Fcvolunteer

Members

View Profile See their activity

Posts
17
Joined
March 28, 2012
Last visited
April 17, 2012

Reputation

0 Neutral

Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

Thanks! All done :-)
- April 17, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

No, everything seems fine. I just wanted to make sure there wasn't anything lurking waiting to make trouble later on.
- April 16, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

ESET results: C:\asc-setup.exe a variant of Win32/Toolbar.Widgi application C:\Documents and Settings\Rochel\Application Data\FE0E3AD4F82198DD9A575A296B182636\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application C:\Documents and Settings\Rochel\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-2b22ed4b multiple threats C:\Documents and Settings\Rochel\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-27e1af2c a variant of Java/TrojanDownloader.Agent.NDJ trojan C:\Program Files\freeripmp3.exe Win32/Adware.ADON application C:\Program Files\registrybooster.exe a variant of Win32/RegistryBooster application C:\Program Files\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application C:\Program Files\ears_files\asc-setup.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP31\A0004182.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP93\A0035598.exe a variant of Win32/Toolbar.Widgi application C:\TDSSKiller_Quarantine\29.03.2012_20.03.52\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan
- April 12, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

I'm running the ESET test now but it's taking a while an I'm heading out of town for a week for the rest of Passover. I'll post the log when i get back, if that's ok. so far it's at step 3 of 4 and it's scanned 56% and found 7 infected files: A variant of Win32/Toolbar.Widgi application, a variant of Win32/RegistryBooster application, Win32/Adware.ADON application, a variant of Java/TrojanDownloader.Agent.NDJ trojan multiple threats, Win32/Adware.AntimalwareDoctor.AE.Gen application, a variant of Wind32/Toolbar.Widgi application Thanks! I'll keep you posted
- April 9, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

<p> </p> <div>Malwarebytes Anti-Malware (Trial) 1.60.1.1000</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.04.09.05</div> <div> </div> <div>Windows XP Service Pack 3 x86 NTFS</div> <div>Internet Explorer 8.0.6001.18702</div> <div>Rochel :: ROCHELHOMEPC [administrator]</div> <div> </div> <div>Protection: Disabled</div> <div> </div> <div>4/9/2012 10:57:07 AM</div> <div>mbam-log-2012-04-09 (10-57-07).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 253098</div> <div>Time elapsed: 8 minute(s), 21 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div>
- April 9, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

I'm preparing for the Passover holiday which begins this evening and won't have time to do this until Sunday evening. Please don't abandon this thread. Thanks!
- April 6, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

ComboFix 12-04-05.06 - Rochel 04/05/2012 19:00:50.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2282 [GMT -4:00] Running from: c:\documents and settings\Rochel\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Rochel\Desktop\CFScript.txt AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 ))))))))))))))))))))))))))))))) . . 2012-04-02 16:13 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2012-04-02 16:13 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-04-02 16:13 . 2012-04-02 16:13 -------- d-----w- C:\_OTL 2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 2 2012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF 2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles 2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro 2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp 2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Trend Micro 2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro 2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2012-03-27 19:36 . 2012-03-30 00:45 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Akamai 2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys 2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe 2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe 2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe 2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe 2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe 2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com 2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe 2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe 2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe 2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe 2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe 2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe 2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe 2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe 2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe 2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe 2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe 2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe 2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe 2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe 2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe 2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe 2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe 2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe 2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe 2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe 2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe 2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe 2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe 2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE 2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe 2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe 2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe 2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe 2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe 2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe 2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe 2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe 2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe 2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com 2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe 2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe 2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe 2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe 2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe 2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe 2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe 2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe 2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js 2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe 2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe 2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe 2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe 2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe 2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe 2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe 2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-04-01_02.22.33 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-05 23:05 . 2012-04-05 23:05 16384 c:\windows\Temp\Perflib_Perfdata_274.dat + 2012-04-05 23:05 . 2012-04-05 23:05 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat + 2012-04-05 23:05 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2012-04-01 02:22 . 2012-04-01 02:22 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll + 2012-04-03 23:44 . 2012-04-03 23:44 341504 c:\windows\Installer\6b29ef3.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\Rochel\Start Menu\Programs\Startup\ CNET TechTracker.lnk - c:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512] DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] Dropbox.lnk - c:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] MamaBargains.lnk - c:\program files\MamaBargains\MamaBargains\MamaBargains.exe [2011-12-2 142848] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk] path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnk backup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "1045:TCP"= 1045:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064] R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368] R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640] R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176] S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job - c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job - c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17] . 2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://chabadnc.org/ uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-05 19:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\ . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85 "oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c "naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85 "oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00 "najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2 "hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2 "ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(3860) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\igfxsrvc.exe c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-04-05 19:13:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-05 23:13 ComboFix2.txt 2012-04-05 19:50 ComboFix3.txt 2012-04-05 12:53 ComboFix4.txt 2012-04-02 16:41 ComboFix5.txt 2012-04-05 22:58 . Pre-Run: 241,037,287,424 bytes free Post-Run: 240,990,359,552 bytes free . - - End Of File - - BE4FB2D62F723BB7EC6F7D3B0C1E30B3
- April 5, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

I'm getting a message that my combofix (downloaded on March 30th or something) is expired and will run on a lower level. (or something like that). What should I do?
- April 5, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

Sorry the Passover holiday is coming and the preparations took me away from the computer. Here's the log ComboFix 12-03-31.03 - Rochel 04/05/2012 8:43.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2248 [GMT -4:00] Running from: c:\documents and settings\Rochel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Rochel\Desktop\CFScript.txt AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "C:\i8042prt.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\i8042prt.sys . . ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 ))))))))))))))))))))))))))))))) . . 2012-04-02 16:13 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2012-04-02 16:13 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-04-02 16:13 . 2012-04-02 16:13 -------- d-----w- C:\_OTL 2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 2 2012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF 2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles 2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro 2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp 2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Trend Micro 2012-03-27 20:12 . 2012-03-27 20:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro 2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2012-03-27 19:36 . 2012-03-30 00:45 -------- d-----w- c:\documents and settings\Rochel\Local Settings\Application Data\Akamai 2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys 2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe 2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe 2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe 2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe 2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe 2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com 2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe 2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe 2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe 2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe 2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe 2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe 2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe 2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe 2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe 2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe 2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe 2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe 2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe 2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe 2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe 2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe 2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe 2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe 2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe 2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe 2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe 2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe 2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe 2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE 2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe 2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe 2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe 2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe 2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe 2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe 2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe 2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe 2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe 2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com 2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe 2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe 2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe 2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe 2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe 2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe 2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe 2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe 2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js 2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe 2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe 2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe 2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe 2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe 2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe 2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe 2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Analog Devices\Core\smax4pnp .exe c:\program files\AVG\AVG9\avgtray .exe c:\program files\Carbonite\Carbonite Backup\CarboniteUI .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Corel\Corel VideoStudio 12\uvPL .exe c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Logicool\Logicool WebCam Software\LWS .exe c:\program files\LogMeIn\x86\LogMeInSystray .exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe c:\program files\QuickTime\qttask .exe </pre> . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . --- c:\program files\ybkfull.exe --- Company: Spacejock Software File Description: yBook Setup File Version: Product Name: yBook Copyright: Original Filename: File size: 3654395 Created time: 2009-07-17 16:37 Modified time: 2009-07-17 16:37 MD5: 435F5722ADB78123D0563930055D2D48 SHA1: AEAD6B0C9F01B2CADBCA5BBEC92AACFBB9AAE886 . . ((((((((((((((((((((((((((((( SnapShot@2012-04-01_02.22.33 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-02 16:31 . 2012-04-02 16:31 16384 c:\windows\Temp\Perflib_Perfdata_270.dat + 2012-04-02 16:31 . 2012-04-02 16:31 16384 c:\windows\Temp\Perflib_Perfdata_12c.dat + 2012-04-02 16:31 . 2012-04-02 16:36 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2012-04-01 02:22 . 2012-04-01 02:22 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll + 2012-04-03 23:44 . 2012-04-03 23:44 341504 c:\windows\Installer\6b29ef3.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\Rochel\Start Menu\Programs\Startup\ CNET TechTracker.lnk - c:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512] DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] Dropbox.lnk - c:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] MamaBargains.lnk - c:\program files\MamaBargains\MamaBargains\MamaBargains.exe [2011-12-2 142848] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk] path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnk backup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast] c:\program files\AVAST Software\Avast\avastUI.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/14/2011 9:55 PM 13496] R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640] R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176] S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46] . 2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42] . 2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job - c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17] . 2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job - c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17] . 2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://chabadnc.org/ uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-05 08:51 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\ . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85 "oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c "naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85 "oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00 "najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2 "hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2 "ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\LMIinit.dll . Completion time: 2012-04-05 08:53:07 ComboFix-quarantined-files.txt 2012-04-05 12:52 ComboFix2.txt 2012-04-02 16:41 ComboFix3.txt 2012-04-01 02:31 . Pre-Run: 241,072,480,256 bytes free Post-Run: 241,058,562,048 bytes free . - - End Of File - - B54258B463216040E219635ACB463207
- April 5, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

