/29 20:56:51 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys[2012/03/29 20:56:46 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2012/03/29 20:56:46 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys[2012/03/29 20:56:46 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys[2012/03/29 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2012/03/29 20:06:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/03/29 18:01:03 | 000,000,000 | RHSD | C] -- C:\cmdcons[2012/03/29 15:11:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2012/03/29 15:11:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2012/03/29 15:11:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2012/03/29 15:11:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2012/03/29 15:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2012/03/29 14:27:56 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/03/29 10:33:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC[2012/03/28 22:40:29 | 000,000,000 | ---D | C] -- C:\Config.Msi[2012/03/27 19:42:49 | 000,000,000 | ---D | C] -- C:\temp[2012/03/27 16:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Trend Micro[2012/03/27 16:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trend Micro[2012/03/27 16:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro[2012/03/27 15:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai[2012/01/31 17:53:03 | 032,853,760 | ---- | C] (Code Systems Corporation) -- C:\Program Files\spoon-plugin-dotnet.exe[2012/01/01 20:47:30 | 015,292,208 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 9.0.1.exe[2011/08/18 23:14:15 | 003,089,056 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe[2011/07/24 12:05:28 | 065,981,368 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe[2011/07/24 11:17:19 | 006,062,368 | ---- | C] (Sakysoft s.r.l. uninominale ) -- C:\Program Files\video-download-toolbar-setup.exe[2011/07/24 10:40:23 | 008,532,623 | ---- | C] (GetFLV, Inc. ) -- C:\Program Files\gfsetup.exe[2011/07/17 15:07:24 | 014,276,088 | ---- | C] (Google Inc.) -- C:\Program Files\picasa38-setup.exe[2011/06/14 21:45:59 | 004,117,040 | ---- | C] (CBS Interactive) -- C:\Program Files\CNET_TechTracker_2_0_3_59_a_Setup.exe[2011/05/25 18:59:37 | 030,459,048 | ---- | C] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe[2011/04/29 13:05:23 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe[2011/04/06 13:52:03 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe[2010/11/14 00:01:39 | 002,443,360 | ---- | C] (http://www.divine-project.com/ ) -- C:\Program Files\divine-setup.exe[2010/10/04 14:26:50 | 000,947,592 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe[2010/09/15 18:38:50 | 007,633,259 | ---- | C] (FocusSoft.net ) -- C:\Program Files\fmcjsetup.exe[2010/09/15 18:31:00 | 004,585,944 | ---- | C] (ManiacTools.com ) -- C:\Program Files\mp3-splitter-joiner.exe[2010/07/26 15:31:14 | 030,218,224 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe[2010/07/25 23:59:19 | 001,155,635 | ---- | C] (ESCV ) -- C:\Program Files\EasyScreenCaptureVideo.exe[2010/07/20 22:38:11 | 000,689,560 | ---- | C] (IObit) -- C:\Program Files\iobituninstaller.exe[2010/07/19 17:58:47 | 002,411,072 | ---- | C] (CooolSoft, Inc. ) -- C:\Program Files\MP3Cutter.EXE[2010/07/19 16:48:47 | 038,084,600 | ---- | C] (RapidSolution Software AG) -- C:\Program Files\tunebite.exe[2010/06/24 14:31:54 | 008,587,672 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.4.exe[2010/06/22 14:40:45 | 032,532,792 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe[2010/05/06 16:35:19 | 000,562,864 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe[2010/04/18 23:01:07 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe[2010/04/16 17:47:31 | 004,071,176 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files\registrybooster.exe[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/04/01 19:47:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rochel\Desktop\OTL.exe[2012/04/01 19:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job[2012/04/01 19:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2012/04/01 19:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2012/04/01 09:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job[2012/04/01 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job[2012/03/31 22:26:08 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\MamaBargains.lnk[2012/03/31 22:24:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/03/31 22:22:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2012/03/31 22:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/03/31 21:46:01 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2012/03/31 21:46:00 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Google Chrome.lnk[2012/03/31 21:39:54 | 004,452,445 | R--- | M] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\ComboFix.exe[2012/03/31 21:31:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2012/03/31 21:30:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job[2012/03/30 13:10:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\dds.com[2012/03/29 22:07:21 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk[2012/03/29 22:07:20 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk[2012/03/29 22:07:19 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk[2012/03/29 22:06:29 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2012/03/29 22:06:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Windows Media Player.lnk[2012/03/29 22:06:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb[2012/03/29 22:06:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb[2012/03/29 22:04:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf[2012/03/29 22:02:57 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk[2012/03/29 22:02:19 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini[2012/03/29 20:57:43 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Trend Micro Titanium Maximum Security 2012.lnk[2012/03/29 20:56:44 | 000,525,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/03/29 20:56:44 | 000,102,070 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/03/29 20:55:31 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\SupportTool.exe.bat[2012/03/29 20:46:34 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2012/03/29 20:46:34 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys[2012/03/29 20:46:34 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys[2012/03/29 20:46:34 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys[2012/03/29 