Thanks for the information on IObit and Advanced System Care. I removed both of them as you suggested but when I removed Advanced System Care I got a pop-up that said some components would have to be uninstalled manually but didnt say what they were. here's the OTL log: Here's the Combofix log:
- April 2, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 4/1/2012 7:54:04 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rochel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.73% Memory free 4.83 Gb Paging File | 3.87 Gb Available in Paging File | 80.20% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.05 Gb Total Space | 224.76 Gb Free Space | 75.41% Space Free | Partition Type: NTFS Drive D: | 7.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ROCHELHOMEPC | User Name: Rochel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.) "C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe" = C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF -- (Nitro PDF) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java Web Start Launcher -- (Sun Microsystems, Inc.) "C:\Program Files\CoffeeCup Software\Free FTP\FreeFTP.exe" = C:\Program Files\CoffeeCup Software\Free FTP\FreeFTP.exe:*:Enabled:Direct FTP Application -- (CoffeeCup Software, Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google) "C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc) "C:\Program Files\Logicool\Logicool Vid\Vid.exe" = C:\Program Files\Logicool\Logicool Vid\Vid.exe:*:Enabled:Logicool Vid -- (Logicool Co., Ltd) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7811787C-BB20-4878-BA62-6AD0D503467F}" = Logicool Vid "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{8048F8E1-4A09-4EE8-BC72-01B49B999CE4}" = ACTPrinter Win Client "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING! "{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant "{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5 "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{8895618F-E9D7-4391-B7BB-48DE14923E17}" = Tunebite "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9BF07516-4C12-4244-92B0-BAB1026D47E0}" = Logicool Webcam Software "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security 2012 "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}" = Adobe Creative Suite 5.5 Web Premium "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C6887F84-0895-7B5A-B0BF-8D5F9A448C7D}" = Picaboo X "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D6BCB0B1-9AC8-407B-B679-F925A01F2B2C}" = Bonjour Print Services "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E673420E-340A-3AA2-DBD3-4B7B298303CF}" = MamaBargains "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Act Printer" = Act Printer "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3 "Advanced SystemCare 5_is1" = Advanced SystemCare 5 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "Carbonite Backup" = Carbonite "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X "ENTERPRISE" = Microsoft Office Enterprise 2007 "Focus MP3 Cutter Joiner_is1" = Focus MP3 Cutter Joiner 3.5 "Game Booster_is1" = Game Booster "GanttProject" = GanttProject "HDMI" = Intel® Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "index.htm.MamaBargains" = MamaBargains "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "IObit Malware Fighter_is1" = IObit Malware Fighter "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Picasa 3" = Picasa 3 "Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v5.2.0.0 "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "RocketLife" = RocketLife "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "ShapeCollage" = Shape Collage "SMALLBUSINESSR" = Microsoft Office Small Business 2007 Trial "Smart Defrag 2_is1" = Smart Defrag 2 "SmartDraw 2012" = SmartDraw 2012 "Video Download FileBulldog Toolbar" = Video Download FileBulldog Toolbar "Video Download Toolbar_is1" = Video Download Toolbar 2.1.0.0 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "CNET TechTracker" = CNET TechTracker "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Spoon Sandbox Manager 3.32" = Spoon Sandbox Manager 3.32 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/30/2012 3:36:04 PM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 3/30/2012 7:36:54 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/30/2012 7:36:54 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1937 Error - 3/30/2012 7:36:54 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1937 Error - 3/30/2012 7:36:56 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 3/30/2012 7:36:56 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4000 Error - 3/31/2012 9:28:13 PM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 3/31/2012 9:28:14 PM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 3/31/2012 9:28:17 PM | Computer Name = ROCHELHOMEPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 4/1/2012 7:42:30 AM | Computer Name = ROCHELHOMEPC | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ OSession Events ] Error - 10/9/2009 12:01:01 PM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2749 seconds with 120 seconds of active time. This session ended with a crash. Error - 5/26/2010 3:47:54 PM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6527.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 837661 seconds with 360 seconds of active time. This session ended with a crash. Error - 12/6/2011 1:56:19 PM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 343322 seconds with 4500 seconds of active time. This session ended with a crash. Error - 3/27/2012 12:51:25 AM | Computer Name = ROCHELHOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 284597 seconds with 960 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/30/2012 6:00:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901 Description = The At67.job command failed to start due to the following error: %%2147942402 Error - 3/30/2012 6:34:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901 Description = The At19.job command failed to start due to the following error: %%2147942402 Error - 3/30/2012 7:00:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901 Description = The At44.job command failed to start due to the following error: %%2147942402 Error - 3/30/2012 7:00:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901 Description = The At68.job command failed to start due to the following error: %%2147942402 Error - 3/30/2012 7:34:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901 Description = The At20.job command failed to start due to the following error: %%2147942402 Error - 3/31/2012 9:28:24 PM | Computer Name = ROCHELHOMEPC | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.1.69 on the Network Card with network address 0023AE7951FF. Error - 3/31/2012 9:34:00 PM | Computer Name = ROCHELHOMEPC | Source = Schedule | ID = 7901 Description = The At22.job command failed to start due to the following error: %%2147942402 Error - 3/31/2012 9:51:35 PM | Computer Name = ROCHELHOMEPC | Source = Service Control Manager | ID = 7034 Description = The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 3/31/2012 10:08:49 PM | Computer Name = ROCHELHOMEPC | Source = Service Control Manager | ID = 7022 Description = The Windows Image Acquisition (WIA) service hung on starting. Error - 3/31/2012 10:10:57 PM | Computer Name = ROCHELHOMEPC | Source = Service Control Manager | ID = 7034 Description = The Process Monitor service terminated unexpectedly. It has done this 1 time(s). < End of report >
- April 2, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

OTL logfile created on: 4/1/2012 7:54:04 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rochel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.73% Memory free 4.83 Gb Paging File | 3.87 Gb Available in Paging File | 80.20% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.05 Gb Total Space | 224.76 Gb Free Space | 75.41% Space Free | Partition Type: NTFS Drive D: | 7.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ROCHELHOMEPC | User Name: Rochel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/01 19:47:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rochel\Desktop\OTL.exe PRC - [2012/03/29 20:46:27 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe PRC - [2012/03/29 20:46:27 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe PRC - [2012/02/27 09:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe PRC - [2012/02/27 09:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe PRC - [2012/01/27 16:06:16 | 002,324,872 | ---- | M] (Code Systems Corporation) -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox.exe PRC - [2012/01/27 16:05:31 | 008,646,816 | ---- | M] (Code Systems Corporation) -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\Client\Console\0.3.7.8\Spoon-Console.exe PRC - [2011/12/02 10:36:39 | 000,142,848 | ---- | M] () -- C:\Program Files\MamaBargains\MamaBargains\MamaBargains.exe PRC - [2011/12/01 16:24:20 | 002,624,512 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe PRC - [2009/10/01 21:31:48 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2009/10/01 21:31:39 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2009/06/02 08:59:46 | 005,451,536 | ---- | M] (Logicool Co., Ltd) -- C:\Program Files\Logicool\Logicool Vid\Vid.exe PRC - [2009/04/30 16:01:10 | 000,150,040 | ---- | M] (Logicool Co., Ltd) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/06/09 11:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2006/06/22 15:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe ========== Modules (No Company Name) ========== MOD - [2012/03/29 20:46:48 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll MOD - [2012/03/29 20:46:32 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll MOD - [2012/03/29 20:46:29 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll MOD - [2012/03/29 20:46:27 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2012/03/29 20:46:27 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2012/03/29 20:46:27 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll MOD - [2012/02/16 04:09:09 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/02/16 04:09:06 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012/02/16 04:09:03 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/02/16 04:08:59 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012/02/16 04:08:54 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012/02/16 04:08:49 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2012/02/16 04:08:42 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012/02/16 04:08:41 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll MOD - [2012/02/16 04:08:38 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2012/01/22 14:33:46 | 004,770,176 | ---- | M] () -- c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll MOD - [2011/12/02 10:36:39 | 000,142,848 | ---- | M] () -- C:\Program Files\MamaBargains\MamaBargains\MamaBargains.exe MOD - [2011/12/01 16:24:20 | 002,624,512 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009/10/01 21:31:39 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll MOD - [2009/06/02 09:00:22 | 000,138,000 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\plugins\imageformats\qjpeg4.dll MOD - [2009/06/02 09:00:22 | 000,035,088 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\plugins\imageformats\qico4.dll MOD - [2009/06/02 09:00:20 | 000,028,944 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\plugins\imageformats\qgif4.dll MOD - [2009/06/02 08:59:34 | 000,027,408 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\SDL.dll MOD - [2009/06/02 08:59:24 | 000,363,792 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\qtxml4.dll MOD - [2009/06/02 08:59:12 | 011,311,888 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtWebKit4.dll MOD - [2009/06/02 08:59:00 | 000,199,952 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\qtsql4.dll MOD - [2009/06/02 08:58:50 | 000,475,408 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtOpenGL4.dll MOD - [2009/06/02 08:58:38 | 007,704,336 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtGui4.dll MOD - [2009/06/02 08:58:38 | 000,968,976 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtNetwork4.dll MOD - [2009/06/02 08:58:26 | 002,140,944 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\QtCore4.dll MOD - [2009/06/02 08:58:16 | 000,291,600 | ---- | M] () -- C:\Program Files\Logicool\Logicool Vid\phonon4.dll MOD - [2008/07/19 16:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV - [2009/10/01 21:31:48 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint) SRV - [2009/04/30 16:01:10 | 000,150,040 | ---- | M] (Logicool Co., Ltd) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009/04/24 16:48:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008/06/09 11:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rochel\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Rochel\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- -- (bhyylicz) DRV - [2012/03/29 20:46:34 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012/03/29 20:46:34 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2012/03/29 20:46:34 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012/03/29 20:46:34 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/07/09 16:34:44 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd) DRV - [2010/07/09 16:34:36 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP) DRV - [2010/07/09 16:34:36 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap) DRV - [2009/10/01 21:31:40 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2009/05/13 12:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2009/05/13 12:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV - [2009/05/13 12:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2009/04/30 22:55:58 | 002,686,872 | ---- | M] (Logicool Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2009/04/30 16:00:24 | 000,024,984 | ---- | M] (Logicool Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/07/16 00:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink DRV - [2008/07/15 23:40:58 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO) DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1 IE - HKLM\..\SearchScopes,DefaultScope = {F8305D7D-CF69-465a-9003-813C6013A702} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:lyglkqaff6i&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms} IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:h6z8ss-efx2&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://chabadnc.org/ IE - HKCU\..\SearchScopes,DefaultScope = {7D25A8ED-6A9F-4ADB-ACE0-F2F75D1F165B} IE - HKCU\..\SearchScopes\{7D25A8ED-6A9F-4ADB-ACE0-F2F75D1F165B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: gmail_sigs@blankcanvasweb.com:1.16.1b FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/29 21:34:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/03/29 20:56:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/29 21:35:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 18:42:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/23 12:49:57 | 000,000,000 | ---D | M] [2009/04/23 23:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Extensions [2012/03/26 08:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions [2010/05/06 14:16:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/06 14:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2011/07/24 11:21:12 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{652853ad-5592-4231-88c6-706613a52e61} [2012/03/26 08:08:09 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2010/06/24 00:42:00 | 000,000,000 | ---D | M] (FatWallet Tools) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\fatcash@fatwallet.com [2010/03/12 15:58:44 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\LogMeInClient@logmein.com [2011/04/29 13:19:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\nostmp [2011/03/28 19:22:10 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\personas@christopher.beard [2010/07/19 18:00:48 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\support@predictad.com [2012/03/26 08:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\extensions\trash [2012/01/01 21:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROCHEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FOEF8YBJ.DEFAULT\EXTENSIONS\{65E41D20-F092-41B7-BB83-C6E8A9AB0F57}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROCHEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FOEF8YBJ.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\ROCHEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FOEF8YBJ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/03/21 18:42:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/20 12:27:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/20 12:27:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Rochel\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Spoon Plugin (Enabled) = C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: TrendMicro Toolbar = C:\Documents and Settings\Rochel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\ O1 HOSTS File: ([2012/03/31 22:22:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Video Download Toolbar Intercept) - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\Program Files\VideoDownloadToolbar\VideoDownloadToolbarIntercept.dll (Sakysoft s.r.l. uninominale) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Logicool Vid] C:\Program Files\Logicool\Logicool Vid\vid.exe (Logicool Co., Ltd) O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Documents and Settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe () O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\MamaBargains.lnk = C:\Program Files\MamaBargains\MamaBargains\MamaBargains.exe () O4 - Startup: C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.32.lnk = C:\Documents and Settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox-Native.