18:01:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2012/03/29 17:47:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2012/03/29 14:36:10 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro Titanium Maximum Security 2012 (2).lnk[2012/03/29 10:04:52 | 000,644,658 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB[2012/03/27 22:06:44 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Rochel\My Documents\spider.sav[2012/03/27 15:54:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2012/03/27 12:51:23 | 000,001,017 | ---- | M] () -- C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\Dropbox.lnk[2012/03/27 12:51:23 | 000,001,017 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Dropbox.lnk[2012/03/25 20:08:05 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Adobe PNG Format CS5 Prefs[2012/03/23 12:49:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk[2012/03/14 09:55:14 | 003,977,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012/03/04 02:35:42 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2012/03/29 22:04:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf[2012/03/29 22:04:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK[2012/03/29 22:02:57 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk[2012/03/29 20:57:42 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Rochel\Desktop\Trend Micro Titanium Maximum Security 2012.lnk[2012/03/29 18:01:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2012/03/29 18:01:06 | 000,260,272 | RHS- | C] () -- C:\cmldr[2012/03/29 15:11:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe[2012/03/29 15:11:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe[2012/03/29 15:11:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2012/03/29 15:11:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2012/03/29 15:11:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2012/03/29 14:36:10 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro Titanium Maximum Security 2012 (2).lnk[2012/03/28 15:54:26 | 000,644,658 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB[2012/03/27 16:10:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat[2012/03/23 12:49:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk[2012/03/23 12:49:58 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk[2012/02/26 10:32:22 | 000,000,326 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\PrimoPDFSet.xml[2012/02/16 01:30:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2012/02/02 00:40:22 | 000,538,200 | ---- | C] () -- C:\Program Files\smartdraw_11E_QDO56_setup.exe[2011/12/12 00:14:45 | 064,207,032 | ---- | C] () -- C:\Program Files\setup_av_free_cnet.exe[2011/12/08 16:55:10 | 000,000,108 | ---- | C] () -- C:\Program Files\hirtcamp.com[2011/12/01 14:17:43 | 000,143,768 | ---- | C] () -- C:\Program Files\MamabargainsAir.air[2011/07/24 11:08:49 | 000,858,940 | ---- | C] () -- C:\Program Files\toolbar_setup411.exe[2011/07/24 11:02:39 | 005,153,792 | ---- | C] () -- C:\Program Files\YouTubeDownloaderSetup32.exe[2011/06/16 19:05:50 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs[2011/06/14 21:55:27 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe[2011/06/14 21:55:26 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys[2011/06/07 11:14:25 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rochel\Application Data\Adobe IllExport Filter CS5 Prefs[2011/06/06 00:18:58 | 000,109,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat[2011/05/29 17:49:59 | 056,923,744 | ---- | C] () -- C:\Program Files\setup_av_free.exe[2011/05/15 20:24:33 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rochel\Application Data\Adobe PNG Format CS5 Prefs[2011/05/13 11:43:19 | 002,431,520 | ---- | C] () -- C:\Program Files\AdobeDownloadAssistant.exe[2011/04/11 20:47:58 | 051,349,520 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini[2010/11/23 16:47:36 | 013,525,424 | ---- | C] () -- C:\Program Files\Dropbox 0.7.110.exe[2010/11/14 00:35:02 | 006,780,771 | ---- | C] () -- C:\Program Files\beta-docs.chm[2010/10/04 14:30:26 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010/09/28 11:41:58 | 000,225,672 | ---- | C] () -- C:\Program Files\CrucialScan.exe[2010/09/26 20:59:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll[2010/09/26 20:53:45 | 000,469,504 | ---- | C] () -- C:\Program Files\ACTPrinterSetup.exe[2010/09/15 18:40:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll[2010/07/22 14:21:58 | 000,000,668 | ---- | C] () -- C:\WINDOWS\Mp3CutterJoiner.ini[2010/07/20 22:46:21 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySMP3CutJoin.dat[2010/07/20 22:41:47 | 003,087,086 | ---- | C] ( ) -- C:\Program Files\mp3cutterjoiner.exe[2010/06/07 08:37:13 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8f4VCiqmw.dat[2010/04/18 22:08:52 | 000,529,800 | ---- | C] () -- C:\Program Files\smartdraw_10E_H3HE9_A_setup.exe========== LOP Check ==========[2010/06/16 19:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software[2012/03/28 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software[2010/06/16 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9[2010/01/09 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite[2010/11/14 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divine[2009/07/28 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP[2009/11/01 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE[2010/02/23 14:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo[2011/12/07 12:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit[2009/05/12 22:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn[2011/05/25 19:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark[2010/07/19 17:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution[2012/01/04 12:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe[2010/02/23 14:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc[2010/02/24 13:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems[2010/05/31 01:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update[2009/09/22 02:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan[2011/04/06 14:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[2010/09/26 21:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\ACTPrinter[2011/11/17 14:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Blackboard[2011/06/14 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\CBS Interactive[2011/05/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2009/10/13 14:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\CheckPoint[2009/10/22 