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD92DCD7-91FF-45DA-A8C2-724596A291F2}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8A1AD540-DEA7-C34D-5DE8-81DFBB3BB0D2} - Internet Explorer ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8FF315A8-BB70-6141-9204-18040C39E700} - Browser Customizations ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B55E267B-4F86-930D-DCB4-FF690BF0259C} - Microsoft Windows Media Player ActiveX: {BB9C99C7-FFFE-3E43-2401-112C4D9599BC} - Vector Graphics Rendering (VML) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk - C:\Documents and Settings\Rochel\Application Data\Microsoft\Installer\{8048F8E1-4A09-4EE8-BC72-01B49B999CE4}\_ACF4DAA81DB585838F4CFA.exe - () MsConfig - StartUpReg: avast - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/01 19:47:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rochel\Desktop\OTL.exe [2012/03/31 22:25:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS [2012/03/31 21:47:09 | 004,452,445 | R--- | C] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\ComboFix.exe [2012/03/30 13:10:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rochel\Start Menu\Programs\Administrative Tools [2012/03/30 13:10:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\dds.com [2012/03/29 22:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2012/03/29 22:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2012/03/29 22:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2012/03/29 22:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrimoPDF [2012/03/29 20:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rochel\Start Menu\Programs\Trend Micro Titanium Maximum Security 2012 [2012/03/29 20:56:51 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys [2012/03/29 20:56:46 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2012/03/29 20:56:46 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys [2012/03/29 20:56:46 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2012/03/29 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/03/29 20:06:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/03/29 18:01:03 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/03/29 15:11:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/03/29 15:11:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/03/29 15:11:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/03/29 15:11:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/03/29 15:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/03/29 14:27:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/03/29 10:33:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012/03/28 22:40:29 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/03/27 19:42:49 | 000,000,000 | ---D | C] -- C:\temp [2012/03/27 16:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Trend Micro [2012/03/27 16:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trend Micro [2012/03/27 16:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro [2012/03/27 15:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Akamai [2012/01/31 17:53:03 | 032,853,760 | ---- | C] (Code Systems Corporation) -- C:\Program Files\spoon-plugin-dotnet.exe [2012/01/01 20:47:30 | 015,292,208 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 9.0.1.exe [2011/08/18 23:14:15 | 003,089,056 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [2011/07/24 12:05:28 | 065,981,368 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe [2011/07/24 11:17:19 | 006,062,368 | ---- | C] (Sakysoft s.r.l. uninominale ) -- C:\Program Files\video-download-toolbar-setup.exe [2011/07/24 10:40:23 | 008,532,623 | ---- | C] (GetFLV, Inc. ) -- C:\Program Files\gfsetup.exe [2011/07/17 15:07:24 | 014,276,088 | ---- | C] (Google Inc.) -- C:\Program Files\picasa38-setup.exe [2011/06/14 21:45:59 | 004,117,040 | ---- | C] (CBS Interactive) -- C:\Program Files\CNET_TechTracker_2_0_3_59_a_Setup.exe [2011/05/25 18:59:37 | 030,459,048 | ---- | C] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe [2011/04/29 13:05:23 | 012,521,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe [2011/04/06 13:52:03 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe [2010/11/14 00:01:39 | 002,443,360 | ---- | C] (http://www.divine-project.com/ ) -- C:\Program Files\divine-setup.exe [2010/10/04 14:26:50 | 000,947,592 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe [2010/09/15 18:38:50 | 007,633,259 | ---- | C] (FocusSoft.net ) -- C:\Program Files\fmcjsetup.exe [2010/09/15 18:31:00 | 004,585,944 | ---- | C] (ManiacTools.com ) -- C:\Program Files\mp3-splitter-joiner.exe [2010/07/26 15:31:14 | 030,218,224 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe [2010/07/25 23:59:19 | 001,155,635 | ---- | C] (ESCV ) -- C:\Program Files\EasyScreenCaptureVideo.exe [2010/07/20 22:38:11 | 000,689,560 | ---- | C] (IObit) -- C:\Program Files\iobituninstaller.exe [2010/07/19 17:58:47 | 002,411,072 | ---- | C] (CooolSoft, Inc. ) -- C:\Program Files\MP3Cutter.EXE [2010/07/19 16:48:47 | 038,084,600 | ---- | C] (RapidSolution Software AG) -- C:\Program Files\tunebite.exe [2010/06/24 14:31:54 | 008,587,672 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.4.exe [2010/06/22 14:40:45 | 032,532,792 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup.exe [2010/05/06 16:35:19 | 000,562,864 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe [2010/04/18 23:01:07 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2010/04/16 17:47:31 | 004,071,176 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files\registrybooster.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/01 19:47:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rochel\Desktop\OTL.exe [2012/04/01 19:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job [2012/04/01 19:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/01 19:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/01 09:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job [2012/04/01 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job [2012/03/31 22:26:08 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\MamaBargains.lnk [2012/03/31 22:24:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/03/31 22:22:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/03/31 22:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/03/31 21:46:01 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/03/31 21:46:00 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Google Chrome.lnk [2012/03/31 21:39:54 | 004,452,445 | R--- | M] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\ComboFix.exe [2012/03/31 21:31:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/03/31 21:30:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job [2012/03/30 13:10:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rochel\Desktop\dds.com [2012/03/29 22:07:21 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk [2012/03/29 22:07:20 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk [2012/03/29 22:07:19 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk [2012/03/29 22:06:29 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/03/29 22:06:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Windows Media Player.lnk [2012/03/29 22:06:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/03/29 22:06:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/03/29 22:04:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012/03/29 22:02:57 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk [2012/03/29 22:02:19 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini [2012/03/29 20:57:43 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Trend Micro Titanium Maximum Security 2012.lnk [2012/03/29 20:56:44 | 000,525,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/03/29 20:56:44 | 000,102,070 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/03/29 20:55:31 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2012/03/29 20:46:34 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2012/03/29 20:46:34 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys [2012/03/29 20:46:34 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys [2012/03/29 20:46:34 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2012/03/29 18:01:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/03/29 17:47:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/03/29 14:36:10 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro Titanium Maximum Security 2012 (2).lnk [2012/03/29 10:04:52 | 000,644,658 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012/03/27 22:06:44 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Rochel\My Documents\spider.sav [2012/03/27 15:54:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/03/27 12:51:23 | 000,001,017 | ---- | M] () -- C:\Documents and Settings\Rochel\Start Menu\Programs\Startup\Dropbox.lnk [2012/03/27 12:51:23 | 000,001,017 | ---- | M] () -- C:\Documents and Settings\Rochel\Desktop\Dropbox.lnk [2012/03/25 20:08:05 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Rochel\Application Data\Adobe PNG Format CS5 Prefs [2012/03/23 12:49:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012/03/14 09:55:14 | 003,977,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/03/04 02:35:42 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/29 22:04:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012/03/29 22:04:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/03/29 22:02:57 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk [2012/03/29 20:57:42 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Rochel\Desktop\Trend Micro Titanium Maximum Security 2012.lnk [2012/03/29 18:01:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/03/29 18:01:06 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/03/29 15:11:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/03/29 15:11:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/03/29 15:11:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/03/29 15:11:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/03/29 15:11:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/03/29 14:36:10 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Rochel\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro Titanium Maximum Security 2012 (2).lnk [2012/03/28 15:54:26 | 000,644,658 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2012/03/27 16:10:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2012/03/23 12:49:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk [2012/03/23 12:49:58 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012/02/26 10:32:22 | 000,000,326 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\PrimoPDFSet.xml [2012/02/16 01:30:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/02 00:40:22 | 000,538,200 | ---- | C] () -- C:\Program Files\smartdraw_11E_QDO56_setup.exe [2011/12/12 00:14:45 | 064,207,032 | ---- | C] () -- C:\Program Files\setup_av_free_cnet.exe [2011/12/08 16:55:10 | 000,000,108 | ---- | C] () -- C:\Program Files\hirtcamp.com [2011/12/01 14:17:43 | 000,143,768 | ---- | C] () -- C:\Program Files\MamabargainsAir.air [2011/07/24 11:08:49 | 000,858,940 | ---- | C] () -- C:\Program Files\toolbar_setup411.exe [2011/07/24 11:02:39 | 005,153,792 | ---- | C] () -- C:\Program Files\YouTubeDownloaderSetup32.exe [2011/06/16 19:05:50 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Rochel\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs [2011/06/14 21:55:27 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe [2011/06/14 21:55:26 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys [2011/06/07 11:14:25 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rochel\Application Data\Adobe IllExport Filter CS5 Prefs [2011/06/06 00:18:58 | 000,109,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/05/29 17:49:59 | 056,923,744 | ---- | C] () -- C:\Program Files\setup_av_free.exe [2011/05/15 20:24:33 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rochel\Application Data\Adobe PNG Format CS5 Prefs [2011/05/13 11:43:19 | 002,431,520 | ---- | C] () -- C:\Program Files\AdobeDownloadAssistant.exe [2011/04/11 20:47:58 | 051,349,520 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe [2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini [2010/11/23 16:47:36 | 013,525,424 | ---- | C] () -- C:\Program Files\Dropbox 0.7.110.exe [2010/11/14 00:35:02 | 006,780,771 | ---- | C] () -- C:\Program Files\beta-docs.chm [2010/10/04 14:30:26 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/09/28 11:41:58 | 000,225,672 | ---- | C] () -- C:\Program Files\CrucialScan.exe [2010/09/26 20:59:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/09/26 20:53:45 | 000,469,504 | ---- | C] () -- C:\Program Files\ACTPrinterSetup.exe [2010/09/15 18:40:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2010/07/22 14:21:58 | 000,000,668 | ---- | C] () -- C:\WINDOWS\Mp3CutterJoiner.ini [2010/07/20 22:46:21 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySMP3CutJoin.dat [2010/07/20 22:41:47 | 003,087,086 | ---- | C] ( ) -- C:\Program Files\mp3cutterjoiner.exe [2010/06/07 08:37:13 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8f4VCiqmw.dat [2010/04/18 22:08:52 | 000,529,800 | ---- | C] () -- C:\Program Files\smartdraw_10E_H3HE9_A_setup.exe ========== LOP Check ========== [2010/06/16 19:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2012/03/28 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2010/06/16 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/01/09 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite [2010/11/14 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divine [2009/07/28 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP [2009/11/01 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2010/02/23 14:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2011/12/07 12:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2009/05/12 22:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/05/25 19:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark [2010/07/19 17:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution [2012/01/04 12:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2010/02/23 14:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2010/02/24 13:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2010/05/31 01:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update [2009/09/22 02:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan [2011/04/06 14:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/09/26 21:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\ACTPrinter [2011/11/17 14:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Blackboard [2011/06/14 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\CBS Interactive [2011/05/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/10/13 14:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\CheckPoint [2009/10/22 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\CoffeeCup Software [2011/11/17 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Collaborate [2011/05/13 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/06/06 00:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2011/06/19 22:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.dwuser.erwizard.EasyRotatorWizard [2011/08/19 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1 [2011/02/23 15:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Divine [2012/03/31 22:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Dropbox [2010/10/20 14:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Elluminate [2010/05/31 01:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\FE0E3AD4F82198DD9A575A296B182636 [2010/09/15 18:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Focus Mp3 Cutter Joiner [2011/07/24 11:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\FVDIEPlugin [2009/04/29 12:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\GetRightToGo [2009/11/01 20:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\GlobalSCAPE [2011/12/02 10:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\index.htm.MamaBargains [2012/02/02 01:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\IObit [2009/10/30 14:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Littlelan [2010/09/15 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Power MP3 Cutter [2010/07/19 18:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Power Mp3 Recorder [2009/11/05 04:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Quark [2011/04/11 20:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Sammsoft [2010/02/21 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Samsung [2012/02/02 00:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\SmartDraw [2011/07/24 11:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\somototoolbar [2009/04/24 09:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Southwest Airlines [2011/06/04 23:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/09/12 14:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\TeamViewer [2010/02/24 13:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Ulead Systems [2010/04/16 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Uniblue [2011/07/24 11:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\vmntemplate [2009/04/16 04:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Windows Desktop Search [2009/04/23 21:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rochel\Application Data\Windows Search [2012/03/31 21:30:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/03/29 20:06:35 | 000,000,000 | ---D | M] -- C:\boot [2012/03/29 18:01:16 | 000,000,000 | RHSD | M] -- C:\cmdcons [2012/03/29 20:54:39 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009/08/22 03:03:45 | 000,000,000 | ---D | M] -- C:\d0cdb53f1a2fb505c5 [2009/04/24 13:50:09 | 000,000,000 | ---D | M] -- C:\DELL [2009/05/14 11:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2009/04/16 11:02:13 | 000,000,000 | ---D | M] -- C:\drivers [2009/02/25 13:03:48 | 000,000,000 | ---D | M] -- C:\EFI [2009/08/06 20:33:27 | 000,000,000 | ---D | M] -- C:\Hasbro [2009/04/16 04:09:56 | 000,000,000 | ---D | M] -- C:\I386 [2009/04/29 12:11:09 | 000,000,000 | R--D | M] -- C:\MSOCache [2010/09/14 16:23:57 | 000,000,000 | ---D | M] -- C:\My Music [2012/03/31 22:19:26 | 000,000,000 | R--D | M] -- C:\Program Files [2012/03/31 22:31:42 | 000,000,000 | ---D | M] -- C:\Qoobox [2010/02/23 14:12:29 | 000,000,000 | ---D | M] -- C:\SmartSound Software [2012/03/29 14:54:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/03/29 20:06:35 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2012/03/27 19:42:49 | 000,000,000 | ---D | M] -- C:\temp [2012/03/31 22:25:17 | 000,000,000 | ---D | M] -- C:\WINDOWS [2010/07/07 16:16:54 | 000,000,000 | ---D | M] -- C:\_AcroTemp < %PROGRAMFILES%\*.exe > [2010/02/21 22:35:11 | 082,452,960 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Program Files\a897_PCStudio.exe [2009/04/24 16:33:09 | 342,437,920 | ---- | M] ( ) -- C:\Program Files\AcroPro90_efg.exe [2010/09/26 20:53:46 | 000,469,504 | ---- | M] () -- C:\Program Files\ACTPrinterSetup.exe [2009/04/24 16:49:12 | 001,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe Acrobat 9 Pro.lnk.exe [2011/05/13 11:48:06 | 002,431,520 | ---- | M] () -- C:\Program Files\AdobeDownloadAssistant.exe [2010/01/07 23:20:15 | 011,029,387 | ---- | M] (AoAMedia.com ) -- C:\Program Files\aoaaudioextractor.exe [2012/01/22 14:42:08 | 030,218,224 | ---- | M] (IObit ) -- C:\Program Files\asc-setup.exe [2011/05/25 19:03:06 | 030,459,048 | ---- | M] (IObit ) -- C:\Program Files\asc4-setup-cnet.exe [2011/04/11 20:54:39 | 051,349,520 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe [2011/07/24 12:14:49 | 065,981,368 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe [2011/06/14 21:46:53 | 004,117,040 | ---- | M] (CBS Interactive) -- C:\Program Files\CNET_TechTracker_2_0_3_59_a_Setup.exe [2009/10/22 21:01:31 | 007,492,592 | ---- | M] (BitRock SL) -- C:\Program Files\CoffeeFreeFTPInstaller4.2.exe [2010/09/28 11:42:01 | 000,225,672 | ---- | M] () -- C:\Program Files\CrucialScan.exe [2009/11/01 20:40:48 | 021,785,928 | ---- | M] (GlobalSCAPE, Inc. ) -- C:\Program Files\cuteftppro.exe [2009/12/02 14:38:58 | 006,599,680 | ---- | M] () -- C:\Program Files\DingInstall-1.05.exe [2010/11/14 00:02:39 | 002,443,360 | ---- | M] (http://www.divine-project.com/ ) -- C:\Program Files\divine-setup.exe [2010/11/23 16:48:32 | 013,525,424 | ---- | M] () -- C:\Program Files\Dropbox 0.7.110.exe [2004/05/24 23:01:46 | 001,155,635 | ---- | M] (ESCV ) -- C:\Program Files\EasyScreenCaptureVideo.exe [2010/06/24 14:32:11 | 008,587,672 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.4.exe [2011/04/29 13:06:26 | 012,521,992 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe [2012/01/01 20:51:06 | 015,292,208 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 9.0.1.exe [2010/09/15 18:39:25 | 007,633,259 | ---- | M] (FocusSoft.net ) -- C:\Program Files\fmcjsetup.exe [2009/07/28 00:05:17 | 001,876,292 | ---- | M] (MGShareware ) -- C:\Program Files\freeripmp3.exe [2009/07/23 11:26:02 | 007,858,801 | ---- | M] () -- C:\Program Files\Freeware_PrimoPDF.exe [2011/07/24 10:40:59 | 008,532,623 | ---- | M] (GetFLV, Inc. ) -- C:\Program Files\gfsetup.exe [2010/04/18 23:01:09 | 000,562,848 | ---- | M] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2010/05/06 16:35:21 | 000,562,864 | ---- | M] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe [2009/04/30 19:14:45 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2011/08/19 11:16:26 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [2010/07/20 22:38:11 | 000,689,560 | ---- | M] (IObit) -- C:\Program Files\iobituninstaller.exe [2011/04/06 13:58:21 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe [2009/04/29 13:04:51 | 002,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe [2010/09/15 18:31:20 | 004,585,944 | ---- | M] (ManiacTools.com ) -- C:\Program Files\mp3-splitter-joiner.exe [2010/07/19 17:59:01 | 002,411,072 | ---- | M] (CooolSoft, Inc. ) -- C:\Program Files\MP3Cutter.EXE [2010/07/20 22:42:10 | 003,087,086 | ---- | M] ( ) -- C:\Program Files\mp3cutterjoiner.exe [2010/09/15 01:02:32 | 002,007,072 | ---- | M] (Piston Software ) -- C:\Program Files\mp3joiner_setup.exe [2009/10/30 14:03:32 | 001,505,049 | ---- | M] (LittleLan.com ) -- C:\Program Files\Mp3nity_2.1_Setup.exe [2011/07/17 15:08:28 | 014,276,088 | ---- | M] (Google Inc.) -- C:\Program Files\picasa38-setup.exe [2009/07/08 15:02:41 | 021,935,408 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2010/04/16 17:47:38 | 004,071,176 | ---- | M] (Uniblue Systems Ltd ) -- C:\Program Files\registrybooster.exe [2010/06/22 14:43:31 | 032,532,792 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe [2011/05/29 17:55:13 | 056,923,744 | ---- | M] () -- C:\Program Files\setup_av_free.exe [2011/12/12 00:22:42 | 064,207,032 | ---- | M] () -- C:\Program Files\setup_av_free_cnet.exe [2009/07/27 22:57:43 | 012,154,344 | ---- | M] (SmartSoft Ltd) -- C:\Program Files\SFTPMSI.exe [2009/09/08 13:35:07 | 004,938,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe [2010/10/04 14:26:50 | 000,947,592 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe [2010/04/18 22:08:54 | 000,529,800 | ---- | M] () -- C:\Program Files\smartdraw_10E_H3HE9_A_setup.exe [2012/02/02 00:40:23 | 000,538,200 | ---- | M] () -- C:\Program Files\smartdraw_11E_QDO56_setup.exe [2012/01/31 17:57:00 | 032,853,760 | ---- | M] (Code Systems Corporation) -- C:\Program Files\spoon-plugin-dotnet.exe [2009/07/27 23:51:46 | 002,693,610 | ---- | M] (Naturpic Software ) -- C:\Program Files\swmsetup.exe [2011/07/24 11:08:49 | 000,858,940 | ---- | M] () -- C:\Program Files\toolbar_setup411.exe [2010/07/19 16:52:01 | 038,084,600 | ---- | M] (RapidSolution Software AG) -- C:\Program Files\tunebite.exe [2011/07/24 11:17:47 | 006,062,368 | ---- | M] (Sakysoft s.r.l. uninominale ) -- C:\Program Files\video-download-toolbar-setup.exe [2009/07/10 12:46:12 | 001,234,120 | ---- | M] () -- C:\Program Files\wrar380.exe [2009/07/17 12:37:23 | 003,654,395 | ---- | M] (Spacejock Software ) -- C:\Program Files\ybkfull.exe [2011/07/24 11:02:39 | 005,153,792 | ---- | M] () -- C:\Program Files\YouTubeDownloaderSetup32.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe < MD5 for: I8042PRT.SYS > [2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:i8042prt.sys [2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys < MD5 for: REGEDIT.EXE > [2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\I386\REGEDIT.EXE [2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe [2008/04/14 08:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe < MD5 for: USERINIT.EXE > [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/02/03 05:26:17 | 001,869,184 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-01 01:32:04 < End of report >
- April 2, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