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\CoffeeCup Software[2011/11/17 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Collaborate[2011/05/13 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant[2011/06/06 00:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1[2011/06/19 22:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.dwuser.erwizard.EasyRotatorWizard[2011/08/19 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1[2011/02/23 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Divine[2012/03/31 22:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Dropbox[2010/10/20 14:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Elluminate[2010/05/31 01:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\FE0E3AD4F82198DD9A575A296B182636[2010/09/15 18:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Focus Mp3 Cutter Joiner[2011/07/24 11:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\FVDIEPlugin[2009/04/29 12:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\GetRightToGo[2009/11/01 20:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\GlobalSCAPE[2011/12/02 10:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\index.htm.MamaBargains[2012/02/02 01:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\IObit[2009/10/30 14:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Littlelan[2010/09/15 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Power MP3 Cutter[2010/07/19 18:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Power Mp3 Recorder[2009/11/05 04:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Quark[2011/04/11 20:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Sammsoft[2010/02/21 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Samsung[2012/02/02 00:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\SmartDraw[2011/07/24 11:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\somototoolbar[2009/04/24 09:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Southwest Airlines[2011/06/04 23:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2011/09/12 14:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\TeamViewer[2010/02/24 13:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Ulead Systems[2010/04/16 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Uniblue[2011/07/24 11:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\vmntemplate[2009/04/16 04:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Windows Desktop Search[2009/04/23 21:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Windows Search[2012/03/31 21:30:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*. >[2012/03/29 20:06:35 | 000,000,000 | ---D | M] -- C:\boot[2012/03/29 18:01:16 | 000,000,000 | RHSD | M] -- C:\cmdcons[2012/03/29 20:54:39 | 000,000,000 | ---D | M] -- C:\Config.Msi[2009/08/22 03:03:45 | 000,000,000 | ---D | M] -- C:\d0cdb53f1a2fb505c5[2009/04/24 13:50:09 | 000,000,000 | ---D | M] -- C:\DELL[2009/05/14 11:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings[2009/04/16 11:02:13 | 000,000,000 | ---D | M] -- C:\drivers[2009/02/25 13:03:48 | 000,000,000 | ---D | M] -- C:\EFI[2009/08/06 20:33:27 | 000,000,000 | ---D | M] -- C:\Hasbro[2009/04/16 04:09:56 | 000,000,000 | ---D | M] -- C:\I386[2009/04/29 12:11:09 | 000,000,000 | R--D | M] -- C:\MSOCache[2010/09/14 16:23:57 | 000,000,000 | ---D | M] -- C:\My Music[2012/03/31 22:19:26 | 000,000,000 | R--D | M] -- C:\Program Files[2012/03/31 22:31:42 | 000,000,000 | ---D | M] -- C:\Qoobox[2010/02/23 14:12:29 | 000,000,000 | ---D | M] -- C:\SmartSound Software[2012/03/29 14:54:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information[2012/03/29 20:06:35 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine[2012/03/27 19:42:49 | 000,000,000 | ---D | M] -- C:\temp[2012/03/31 22:25:17 | 000,000,000 | ---D | M] -- C:\WINDOWS[2010/07/07 16:16:54 | 000,000,000 | ---D | M] -- C:\_AcroTemp< %PROGRAMFILES%\*.exe >[2010/02/21 22:35:11 | 082,452,960 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\a897_PCStudio.exe[2009/04/24 16:33:09 | 342,437,920 | ---- | M] ( ) -- C:\Program Files\AcroPro90_efg.exe[2010/09/26 20:53:46 | 000,469,504 | ---- | M] () -- C:\Program Files\ACTPrinterSetup.exe[2009/04/24 16:49:12 | 001,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe Acrobat 9 Pro.lnk.exe[2011/05/13 11:48:06 | 002,431,520 | ---- | M] () -- C:\Program Files\AdobeDownloadAssistant.exe[2010/01/07 23:20:15 | 011,029,387 | ---- | M] (AoAMedia.com ) -- C:\Program Files\aoaaudioextractor.exe[2012/01/22 14:42:08 | 030,218,224 | ---- | M] (IObit ) -- C:\Program Files\asc-setup.exe[2011/05/25 19:03:06 | 030,459,048 | ---- | M] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe[2011/04/11 20:54:39 | 051,349,520 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe[2011/07/24 12:14:49 | 065,981,368 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe[2011/06/14 21:46:53 | 004,117,040 | ---- | M] (CBS Interactive) -- C:\Program Files\CNET_TechTracker_2_0_3_59_a_Setup.exe[2009/10/22 21:01:31 | 007,492,592 | ---- | M] (BitRock SL) -- C:\Program Files\CoffeeFreeFTPInstaller4.2.exe[2010/09/28 11:42:01 | 000,225,672 | ---- | M] () -- C:\Program Files\CrucialScan.exe[2009/11/01 20:40:48 | 021,785,928 | ---- | M] (GlobalSCAPE, Inc. ) -- C:\Program Files\cuteftppro.exe[2009/12/02 14:38:58 | 006,599,680 | ---- | M] () -- C:\Program Files\DingInstall-1.05.exe[2010/11/14 00:02:39 | 002,443,360 | ---- | M] (http://www.divine-project.com/ ) -- C:\Program Files\divine-setup.exe[2010/11/23 16:48:32 | 013,525,424 | ---- | M] () -- C:\Program Files\Dropbox 0.7.110.exe[2004/05/24 23:01:46 | 001,155,635 | ---- | M] (ESCV ) -- C:\Program Files\EasyScreenCaptureVideo.exe[2010/06/24 14:32:11 | 008,587,672 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.4.exe[2011/04/29 13:06:26 | 012,521,992 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe[2012/01/01 20:51:06 | 015,292,208 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 9.0.1.exe[2010/09/15 18:39:25 | 007,633,259 | ---- | M] (FocusSoft.net ) -- C:\Program Files\fmcjsetup.exe[2009/07/28 00:05:17 | 001,876,292 | ---- | M] (MGShareware ) -- C:\Program Files\freeripmp3.exe[2009/07/23 11:26:02 | 007,858,801 | ---- | M] () -- C:\Program Files\Freeware_PrimoPDF.exe[2011/07/24 10:40:59 | 008,532,623 | ---- | M] (GetFLV, Inc. ) -- C:\Program Files\gfsetup.exe[2010/04/18 23:01:09 | 000,562,848 | ---- | M] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe[2010/05/06 16:35:21 | 000,562,864 | ---- | M] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe[2009/04/30 19:14:45 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe[2011/08/19 11:16:26 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe[2010/07/20 22:38:11 | 000,689,560 | ---- | M] (IObit) -- C:\Program Files\iobituninstaller.exe[2011/04/06 13:58:21 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe[2009/04/29 13:04:51 | 002,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe[2010/09/15 18:31:20 | 004,585,944 | ---- | M] (ManiacTools.com ) -- C:\Program Files\mp3-splitter-joiner.exe[2010/07/19 17:59:01 | 002,411,072 | ---- | M] (CooolSoft, Inc. ) -- C:\Program Files\MP3Cutter.EXE[2010/07/20 22:42:10 | 003,087,086 | ---- | M] ( ) -- C:\Program Files\mp3cutterjoiner.exe[2010/09/15 01:02:32 | 002,007,072 | ---- | M] (Piston Software ) -- C:\Program Files\mp3joiner_setup.exe[2009/10/30 14:03:32 | 001,505,049 | ---- | M] (LittleLan.com ) -- C:\Program Files\Mp3nity_2.1_Setup.exe[2011/07/17 15:08:28 | 014,276,088 | ---- | M] (Google Inc.) -- C:\Program Files\picasa38-setup.exe[2009/07/08 15:02:41 | 021,935,408 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe[2010/04/16 17:47:38 | 004,071,176 | ---- | M] (Uniblue Systems Ltd ) -- C:\Program Files\registrybooster.exe[2010/06/22 14:43:31 | 032,532,792 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe[2011/05/29 17:55:13 | 056,923,744 | ---- | M] () -- C:\Program Files\setup_av_free.exe[2011/12/12 00:22:42 | 064,207,032 | ---- | M] () -- C:\Program Files\setup_av_free_cnet.exe[2009/07/27 22:57:43 | 012,154,344 | ---- | M] (SmartSoft Ltd) -- C:\Program Files\SFTPMSI.exe[2009/09/08 13:35:07 | 004,938,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe[2010/10/04 14:26:50 | 000,947,592 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe[2010/04/18 22:08:54 | 000,529,800 | ---- | M] () -- C:\Program Files\smartdraw_10E_H3HE9_A_setup.exe[2012/02/02 00:40:23 | 000,538,200 | ---- | M] () -- C:\Program Files\smartdraw_11E_QDO56_setup.exe[2012/01/31 17:57:00 | 032,853,760 | ---- | M] (Code Systems Corporation) -- C:\Program Files\spoon-plugin-dotnet.exe[2009/07/27 23:51:46 | 002,693,610 | ---- | M] (Naturpic Software ) -- C:\Program Files\swmsetup.exe[2011/07/24 11:08:49 | 000,858,940 | ---- | M] () -- C:\Program Files\toolbar_setup411.exe[2010/07/19 16:52:01 | 038,084,600 | ---- | M] (RapidSolution Software AG) -- C:\Program Files\tunebite.exe[2011/07/24 11:17:47 | 006,062,368 | ---- | M] (Sakysoft s.r.l. uninominale ) -- C:\Program Files\video-download-toolbar-setup.exe[2009/07/10 12:46:12 | 001,234,120 | ---- | M] () -- C:\Program Files\wrar380.exe[2009/07/17 12:37:23 | 003,654,395 | ---- | M] (Spacejock Software ) -- C:\Program Files\ybkfull.exe[2011/07/24 11:02:39 | 005,153,792 | ---- | M] () -- C:\Program Files\YouTubeDownloaderSetup32.exeInvalid Environment Variable: LOCALAPPDATA< %systemroot%\*. /mp /s >< %systemroot%\system32\*.manifest /3 >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< MD5 for: EXPLORER.EXE >[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe< MD5 for: I8042PRT.SYS >[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:i8042prt.sys[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys< MD5 for: REGEDIT.EXE >[2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\I386\REGEDIT.EXE[2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe[2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe< MD5 for: USERINIT.EXE >[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe< MD5 for: WINLOGON.EXE >[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/02/03 05:26:17 | 001,869,184 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-01 01:32:04< End of report > Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 2, 2012 Author ID:539109 Share Posted April 2, 2012 OTL Extras logfile created on: 4/1/2012 7:54:04 PM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rochel\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.73% Memory free4.83 Gb Paging File | 3.87 Gb Available in Paging File | 80.20% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 298.05 Gb Total Space | 224.76 Gb Free Space | 75.41% Space Free | Partition Type: NTFSDrive D: | 7.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: ROCHELHOMEPC | User Name: Rochel | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %ljsfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]"DisableMonitoring" = 1========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)"C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe" = C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF -- (Nitro PDF)"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java Web Start Launcher -- (Sun Microsystems, Inc.)"C:\Program Files\CoffeeCup Software\Free FTP\FreeFTP.exe" = C:\Program Files\CoffeeCup Software\Free FTP\FreeFTP.exe:*:Enabled:Direct FTP Application -- (CoffeeCup Software, Inc.)"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)"C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)"C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)"C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc)"C:\Program Files\Logicool\Logicool Vid\Vid.exe" = C:\Program Files\Logicool\Logicool Vid\Vid.exe:*:Enabled:Logicool Vid -- (Logicool Co., Ltd)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7811787C-BB20-4878-BA62-6AD0D503467F}" = Logicool Vid"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn"{8048F8E1-4A09-4EE8-BC72-01B49B999CE4}" = ACTPrinter Win Client"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin"{8895618F-E9D7-4391-B7BB-48DE14923E17}" = Tunebite"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9BF07516-4C12-4244-92B0-BAB1026D47E0}" = Logicool Webcam Software"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security 2012"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0"{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}" = Adobe Creative Suite 5.5 Web Premium"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update"{C6887F84-0895-7B5A-B0BF-8D5F9A448C7D}" = Picaboo X"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker"{D6BCB0B1-9AC8-407B-B679-F925A01F2B2C}" = Bonjour Print Services"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E673420E-340A-3AA2-DBD3-4B7B298303CF}" = MamaBargains"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR"Act Printer" = Act Printer"Adobe AIR" = Adobe AIR"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3"Advanced SystemCare 5_is1" = Advanced SystemCare 5"AVS Update Manager_is1" = AVS Update Manager 1.0"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2"Carbonite Backup" = Carbonite"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP"com.adobe.dmp.contentviewer" = Adobe