oops, I meant to add that after I got that error message I removed my usb drive and restarted the computer and ran combofix again and everything ran as it should have and produced the log I included in my last post. Thanks
- April 1, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

Hi Daniel, Thanks for your concern. I actually did run ComboFix and the request of a helper, it just wasn't a helper from Malwarebytes. As I mentioned earlier, Just so youshould know, (I don't know if it's important or not) I ran combofix now and after completeing stage 5 the screen went blue and i got a really long error message saying, ComboFix 12-03-31.03 - Rochel 03/31/2012 22:13:38.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3061.2139 [GMT -4:00] Running from: c:\documents and settings\Rochel\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Rochel\System c:\documents and settings\Rochel\System\win_qs8.jqx c:\program files\ARO2011_tbt.exe c:\program files\avg_free_stf_en_85_285a1462.exe c:\program files\somototoolbar\vmNTemplatex.dll C:\setup.exe c:\windows\EventSystem.log c:\windows\Fonts\OptimaBold.ttf c:\windows\system32\fsc.txt c:\windows\system32\ide.txt c:\windows\system32\klgd.bmp c:\windows\system32\lpe.txt c:\windows\system32\xef.txt c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\XSxS . c:\windows\system32\drivers\i8042prt.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 ))))))))))))))))))))))))))))))) . . 2012-03-30 02:06 . 2012-03-30 02:06 -------- d-----w- c:\program files\Windows Media Connect 2 2012-03-30 02:04 . 2012-03-30 02:05 -------- d-----w- c:\windows\system32\drivers\UMDF 2012-03-30 02:04 . 2012-03-30 02:04 -------- d-----w- c:\windows\system32\LogFiles 2012-03-30 00:56 . 2012-03-30 00:46 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-03-30 00:56 . 2012-03-30 00:46 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-03-30 00:56 . 2012-03-30 00:46 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-03-30 00:56 . 2012-03-30 00:46 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 00:46 . 2012-03-30 00:59 -------- d-----w- c:\program files\Trend Micro 2012-03-30 00:06 . 2012-03-30 00:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-29 03:44 . 2012-03-29 03:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2012-03-29 03:31 . 2012-03-29 03:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-03-29 02:35 . 2012-03-29 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-03-27 23:42 . 2012-03-27 23:42 -------- d-----w- C:\temp 2012-03-27 20:10 . 2012-03-30 00:55 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-03-27 20:09 . 2012-03-30 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2012-03-21 22:42 . 2012-03-21 22:42 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-21 22:42 . 2012-03-21 22:42 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 23:42 . 2011-08-19 03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys 2012-02-02 04:40 . 2012-02-02 04:40 538200 ----a-w- c:\program files\smartdraw_11E_QDO56_setup.exe 2012-01-31 21:57 . 2012-01-31 21:53 32853760 ----a-w- c:\program files\spoon-plugin-dotnet.exe 2012-01-22 18:42 . 2010-07-26 19:31 30218224 ----a-w- c:\program files\asc-setup.exe 2012-01-11 19:06 . 2012-02-16 05:30 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-02 00:51 . 2012-01-02 00:47 15292208 ----a-w- c:\program files\Firefox Setup 9.0.1.exe 2011-12-12 04:22 . 2011-12-12 04:14 64207032 ----a-w- c:\program files\setup_av_free_cnet.exe 2011-12-08 20:55 . 2011-12-08 20:55 108 ----a-w- c:\program files\hirtcamp.com 2011-08-19 15:16 . 2011-08-19 03:14 3089056 ----a-w- c:\program files\install_flash_player.exe 2011-07-24 16:14 . 2011-07-24 16:05 65981368 ----a-w- c:\program files\AVSVideoConverter.exe 2011-07-24 15:17 . 2011-07-24 15:17 6062368 ----a-w- c:\program files\video-download-toolbar-setup.exe 2011-07-24 15:08 . 2011-07-24 15:08 858940 ----a-w- c:\program files\toolbar_setup411.exe 2011-07-24 15:02 . 2011-07-24 15:02 5153792 ----a-w- c:\program files\YouTubeDownloaderSetup32.exe 2011-07-24 14:40 . 2011-07-24 14:40 8532623 ----a-w- c:\program files\gfsetup.exe 2011-07-17 19:08 . 2011-07-17 19:07 14276088 ----a-w- c:\program files\picasa38-setup.exe 2011-06-15 01:46 . 2011-06-15 01:45 4117040 ----a-w- c:\program files\CNET_TechTracker_2_0_3_59_a_Setup.exe 2011-05-29 21:55 . 2011-05-29 21:49 56923744 ----a-w- c:\program files\setup_av_free.exe 2011-05-25 23:03 . 2011-05-25 22:59 30459048 ----a-w- c:\program files\asc4-setup-cnet.exe 2011-05-13 15:48 . 2011-05-13 15:43 2431520 ----a-w- c:\program files\AdobeDownloadAssistant.exe 2011-04-29 17:06 . 2011-04-29 17:05 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe 2011-04-12 00:54 . 2011-04-12 00:47 51349520 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-04-06 17:58 . 2011-04-06 17:52 80298280 ----a-w- c:\program files\iTunesSetup.exe 2010-11-23 20:48 . 2010-11-23 20:47 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe 2010-11-14 04:02 . 2010-11-14 04:01 2443360 ----a-w- c:\program files\divine-setup.exe 2010-10-04 18:26 . 2010-10-04 18:26 947592 ----a-w- c:\program files\SkypeSetup.exe 2010-09-28 15:42 . 2010-09-28 15:41 225672 ----a-w- c:\program files\CrucialScan.exe 2010-09-27 00:53 . 2010-09-27 00:53 469504 ----a-w- c:\program files\ACTPrinterSetup.exe 2010-09-15 22:39 . 2010-09-15 22:38 7633259 ----a-w- c:\program files\fmcjsetup.exe 2010-09-15 22:31 . 2010-09-15 22:31 4585944 ----a-w- c:\program files\mp3-splitter-joiner.exe 2010-09-15 05:02 . 2009-10-22 02:49 2007072 ----a-w- c:\program files\mp3joiner_setup.exe 2010-07-21 02:42 . 2010-07-21 02:41 3087086 ----a-w- c:\program files\mp3cutterjoiner.exe 2010-07-21 02:38 . 2010-07-21 02:38 689560 ----a-w- c:\program files\iobituninstaller.exe 2010-07-19 21:59 . 2010-07-19 21:58 2411072 ----a-w- c:\program files\MP3Cutter.EXE 2010-07-19 20:52 . 2010-07-19 20:48 38084600 ----a-w- c:\program files\tunebite.exe 2010-06-24 18:32 . 2010-06-24 18:31 8587672 ----a-w- c:\program files\Firefox Setup 3.6.4.exe 2010-06-22 18:43 . 2010-06-22 18:40 32532792 ----a-w- c:\program files\SafariSetup.exe 2010-05-06 20:35 . 2010-05-06 20:35 562864 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe 2010-04-19 03:01 . 2010-04-19 03:01 562848 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-04-19 02:08 . 2010-04-19 02:08 529800 ----a-w- c:\program files\smartdraw_10E_H3HE9_A_setup.exe 2010-04-16 21:47 . 2010-04-16 21:47 4071176 ----a-w- c:\program files\registrybooster.exe 2010-02-22 02:35 . 2010-02-22 02:16 82452960 ----a-w- c:\program files\a897_PCStudio.exe 2010-01-08 03:20 . 2010-01-08 03:19 11029387 ----a-w- c:\program files\aoaaudioextractor.exe 2009-12-02 18:38 . 2009-12-02 18:38 6599680 ----a-w- c:\program files\DingInstall-1.05.exe 2009-11-10 05:28 . 2009-11-10 05:28 72946 ----a-w- c:\program files\ears.com 2009-11-02 00:40 . 2009-11-02 00:39 21785928 ----a-w- c:\program files\cuteftppro.exe 2009-10-30 18:03 . 2009-10-30 18:03 1505049 ----a-w- c:\program files\Mp3nity_2.1_Setup.exe 2009-10-23 01:01 . 2009-10-23 01:01 7492592 ----a-w- c:\program files\CoffeeFreeFTPInstaller4.2.exe 2009-09-08 17:35 . 2009-09-08 17:34 4938616 ----a-w- c:\program files\Silverlight.exe 2009-07-28 04:05 . 2009-07-28 04:05 1876292 ----a-w- c:\program files\freeripmp3.exe 2009-07-28 03:51 . 2009-07-28 03:50 2693610 ----a-w- c:\program files\swmsetup.exe 2009-07-28 02:57 . 2009-07-28 02:55 12154344 ----a-w- c:\program files\SFTPMSI.exe 2009-07-23 15:26 . 2009-07-23 15:25 7858801 ----a-w- c:\program files\Freeware_PrimoPDF.exe 2009-07-21 20:00 . 2009-07-21 20:00 6537 ----a-w- c:\program files\jquery.tools.min.js 2009-07-17 16:37 . 2009-07-17 16:37 3654395 ----a-w- c:\program files\ybkfull.exe 2009-07-10 16:46 . 2009-07-10 16:46 1234120 ----a-w- c:\program files\wrar380.exe 2009-07-08 19:02 . 2009-07-08 19:01 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe 2009-04-30 23:14 . 2009-04-30 23:14 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2009-04-29 17:04 . 2009-04-29 17:04 2967800 ----a-w- c:\program files\mbam-setup.exe 2009-04-24 20:49 . 2009-04-24 20:49 1878888 ----a-w- c:\program files\Adobe Acrobat 9 Pro.lnk.exe 2009-04-24 20:33 . 2009-04-24 20:17 342437920 ----a-w- c:\program files\AcroPro90_efg.exe 2004-05-25 03:01 . 2010-07-26 03:59 1155635 ----a-w- c:\program files\EasyScreenCaptureVideo.exe 2012-03-21 22:42 . 2012-02-20 16:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe </pre> . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "Akamai NetSession Interface"="c:\documents and settings\Rochel\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 01:31 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Rochel^Start Menu^Programs^Startup^ACTPrinter Win.exe.lnk] path=c:\documents and settings\Rochel\Start Menu\Programs\Startup\ACTPrinter Win.exe.lnk backup=c:\windows\pss\ACTPrinter Win.exe.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast] c:\program files\AVAST Software\Avast\avastUI.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Rochel\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Rochel\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "1166:TCP"= 1166:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/16/2009 7:00 AM 24064] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/14/2011 9:55 PM 13496] R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/29/2012 8:56 PM 68368] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/7/2011 12:02 PM 913752] R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [3/29/2012 8:54 PM 200632] R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/14/2011 9:54 PM 821080] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/16/2009 7:00 AM 176640] R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848] S0 bhyylicz;bhyylicz; [x] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 4:08 PM 136176] S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [7/9/2010 4:34 PM 31848] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2/21/2010 10:42 PM 90240] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2/21/2010 10:42 PM 14976] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2/21/2010 10:42 PM 121856] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder . 2012-03-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCHELHOMEPC-Rochel.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-13 12:46] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 01:42] . 2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005Core.job - c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2136418324-59859425-3307268990-1005UA.job - c:\documents and settings\Rochel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-04 20:17] . 2012-04-01 c:\windows\Tasks\User_Feed_Synchronization-{DB9CE760-98C7-41EB-8CB1-36819FB4AEC5}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://chabadnc.org/ uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Rochel\Application Data\Mozilla\Firefox\Profiles\foef8ybj.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS REMOVED - - - - . BHO-{8854823A-E915-ADFF-BA70-E2C1456C2F56} - (no file) Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-31 22:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\docume~1\Rochel\LOCALS~1\Temp\CSCA.tmp . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,55,a0,6c,18,30,49,9f,ed,3c,\ . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7776FADB-5620-C489-58F0-FC82D8C4EC96}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaimpbidhbgigknbpekkeoojlngnpl"=hex:64,61,69,6f,70,68,6a,6c,00,85 "oaephfdalammeeihecaafkgjcipaff"=hex:6b,61,69,6f,69,69,6a,6e,61,6b,6d,67,61,62, 68,70,67,6b,6a,6d,6e,69,00,7c "naolndnkagbaagahpjndhoccnikc"=hex:69,61,62,6f,63,66,6f,61,6a,68,61,62,61,6f, 63,62,6b,6b,00,ff . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDC4B717-3FBD-D5D9-78C3-A2D963B7FF7D}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahnphlmgkkobkllacpchhnhnoacic"=hex:64,61,67,64,6d,6a,62,68,00,85 "oadpodbfgifogmlcgopoocoffpbkfc"=hex:6b,61,68,64,63,6a,6e,67,62,65,6a,6f,67,69, 68,63,67,66,63,69,69,69,00,00 "najobieokkghglombobpmhohjcpm"=hex:6a,61,67,64,6e,6a,65,68,6c,68,65,67,6d,69, 6a,68,64,67,67,66,00,0f . [HKEY_USERS\S-1-5-21-2136418324-59859425-3307268990-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17F1DB2-E15B-47E1-2D85-82110FD3EE91}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaogcakdeakhgofdkb"=hex:6a,61,70,62,6e,62,6b,70,6e,6c,6c,6e,62,65,6a,70,62,66, 6b,61,00,f2 "hamheoaoohmccjpl"=hex:6a,61,62,62,70,68,6f,6e,67,62,6f,70,66,6a,62,61,65,67, 68,61,00,f2 "ganhgdhgpjloed"=hex:61,63,6e,62,68,62,63,62,6d,65,61,66,6d,62,6b,63,64,6d,67, 6d,65,6e,6c,65,6d,64,69,6e,66,68,68,70,62,6b,69,68,70,6b,65,6c,66,65,66,6f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(5320) c:\windows\system32\WININET.dll c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll c:\documents and settings\Rochel\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\SearchIndexer.exe c:\documents and settings\Rochel\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe c:\program files\Southwest Airlines\Ding\Ding.exe c:\windows\system32\igfxsrvc.exe c:\documents and settings\Rochel\Application Data\Dropbox\bin\Dropbox.exe c:\program files\MamaBargains\MamaBargains\MamaBargains.exe c:\documents and settings\Rochel\Local Settings\Application Data\Spoon\3.32.2.12\Spoon-Sandbox.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\SearchProtocolHost.exe c:\documents and settings\Rochel\Local Settings\Application Data\Spoon\Client\Console\0.3.7.8\Spoon-Console.exe c:\windows\system32\wscntfy.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-03-31 22:31:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-01 02:31 . Pre-Run: 240,775,045,120 bytes free Post-Run: 241,108,897,792 bytes free . - - End Of File - - 58D1895F0606E79453C8EF62193A8403
- April 1, 2012
- 31 replies
Trojan.FakeAlert not being caught by Malwarebytes :-(