Content Viewer"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X"ENTERPRISE" = Microsoft Office Enterprise 2007"Focus MP3 Cutter Joiner_is1" = Focus MP3 Cutter Joiner 3.5"Game Booster_is1" = Game Booster"GanttProject" = GanttProject"HDMI" = Intel® Graphics Media Accelerator Driver"ie8" = Windows Internet Explorer 8"index.htm.MamaBargains" = MamaBargains"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio"IObit Malware Fighter_is1" = IObit Malware Fighter"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft SQL Server 2005" = Microsoft SQL Server 2005"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"Picasa 3" = Picasa 3"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v5.2.0.0"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software"RocketLife" = RocketLife"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software"ShapeCollage" = Shape Collage"SMALLBUSINESSR" = Microsoft Office Small Business 2007 Trial"Smart Defrag 2_is1" = Smart Defrag 2"SmartDraw 2012" = SmartDraw 2012"Video Download FileBulldog Toolbar" = Video Download FileBulldog Toolbar"Video Download Toolbar_is1" = Video Download Toolbar 2.1.0.0"Windows Media Encoder 9" = Windows Media Encoder 9 Series"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WinLiveSuite_Wave3" = Windows Live Essentials"WinRAR archiver" = WinRAR archiver"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Akamai" = Akamai NetSession Interface"CNET TechTracker" = CNET TechTracker"Dropbox" = Dropbox"Google Chrome" = Google Chrome"Spoon Sandbox Manager 3.32" = Spoon Sandbox Manager 3.32========== Last 10 Event Log Errors ==========[ Application Events ]Error - 3/30/2012 3:36:04 PM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 3/30/2012 7:36:54 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 3/30/2012 7:36:54 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1937Error - 3/30/2012 7:36:54 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1937Error - 3/30/2012 7:36:56 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 3/30/2012 7:36:56 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 4000Error - 3/31/2012 9:28:13 PM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 3/31/2012 9:28:14 PM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 3/31/2012 9:28:17 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 4/1/2012 7:42:30 AM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ OSession Events ]Error - 10/9/2009 12:01:01 PM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2749 seconds with 120 seconds of active time. This session ended with a crash.Error - 5/26/2010 3:47:54 PM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6527.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 837661 seconds with 360 seconds of active time. This session ended with a crash.Error - 12/6/2011 1:56:19 PM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 343322 seconds with 4500 seconds of active time. This session ended with a crash.Error - 3/27/2012 12:51:25 AM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 284597 seconds with 960 seconds of active time. This session ended with a crash.[ System Events ]Error - 3/30/2012 6:00:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901Description = The At67.job command failed to start due to the following error: %%2147942402Error - 3/30/2012 6:34:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901Description = The At19.job command failed to start due to the following error: %%2147942402Error - 3/30/2012 7:00:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901Description = The At44.job command failed to start due to the following error: %%2147942402Error - 3/30/2012 7:00:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901Description = The At68.job command failed to start due to the following error: %%2147942402Error - 3/30/2012 7:34:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901Description = The At20.job command failed to start due to the following error: %%2147942402Error - 3/31/2012 9:28:24 PM | Computer Name = ROCHELHOMEPC | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.1.69 on the Network Card with network address 0023AE7951FF.Error - 3/31/2012 9:34:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901Description = The At22.job command failed to start due to the following error: %%2147942402Error - 3/31/2012 9:51:35 PM | Computer Name = ROCHELHOMEPC | Source = Service Control Manager | ID = 7034Description = The Process Monitor service terminated unexpectedly. It has donethis 1 time(s).Error - 3/31/2012 10:08:49 PM | Computer Name = ROCHELHOMEPC | Source = Service Control Manager | ID = 7022Description = The Windows Image Acquisition (WIA) service hung on starting.Error - 3/31/2012 10:10:57 PM | Computer Name = ROCHELHOMEPC | Source = Service Control Manager | ID = 7034Description = The Process Monitor service terminated unexpectedly. It has donethis 1 time(s).< End of report > Link to post Share on other sites More sharing options...
Larusso Posted April 2, 2012 ID:539226 Share Posted April 2, 2012 Thanks Advanced SystemCare 5 and IObit Malware FighterIObit is a Rogue software based in China is stealing and incorporating proprietary databases and intellectual property into their software. Please read this link which explain why I do not recommend this kind of software.So please,Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):All instances of IObitDouble click on the OTL icon to run it.Copy/paste the entire contents of the codebox below into the Box::processeskillallprocesses:otlDRV - File not found [Kernel | Boot | Stopped] -- -- (bhyylicz):filesdir /s /a /b C:\WINDOWS\XSxS /cC:\I386\sp3.cab:i8042prt.sys /eC:\WINDOWS\system32\drivers\i8042prt.sys | c:\i8042prt.sys /replace:commands[reboot] Please close all other programs now. Then click the Run Fix button at the top. OTL may ask to reboot the machine. Please do so if asked. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.Please post the log in your next reply.Disable your AntiVirus and AntiSpyware applications.Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review. Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 2, 2012 Author ID:539248 Share Posted April 2, 2012 Thanks for the information on IObit and Advanced System Care. I removed both of them as you suggested but when I removed Advanced System Care I got a pop-up that said some components would have to be uninstalled manually but didnt say what they were.here's the OTL log:========== PROCESSES ==========All processes killed========== OTL ==========Service bhyylicz stopped successfully!Service bhyylicz deleted successfully!========== FILES ==========< dir /s /a /b C:\WINDOWS\XSxS /c >C:\WINDOWS\XSxS\ManifestsC:\WINDOWS\XSxS\X86_alink@1.0.0.0C:\WINDOWS\XSxS\X86_applaunch@1.0.0.0C:\WINDOWS\XSxS\X86_CORPerfMonExt@1.0.0.0C:\WINDOWS\XSxS\X86_csc@1.0.0.0C:\WINDOWS\XSxS\X86_cscomp@1.0.0.0C:\WINDOWS\XSxS\X86_culture@1.0.0.0C:\WINDOWS\XSxS\X86_CustomMarshalers@1.0.0.0C:\WINDOWS\XSxS\X86_cvtres@1.0.0.0C:\WINDOWS\XSxS\X86_dfdll@1.0.0.0C:\WINDOWS\XSxS\X86_diasymreader@1.0.0.0C:\WINDOWS\XSxS\X86_fusion@1.0.0.0C:\WINDOWS\XSxS\X86_ilasm@1.0.0.0C:\WINDOWS\XSxS\X86_ISymWrapper@1.0.0.0C:\WINDOWS\XSxS\x86_Microsoft.VC80.CRT@8.0.50727.1433C:\WINDOWS\XSxS\X86_mscordbc@1.0.0.0C:\WINDOWS\XSxS\X86_mscordbi@1.0.0.0C:\WINDOWS\XSxS\X86_mscorie@1.0.0.0C:\WINDOWS\XSxS\X86_mscorjit@1.0.0.0C:\WINDOWS\XSxS\X86_mscorld@1.0.0.0C:\WINDOWS\XSxS\X86_mscorpe@1.0.0.0C:\WINDOWS\XSxS\X86_mscorsec@1.0.0.0C:\WINDOWS\XSxS\X86_mscorsn@1.0.0.0C:\WINDOWS\XSxS\X86_mscorsvc@1.0.0.0C:\WINDOWS\XSxS\X86_mscorsvw@1.0.0.0C:\WINDOWS\XSxS\X86_mscortim@1.0.0.0C:\WINDOWS\XSxS\X86_mscorwks@1.0.0.0C:\WINDOWS\XSxS\X86_ngen@1.0.0.0C:\WINDOWS\XSxS\X86_normalization@1.0.0.0C:\WINDOWS\XSxS\X86_perfcounter@1.0.0.0C:\WINDOWS\XSxS\X86_peverify@1.0.0.0C:\WINDOWS\XSxS\X86_shfusion@1.0.0.0C:\WINDOWS\XSxS\X86_shfusres@1.0.0.0C:\WINDOWS\XSxS\X86_System.Data.OracleClient@1.0.0.0C:\WINDOWS\XSxS\X86_System.Data@1.0.0.0C:\WINDOWS\XSxS\X86_System.EnterpriseServices.Wrapper@1.0.0.0C:\WINDOWS\XSxS\X86_System.EnterpriseServices@2.0.0.0C:\WINDOWS\XSxS\X86_System.Transactions@1.0.0.0C:\WINDOWS\XSxS\X86_vbc@1.0.0.0C:\WINDOWS\XSxS\X86_webengine@1.0.0.0C:\WINDOWS\XSxS\X86_WMINet_Utils@1.0.0.0C:\WINDOWS\XSxS\_MSBuild@2.0.0.0C:\Documents and Settings\Rochel\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\Rochel\Desktop\cmd.txt deleted successfully.i8042prt.sys extracted to C:\ File C:\WINDOWS\system32\drivers\i8042prt.sys successfully replaced with c:\i8042prt.sys========== COMMANDS ==========OTL by OldTimer - Version 3.2.39.2 log created on 04022012_121349Files\Folders moved on Reboot...Registry entries deleted on Reboot...Here's the Combofix log:ComboFix 12-03-31.03 - Rochel 04/02/2012 12:22:52.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2281 [GMT -4:00]Running from: c:\documents and settings\Rochel\Desktop\ComboFix.exeAV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\XSxS..((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))..2012-04-02 16:13 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys2012-04-02 16:13 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys2012-04-02 16:13 . 2008-04-14 04:48 52480 ----a-w- C:\i8042prt.sys2012-04-02 16:13 . 2012-04-02 16:13 -------- d-----w- C:\_OTL2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 22012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Trend Micro2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro2012-03-27 19:36 . 2012-03-30 00:45 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Akamai2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll.<pre>c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exec:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe</pre>.((((((((((((((((((((((((((((( SnapShot@2012-04-01_02.22.33 ))))))))))))))))))))))))))))))))))))))))).+ 2012-04-02 16:38 . 2012-04-02 16:38 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat+ 2012-04-02 16:31 . 2012-04-02 16:31 16384 c:\windows\Temp\Perflib_Perfdata_270.dat+ 2012-04-02 16:31 . 2012-04-02 16:31 16384 c:\windows\Temp\Perflib_Perfdata_12c.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\Rochel\Start Menu\Programs\Startup\CNET TechTracker.lnk - c:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]Dropbox.lnk - c:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]MamaBargains.lnk - c:\program files\MamaBargains\MamaBargains\MamaBargains.exe [2011-12-2 142848].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll.[HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk]path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnkbackup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]c:\program files\AVAST Software\Avast\avastUI.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"="c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"="c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "1475:TCP"= 1475:TCP:Akamai NetSession Interface"5000:UDP"= 5000:UDP:Akamai NetSession Interface.R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/14/2011 9:55 PM 13496]R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368]R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240]S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976]S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe.Contents of the 'Scheduled Tasks' folder.2012-04-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46].2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-02 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://chabadnc.org/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\FF - prefs.js: network.proxy.type - 0FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-04-02 12:35Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85"oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c"naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85"oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00"najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2"hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2"ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1068)c:\windows\system32\LMIinit.dll.- - - - - - - > 'explorer.exe'(5560)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dllc:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Roxio\Drag-to-Disc\Shellex.dllc:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLLc:\program files\Roxio\Drag-to-Disc\ShellRes.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Trend Micro\AMSP\coreFrameworkHost.exec:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Carbonite\Carbonite Backup\carboniteservice.exec:\program files\Java\jre6\bin\jqs.exec:\program files\LogMeIn\x86\RaMaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\windows\system32\SearchIndexer.exec:\windows\system32\igfxsrvc.exec:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2012-04-02 12:41:12 - machine was rebootedComboFix-quarantined-files.txt 2012-04-02 16:41ComboFix2.txt 2012-04-01 02:31.Pre-Run: 241,274,155,008 bytes freePost-Run: 241,236,877,312 bytes free.- - End Of File - - 314C27E369634B4440A1C8C790D27805 Link to post Share on other sites More sharing options...