Fcvolunteer replied to Fcvolunteer's topic in Resolved Malware Removal Logs

20:03:52.0953 1756 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 20:03:52.0984 1756 ============================================================ 20:03:52.0984 1756 Current date / time: 2012/03/29 20:03:52.0984 20:03:52.0984 1756 SystemInfo: 20:03:52.0984 1756 20:03:52.0984 1756 OS Version: 5.1.2600 ServicePack: 3.0 20:03:52.0984 1756 Product type: Workstation 20:03:52.0984 1756 ComputerName: ROCHELHOMEPC 20:03:52.0984 1756 UserName: Administrator 20:03:52.0984 1756 Windows directory: C:\WINDOWS 20:03:52.0984 1756 System windows directory: C:\WINDOWS 20:03:52.0984 1756 Processor architecture: Intel x86 20:03:52.0984 1756 Number of processors: 2 20:03:52.0984 1756 Page size: 0x1000 20:03:52.0984 1756 Boot type: Safe boot 20:03:52.0984 1756 ============================================================ 20:03:59.0812 1756 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:03:59.0812 1756 Drive \Device\Harddisk1\DR6 - Size: 0x3EF00000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:03:59.0812 1756 \Device\Harddisk0\DR0: 20:03:59.0812 1756 MBR used 20:03:59.0812 1756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2541A2B0 20:03:59.0812 1756 \Device\Harddisk1\DR6: 20:03:59.0812 1756 MBR used 20:03:59.0812 1756 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x6, StartLBA 0x1E0, BlocksNum 0x1F7620 20:03:59.0843 1756 Initialize success 20:03:59.0843 1756 ============================================================ 20:04:29.0640 1788 ============================================================ 20:04:29.0640 1788 Scan started 20:04:29.0640 1788 Mode: Manual; 20:04:29.0640 1788 ============================================================ 20:04:31.0000 1788 Abiosdsk - ok 20:04:31.0234 1788 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 20:04:31.0234 1788 abp480n5 - ok 20:04:31.0484 1788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:04:31.0531 1788 ACPI - ok 20:04:31.0734 1788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:04:31.0734 1788 ACPIEC - ok 20:04:32.0031 1788 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys 20:04:32.0109 1788 ADIHdAudAddService - ok 20:04:32.0312 1788 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 20:04:32.0343 1788 adpu160m - ok 20:04:32.0546 1788 AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe 20:04:32.0656 1788 AdvancedSystemCareService5 - ok 20:04:32.0906 1788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:04:32.0937 1788 aec - ok 20:04:33.0187 1788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:04:33.0234 1788 AFD - ok 20:04:33.0453 1788 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 20:04:33.0484 1788 agp440 - ok 20:04:33.0671 1788 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 20:04:33.0687 1788 agpCPQ - ok 20:04:33.0875 1788 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 20:04:33.0875 1788 Aha154x - ok 20:04:34.0062 1788 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 20:04:34.0078 1788 aic78u2 - ok 20:04:34.0265 1788 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 20:04:34.0281 1788 aic78xx - ok 20:04:34.0468 1788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 20:04:34.0468 1788 Alerter - ok 20:04:34.0656 1788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 20:04:34.0671 1788 ALG - ok 20:04:34.0859 1788 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 20:04:34.0859 1788 AliIde - ok 20:04:35.0046 1788 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 20:04:35.0062 1788 alim1541 - ok 20:04:35.0250 1788 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 20:04:35.0250 1788 amdagp - ok 20:04:35.0453 1788 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 20:04:35.0453 1788 amsint - ok 20:04:35.0546 1788 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:04:35.0562 1788 Apple Mobile Device - ok 20:04:35.0812 1788 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 20:04:35.0859 1788 AppMgmt - ok 20:04:36.0078 1788 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 20:04:36.0093 1788 asc - ok 20:04:36.0312 1788 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 20:04:36.0312 1788 asc3350p - ok 20:04:36.0500 1788 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 20:04:36.0515 1788 asc3550 - ok 20:04:36.0656 1788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:04:36.0734 1788 aspnet_state - ok 20:04:36.0937 1788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:04:36.0953 1788 AsyncMac - ok 20:04:37.0171 1788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:04:37.0171 1788 atapi - ok 20:04:37.0343 1788 Atdisk - ok 20:04:37.0562 1788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:04:37.0562 1788 Atmarpc - ok 20:04:37.0781 1788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 20:04:37.0796 1788 AudioSrv - ok 20:04:37.0968 1788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:04:37.0984 1788 audstub - ok 20:04:38.0093 1788 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 20:04:38.0125 1788 BcmSqlStartupSvc - ok 20:04:38.0328 1788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:04:38.0328 1788 Beep - ok 20:04:38.0531 1788 bhyylicz - ok 20:04:38.0828 1788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 20:04:38.0984 1788 BITS - ok 20:04:39.0140 1788 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 20:04:39.0218 1788 Bonjour Service - ok 20:04:39.0468 1788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 20:04:39.0484 1788 Browser - ok 20:04:40.0062 1788 CarboniteService (9bbed669da150776fef3343f48f92fb0) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 20:04:40.0531 1788 CarboniteService - ok 20:04:40.0765 1788 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 20:04:40.0781 1788 cbidf - ok 20:04:40.0968 1788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:04:40.0968 1788 cbidf2k - ok 20:04:41.0171 1788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:04:41.0187 1788 CCDECODE - ok 20:04:41.0359 1788 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 20:04:41.0359 1788 cd20xrnt - ok 20:04:41.0578 1788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:04:41.0578 1788 Cdaudio - ok 20:04:41.0781 1788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:04:41.0796 1788 Cdfs - ok 20:04:42.0000 1788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:04:42.0015 1788 Cdrom - ok 20:04:42.0187 1788 Changer - ok 20:04:42.0390 1788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 20:04:42.0390 1788 CiSvc - ok 20:04:42.0578 1788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 20:04:42.0593 1788 ClipSrv - ok 20:04:42.0718 1788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:04:42.0796 1788 clr_optimization_v2.0.50727_32 - ok 20:04:43.0031 1788 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 20:04:43.0031 1788 CmdIde - ok 20:04:43.0187 1788 COMSysApp - ok 20:04:43.0406 1788 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 20:04:43.0406 1788 Cpqarray - ok 20:04:43.0656 1788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 20:04:43.0656 1788 CryptSvc - ok 20:04:43.0890 1788 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 20:04:43.0937 1788 dac2w2k - ok 20:04:44.0109 1788 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 20:04:44.0125 1788 dac960nt - ok 20:04:44.0406 1788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 20:04:44.0484 1788 DcomLaunch - ok 20:04:44.0703 1788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 20:04:44.0734 1788 Dhcp - ok 20:04:44.0937 1788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:04:44.0953 1788 Disk - ok 20:04:45.0140 1788 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 20:04:45.0156 1788 DLABMFSM - ok 20:04:45.0328 1788 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 20:04:45.0343 1788 DLABOIOM - ok 20:04:45.0515 1788 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 20:04:45.0515 1788 DLACDBHM - ok 20:04:45.0687 1788 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 20:04:45.0703 1788 DLADResM - ok 20:04:45.0906 1788 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 20:04:45.0921 1788 DLAIFS_M - ok 20:04:46.0093 1788 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 20:04:46.0109 1788 DLAOPIOM - ok 20:04:46.0281 1788 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 20:04:46.0281 1788 DLAPoolM - ok 20:04:46.0500 1788 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 20:04:46.0500 1788 DLARTL_M - ok 20:04:46.0734 1788 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 20:04:46.0750 1788 DLAUDFAM - ok 20:04:46.0953 1788 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 20:04:46.0968 1788 DLAUDF_M - ok 20:04:47.0125 1788 dmadmin - ok 20:04:47.0531 1788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:04:47.0718 1788 dmboot - ok 20:04:47.0953 1788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:04:48.0000 1788 dmio - ok 20:04:48.0171 1788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:04:48.0171 1788 dmload - ok 20:04:48.0375 1788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 20:04:48.0375 1788 dmserver - ok 20:04:48.0609 1788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:04:48.0625 1788 DMusic - ok 20:04:48.0843 1788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 20:04:48.0843 1788 Dnscache - ok 20:04:49.0062 1788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 20:04:49.0093 1788 Dot3svc - ok 20:04:49.0296 1788 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 20:04:49.0312 1788 dpti2o - ok 20:04:49.0500 1788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:04:49.0500 1788 drmkaud - ok 20:04:49.0734 1788 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 20:04:49.0765 1788 DRVMCDB - ok 20:04:49.0968 1788 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 20:04:49.0968 1788 DRVNDDM - ok 20:04:50.0140 1788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 20:04:50.0156 1788 EapHost - ok 20:04:50.0343 1788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 20:04:50.0343 1788 ERSvc - ok 20:04:50.0578 1788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 20:04:50.0578 1788 Eventlog - ok 20:04:50.0843 1788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 20:04:50.0906 1788 EventSystem - ok 20:04:51.0140 1788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:04:51.0171 1788 Fastfat - ok 20:04:51.0390 1788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:04:51.0437 1788 FastUserSwitchingCompatibility - ok 20:04:51.0703 1788 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 20:04:51.0765 1788 Fax - ok 20:04:51.0968 1788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:04:51.0968 1788 Fdc - ok 20:04:52.0156 1788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:04:52.0171 1788 Fips - ok 20:04:52.0406 1788 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 20:04:52.0562 1788 FLEXnet Licensing Service - ok 20:04:52.0765 1788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:04:52.0765 1788 Flpydisk - ok 20:04:52.0984 1788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:04:53.0015 1788 FltMgr - ok 20:04:53.0125 1788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:04:53.0140 1788 FontCache3.0.0.0 - ok 20:04:53.0312 1788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:04:53.0312 1788 Fs_Rec - ok 20:04:53.0546 1788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:04:53.0578 1788 Ftdisk - ok 20:04:53.0781 1788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20:04:53.0781 1788 GEARAspiWDM - ok 20:04:53.0968 1788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:04:53.0984 1788 Gpc - ok 20:04:54.0109 1788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 20:04:54.0140 1788 gupdate - ok 20:04:54.0187 1788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 20:04:54.0187 1788 gupdatem - ok 20:04:54.0281 1788 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 20:04:54.0312 1788 gusvc - ok 20:04:54.0609 1788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:04:54.0609 1788 HDAudBus - ok 20:04:54.0765 1788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:04:54.0781 1788 helpsvc - ok 20:04:54.0968 1788 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 20:04:54.0968 1788 HidServ - ok 20:04:55.0156 1788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:04:55.0156 1788 hidusb - ok 20:04:55.0343 1788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 20:04:55.0375 1788 hkmsvc - ok 20:04:55.0578 1788 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 20:04:55.0593 1788 hpn - ok 20:04:55.0843 1788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:04:55.0906 1788 HTTP - ok 20:04:56.0093 1788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 20:04:56.0093 1788 HTTPFilter - ok 20:04:56.0312 1788 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 20:04:56.0312 1788 i2omgmt - ok 20:04:56.0500 1788 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 20:04:56.0500 1788 i2omp - ok 20:04:58.0140 1788 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:04:59.0609 1788 ialm - ok 20:04:59.0937 1788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:05:00.0156 1788 idsvc - ok 20:05:00.0390 1788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:05:00.0390 1788 Imapi - ok 20:05:00.0609 1788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 20:05:00.0640 1788 ImapiService - ok 20:05:00.0906 1788 IMFservice (491fb9e6c0bd1383884d64ea5b886ad8) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe 20:05:00.0921 1788 IMFservice - ok 20:05:01.0140 1788 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 20:05:01.0140 1788 ini910u - ok 20:05:01.0359 1788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:05:01.0359 1788 IntelIde - ok 20:05:01.0562 1788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:05:01.0578 1788 intelppm - ok 20:05:01.0765 1788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:05:01.0781 1788 Ip6Fw - ok 20:05:01.0953 1788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:05:01.0968 1788 IpFilterDriver - ok 20:05:02.0140 1788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:05:02.0140 1788 IpInIp - ok 20:05:02.0375 1788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:05:02.0406 