Larusso Posted April 3, 2012 ID:539419 Share Posted April 3, 2012 Well done Open notepad and copy/paste the text in the Code-box below into it:File::C:\i8042prt.sysRenV::c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exec:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exeFileLook::c:\program files\ybkfull.exe Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Larusso Posted April 5, 2012 ID:540060 Share Posted April 5, 2012 Hy there.Are you still with us ? If I do not hear from you within 24 hours, this topic will be closed Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 5, 2012 Author ID:540105 Share Posted April 5, 2012 Sorry the Passover holiday is coming and the preparations took me away from the computer. Here's the logComboFix 12-03-31.03 - Rochel 04/05/2012 8:43.4.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2248 [GMT -4:00]Running from: c:\documents and settings\Rochel\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Rochel\Desktop\CFScript.txtAV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}.FILE ::"C:\i8042prt.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\i8042prt.sys..((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))..2012-04-02 16:13 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys2012-04-02 16:13 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys2012-04-02 16:13 . 2012-04-02 16:13 -------- d-----w- C:\_OTL2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 22012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Trend Micro2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro2012-03-27 19:36 . 2012-03-30 00:45 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Akamai2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll.<pre>c:\program files\Analog Devices\Core\smax4pnp .exec:\program files\AVG\AVG9\avgtray .exec:\program files\Carbonite\Carbonite Backup\CarboniteUI .exec:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exec:\program files\Corel\Corel VideoStudio 12\uvPL .exec:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exec:\program files\Java\jre6\bin\jusched .exec:\program files\Logicool\Logicool WebCam Software\LWS .exec:\program files\LogMeIn\x86\LogMeInSystray .exec:\program files\Microsoft Office\Office12\GrooveMonitor .exec:\program files\QuickTime\qttask .exe</pre>.(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))..--- c:\program files\ybkfull.exe ---Company: Spacejock SoftwareFile Description: yBook SetupFile Version: Product Name: yBookCopyright: Original Filename: File size: 3654395Created time: 2009-07-17 16:37Modified time: 2009-07-17 16:37MD5: 435F5722ADB78123D0563930055D2D48SHA1: AEAD6B0C9F01B2CADBCA5BBEC92AACFBB9AAE886..((((((((((((((((((((((((((((( SnapShot@2012-04-01_02.22.33 ))))))))))))))))))))))))))))))))))))))))).+ 2012-04-02 16:31 . 2012-04-02 16:31 16384 c:\windows\Temp\Perflib_Perfdata_270.dat+ 2012-04-02 16:31 . 2012-04-02 16:31 16384 c:\windows\Temp\Perflib_Perfdata_12c.dat+ 2012-04-02 16:31 . 2012-04-02 16:36 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll- 2012-04-01 02:22 . 2012-04-01 02:22 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll+ 2012-04-03 23:44 . 2012-04-03 23:44 341504 c:\windows\Installer\6b29ef3.msi.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\Rochel\Start Menu\Programs\Startup\CNET TechTracker.lnk - c:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]Dropbox.lnk - c:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]MamaBargains.lnk - c:\program files\MamaBargains\MamaBargains\MamaBargains.exe [2011-12-2 142848].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll.[HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk]path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnkbackup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]c:\program files\AVAST Software\Avast\avastUI.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"="c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"="c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management .R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064]R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/14/2011 9:55 PM 13496]R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240]S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976]S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe.Contents of the 'Scheduled Tasks' folder.2012-04-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46].2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://chabadnc.org/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\FF - prefs.js: network.proxy.type - 0FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-04-05 08:51Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85"oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c"naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85"oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00"najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2"hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2"ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1068)c:\windows\system32\LMIinit.dll.Completion time: 2012-04-05 08:53:07ComboFix-quarantined-files.txt 2012-04-05 12:52ComboFix2.txt 2012-04-02 16:41ComboFix3.txt 2012-04-01 02:31.Pre-Run: 241,072,480,256 bytes freePost-Run: 241,058,562,048 bytes free.- - End Of File - - B54258B463216040E219635ACB463207 Link to post Share on other sites More sharing options...
Larusso Posted April 5, 2012 ID:540183 Share Posted April 5, 2012 No Problem Open notepad and copy/paste the text in the Code-box below into it:RenV::c:\program files\Analog Devices\Core\smax4pnp .exec:\program files\AVG\AVG9\avgtray .exec:\program files\Carbonite\Carbonite Backup\CarboniteUI .exec:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exec:\program files\Corel\Corel VideoStudio 12\uvPL .exec:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exec:\program files\Java\jre6\bin\jusched .exec:\program files\Logicool\Logicool WebCam Software\LWS .exec:\program files\LogMeIn\x86\LogMeInSystray .exec:\program files\Microsoft Office\Office12\GrooveMonitor .exec:\program files\QuickTime\qttask .exeReboot:: Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 5, 2012 Author ID:540253 Share Posted April 5, 2012 I'm getting a message that my combofix (downloaded on March 30th or something) is expired and will run on a lower level. (or something like that). What should I do? Link to post Share on other sites More sharing options...
Larusso Posted April 5, 2012 ID:540267 Share Posted April 5, 2012 Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.Follow the instructions from ma previous answer Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 5, 2012 Author ID:540312 Share Posted April 5, 2012 ComboFix 12-04-05.06 - Rochel 04/05/2012 19:00:50.6.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2282 [GMT -4:00]Running from: c:\documents and settings\Rochel\My Documents\Downloads\ComboFix.exeCommand switches used :: c:\documents and settings\Rochel\Desktop\CFScript.txtAV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}..((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))..2012-04-02 16:13 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys2012-04-02 16:13 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys2012-04-02 16:13 . 2012-04-02 16:13 -------- d-----w- C:\_OTL2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 22012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Trend Micro2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro2012-03-27 19:36 . 2012-03-30 00:45 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Akamai2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2012-04-01_02.22.33 ))))))))))))))))))))))))))))))))))))))))).+ 2012-04-05 23:05 . 2012-04-05 23:05 16384 c:\windows\Temp\Perflib_Perfdata_274.dat+ 2012-04-05 23:05 . 2012-04-05 23:05 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat+ 2012-04-05 23:05 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll- 2012-04-01 02:22 . 2012-04-01 02:22 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll+ 2012-04-03 23:44 . 2012-04-03 23:44 341504 c:\windows\Installer\6b29ef3.msi.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\Rochel\Start Menu\Programs\Startup\CNET TechTracker.lnk - c:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]Dropbox.lnk - c:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]MamaBargains.lnk - c:\program files\MamaBargains\MamaBargains\MamaBargains.exe [2011-12-2 142848].c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll.[HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk]path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnkbackup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"="c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"="c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"="c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "1045:TCP"= 1045:TCP:Akamai NetSession Interface"5000:UDP"= 5000:UDP:Akamai NetSession Interface.R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064]R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368]R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848]S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240]S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976]S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe.Contents of the 'Scheduled Tasks' folder.2012-04-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46].2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42].2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job- c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17].2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://chabadnc.org/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\FF - prefs.js: network.proxy.type - 0FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-04-05 19:07Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85"oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c"naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85"oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00"najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f.[HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2"hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2"ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1068)c:\windows\system32\LMIinit.dll.- - - - - - - > 'explorer.exe'(3860)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dllc:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Roxio\Drag-to-Disc\Shellex.dllc:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLLc:\program files\Roxio\Drag-to-Disc\ShellRes.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\LMIRfsClientNP.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Trend Micro\AMSP\coreFrameworkHost.exec:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Carbonite\Carbonite Backup\carboniteservice.exec:\program files\Java\jre6\bin\jqs.exec:\program files\LogMeIn\x86\RaMaint.exec:\program files\LogMeIn\x86\LogMeIn.exec:\program files\LogMeIn\x86\LMIGuardian.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\windows\system32\SearchIndexer.exec:\windows\system32\igfxsrvc.exec:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2012-04-05 19:13:47 - machine was rebootedComboFix-quarantined-files.txt 2012-04-05 23:13ComboFix2.txt 2012-04-05 19:50ComboFix3.txt 2012-04-05 12:53ComboFix4.txt 2012-04-02 16:41ComboFix5.txt 2012-04-05 22:58.Pre-Run: 241,037,287,424 bytes freePost-Run: 240,990,359,552 bytes free.- - End Of File - - BE4FB2D62F723BB7EC6F7D3B0C1E30B3 Link to post Share on other sites More sharing options...
Larusso Posted April 6, 2012 ID:540448 Share Posted April 6, 2012 Good work.How is your system behaving now ?I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform Quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Save it to your desktop.Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.Go here to run an online scanner from ESET.Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checkedClick StartWait for the scan to finishWhen the scan completes, push Push , and save the file to your desktop using a unique name.Push the Back button.Push FinishPlease post this logfile in your next reply Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 6, 2012 Author ID:540453 Share Posted April 6, 2012 I'm preparing for the Passover holiday which begins this evening and won't have time to do this until Sunday evening. Please don't abandon this thread. Thanks! Link to post Share on other sites More sharing options...
Larusso Posted April 7, 2012 ID:540587 Share Posted April 7, 2012 Thanks for letting me know. Enjoy Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 9, 2012 Author ID:541056 Share Posted April 9, 2012 <p> </p><div>Malwarebytes Anti-Malware (Trial) 1.60.1.1000</div><div>www.malwarebytes.org</div><div> </div><div>Database version: v2012.04.09.05</div><div> </div><div>Windows XP Service Pack 3 x86 NTFS</div><div>Internet Explorer 8.0.6001.18702</div><div>Rochel :: ROCHELHOMEPC [administrator]</div><div> </div><div>Protection: Disabled</div><div> </div><div>4/9/2012 10:57:07 AM</div><div>mbam-log-2012-04-09 (10-57-07).txt</div><div> </div><div>Scan type: Quick scan</div><div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div><div>Scan options disabled: P2P</div><div>Objects scanned: 253098</div><div>Time elapsed: 8 minute(s), 21 second(s)</div><div> </div><div>Memory Processes Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Memory Modules Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Keys Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Values Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Data Items Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Folders Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Files Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>(end)</div><div> </div> Link to post Share on other sites More sharing options...
Fcvolunteer Posted April 9, 2012 Author ID:541073 Share Posted April 9, 2012 I'm running the ESET test now but it's taking a while an I'm heading out of town for a week for the rest of Passover. I'll post the log when i get back, if that's ok. so far it's at step 3 of 4 and it's scanned 56% and found 7 infected files: A variant of Win32/Toolbar.Widgi application, a variant of Win32/RegistryBooster application, Win32/Adware.ADON application, a variant of Java/TrojanDownloader.Agent.NDJ trojan multiple threats, Win32/Adware.AntimalwareDoctor.AE.Gen application, a variant of Wind32/Toolbar.Widgi applicationThanks! I'll keep you posted Link to post Share on other sites More sharing options...
Recommended Posts