1788 IpNat - ok 20:05:02.0671 1788 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe 20:05:02.0875 1788 iPod Service - ok 20:05:03.0078 1788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:05:03.0109 1788 IPSec - ok 20:05:03.0312 1788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:05:03.0312 1788 IRENUM - ok 20:05:03.0515 1788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:05:03.0531 1788 isapnp - ok 20:05:03.0625 1788 JavaQuickStarterService (44ffba62f0f426b581759c49aafec2e2) C:\Program Files\Java\jre6\bin\jqs.exe 20:05:03.0671 1788 JavaQuickStarterService - ok 20:05:03.0890 1788 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys 20:05:03.0937 1788 k57w2k - ok 20:05:04.0171 1788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:05:04.0171 1788 Kbdclass - ok 20:05:04.0406 1788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:05:04.0421 1788 kbdhid - ok 20:05:04.0718 1788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:05:04.0750 1788 kmixer - ok 20:05:04.0984 1788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:05:05.0000 1788 KSecDD - ok 20:05:05.0218 1788 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 20:05:05.0250 1788 LanmanServer - ok 20:05:05.0468 1788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 20:05:05.0500 1788 lanmanworkstation - ok 20:05:05.0671 1788 lbrtfdc - ok 20:05:05.0890 1788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 20:05:05.0890 1788 LmHosts - ok 20:05:05.0984 1788 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 20:05:06.0000 1788 LMIInfo - ok 20:05:06.0078 1788 LMIMaint (500f1e4461075d602ce77109a9a3d634) C:\Program Files\LogMeIn\x86\RaMaint.exe 20:05:06.0109 1788 LMIMaint - ok 20:05:06.0281 1788 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 20:05:06.0296 1788 lmimirr - ok 20:05:06.0468 1788 LMIRfsClientNP - ok 20:05:06.0671 1788 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 20:05:06.0687 1788 LMIRfsDriver - ok 20:05:06.0750 1788 LogMeIn (9015122d04c195bdab88febcbae229db) C:\Program Files\LogMeIn\x86\LogMeIn.exe 20:05:06.0765 1788 LogMeIn - ok 20:05:06.0968 1788 LVPr2Mon (f4d5180e84bca0b7caa68a39ca770cb7) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20:05:06.0968 1788 LVPr2Mon - ok 20:05:07.0093 1788 LVPrcSrv (6c6362c5febcebbb76c991899b5223a7) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 20:05:07.0125 1788 LVPrcSrv - ok 20:05:07.0390 1788 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 20:05:07.0390 1788 MBAMProtector - ok 20:05:07.0640 1788 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:05:07.0796 1788 MBAMService - ok 20:05:08.0015 1788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 20:05:08.0015 1788 Messenger - ok 20:05:08.0140 1788 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 20:05:08.0156 1788 Microsoft Office Groove Audit Service - ok 20:05:08.0406 1788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:05:08.0406 1788 mnmdd - ok 20:05:08.0625 1788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 20:05:08.0640 1788 mnmsrvc - ok 20:05:08.0843 1788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:05:08.0843 1788 Modem - ok 20:05:09.0062 1788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:05:09.0078 1788 Mouclass - ok 20:05:09.0250 1788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:05:09.0250 1788 mouhid - ok 20:05:09.0484 1788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:05:09.0500 1788 MountMgr - ok 20:05:09.0671 1788 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 20:05:09.0687 1788 mraid35x - ok 20:05:09.0937 1788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:05:09.0968 1788 MRxDAV - ok 20:05:10.0265 1788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:05:10.0375 1788 MRxSmb - ok 20:05:10.0578 1788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 20:05:10.0578 1788 MSDTC - ok 20:05:10.0765 1788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:05:10.0765 1788 Msfs - ok 20:05:10.0921 1788 MSIServer - ok 20:05:11.0125 1788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:05:11.0140 1788 MSKSSRV - ok 20:05:11.0312 1788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:05:11.0312 1788 MSPCLOCK - ok 20:05:11.0500 1788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:05:11.0500 1788 MSPQM - ok 20:05:11.0734 1788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:05:11.0734 1788 mssmbios - ok 20:05:11.0828 1788 MSSQL$MSSMLBIZ - ok 20:05:11.0890 1788 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 20:05:11.0921 1788 MSSQLServerADHelper - ok 20:05:12.0125 1788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:05:12.0125 1788 MSTEE - ok 20:05:12.0343 1788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:05:12.0375 1788 Mup - ok 20:05:12.0578 1788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:05:12.0593 1788 NABTSFEC - ok 20:05:12.0843 1788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 20:05:12.0921 1788 napagent - ok 20:05:13.0140 1788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:05:13.0187 1788 NDIS - ok 20:05:13.0359 1788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:05:13.0375 1788 NdisIP - ok 20:05:13.0593 1788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:05:13.0593 1788 NdisTapi - ok 20:05:13.0765 1788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:05:13.0781 1788 Ndisuio - ok 20:05:13.0968 1788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:05:14.0000 1788 NdisWan - ok 20:05:14.0218 1788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:05:14.0234 1788 NDProxy - ok 20:05:14.0406 1788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:05:14.0421 1788 NetBIOS - ok 20:05:14.0656 1788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:05:14.0703 1788 NetBT - ok 20:05:14.0921 1788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:05:14.0953 1788 NetDDE - ok 20:05:14.0984 1788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:05:14.0984 1788 NetDDEdsdm - ok 20:05:15.0171 1788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:15.0171 1788 Netlogon - ok 20:05:15.0406 1788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 20:05:15.0453 1788 Netman - ok 20:05:15.0609 1788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:05:15.0640 1788 NetTcpPortSharing - ok 20:05:15.0875 1788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 20:05:15.0921 1788 Nla - ok 20:05:16.0140 1788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:05:16.0156 1788 Npfs - ok 20:05:16.0468 1788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:05:16.0625 1788 Ntfs - ok 20:05:16.0828 1788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:16.0843 1788 NtLmSsp - ok 20:05:17.0187 1788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 20:05:17.0296 1788 NtmsSvc - ok 20:05:17.0500 1788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:05:17.0500 1788 Null - ok 20:05:17.0703 1788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:05:17.0718 1788 NwlnkFlt - ok 20:05:17.0921 1788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:05:17.0921 1788 NwlnkFwd - ok 20:05:18.0140 1788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:05:18.0250 1788 odserv - ok 20:05:18.0328 1788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:05:18.0375 1788 ose - ok 20:05:18.0609 1788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:05:18.0640 1788 Parport - ok 20:05:18.0828 1788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:05:18.0843 1788 PartMgr - ok 20:05:19.0015 1788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:05:19.0015 1788 ParVdm - ok 20:05:19.0218 1788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:05:19.0234 1788 PCI - ok 20:05:19.0406 1788 PCIDump - ok 20:05:19.0593 1788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:05:19.0593 1788 PCIIde - ok 20:05:19.0812 1788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:05:19.0843 1788 Pcmcia - ok 20:05:20.0015 1788 PDCOMP - ok 20:05:20.0203 1788 PDFRAME - ok 20:05:20.0375 1788 PDRELI - ok 20:05:20.0546 1788 PDRFRAME - ok 20:05:20.0734 1788 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 20:05:20.0734 1788 perc2 - ok 20:05:20.0921 1788 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 20:05:20.0921 1788 perc2hib - ok 20:05:21.0187 1788 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE 20:05:21.0250 1788 PEVSystemStart - ok 20:05:22.0140 1788 PID_PEPI (bd8c6c254835ea14ec0242f76009cbc4) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 20:05:22.0859 1788 PID_PEPI - ok 20:05:23.0093 1788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 20:05:23.0093 1788 PlugPlay - ok 20:05:23.0265 1788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:23.0281 1788 PolicyAgent - ok 20:05:23.0500 1788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:05:23.0515 1788 PptpMiniport - ok 20:05:23.0703 1788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:23.0703 1788 ProtectedStorage - ok 20:05:23.0890 1788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:05:23.0906 1788 PSched - ok 20:05:24.0078 1788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:05:24.0093 1788 Ptilink - ok 20:05:24.0296 1788 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:05:24.0312 1788 PxHelp20 - ok 20:05:24.0546 1788 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 20:05:24.0546 1788 ql1080 - ok 20:05:24.0734 1788 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 20:05:24.0734 1788 Ql10wnt - ok 20:05:24.0921 1788 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 20:05:24.0937 1788 ql12160 - ok 20:05:25.0125 1788 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 20:05:25.0140 1788 ql1240 - ok 20:05:25.0328 1788 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 20:05:25.0343 1788 ql1280 - ok 20:05:25.0531 1788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:05:25.0531 1788 RasAcd - ok 20:05:25.0750 1788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 20:05:25.0765 1788 RasAuto - ok 20:05:25.0984 1788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:05:26.0000 1788 Rasl2tp - ok 20:05:26.0203 1788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 20:05:26.0250 1788 RasMan - ok 20:05:26.0437 1788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:05:26.0437 1788 RasPppoe - ok 20:05:26.0625 1788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:05:26.0625 1788 Raspti - ok 20:05:26.0843 1788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:05:26.0875 1788 Rdbss - ok 20:05:27.0046 1788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:05:27.0062 1788 RDPCDD - ok 20:05:27.0296 1788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:05:27.0343 1788 rdpdr - ok 20:05:27.0593 1788 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 20:05:27.0625 1788 RDPWD - ok 20:05:27.0843 1788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 20:05:27.0875 1788 RDSessMgr - ok 20:05:28.0078 1788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:05:28.0093 1788 redbook - ok 20:05:28.0281 1788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 20:05:28.0296 1788 RemoteAccess - ok 20:05:28.0500 1788 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 20:05:28.0515 1788 RemoteRegistry - ok 20:05:28.0734 1788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 20:05:28.0750 1788 RpcLocator - ok 20:05:29.0031 1788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 20:05:29.0031 1788 RpcSs - ok 20:05:29.0234 1788 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 20:05:29.0234 1788 RRNetCap - ok 20:05:29.0250 1788 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 20:05:29.0250 1788 RRNetCapMP - ok 20:05:29.0453 1788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 20:05:29.0500 1788 RSVP - ok 20:05:29.0671 1788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:05:29.0671 1788 SamSs - ok 20:05:29.0906 1788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 20:05:29.0937 1788 SCardSvr - ok 20:05:30.0234 1788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 20:05:30.0296 1788 Schedule - ok 20:05:30.0546 1788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:05:30.0546 1788 Secdrv - ok 20:05:30.0781 1788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 20:05:30.0781 1788 seclogon - ok 20:05:31.0000 1788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 20:05:31.0015 1788 SENS - ok 20:05:31.0187 1788 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:05:31.0203 1788 Serenum - ok 20:05:31.0421 1788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:05:31.0437 1788 Serial - ok 20:05:31.0656 1788 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys 20:05:31.0671 1788 SFAUDIO - ok 20:05:31.0875 1788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:05:31.0875 1788 Sfloppy - ok 20:05:32.0156 1788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 20:05:32.0250 1788 SharedAccess - ok 20:05:32.0468 1788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:05:32.0468 1788 ShellHWDetection - ok 20:05:32.0625 1788 Simbad - ok 20:05:32.0843 1788 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 20:05:32.0843 1788 sisagp - ok 20:05:33.0046 1788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:05:33.0062 1788 SLIP - ok 20:05:33.0250 1788 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys 20:05:33.0250 1788 SmartDefragDriver - ok 20:05:33.0453 1788 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 20:05:33.0468 1788 Sparrow - ok 20:05:33.0671 1788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:05:33.0687 1788 splitter - ok 20:05:33.0890 1788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 20:05:33.0906 1788 Spooler - ok 20:05:34.0031 1788 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:05:34.0093 1788 SQLBrowser - ok 20:05:34.0156 1788 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:05:34.0171 1788 SQLWriter - ok 20:05:34.0421 1788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:05:34.0437 1788 sr - ok 20:05:34.0687 1788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 20:05:34.0734 1788 srservice - ok 20:05:35.0000 1788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:05:35.0093 1788 Srv - ok 20:05:35.0328 1788 sscebus (29ae754f4e9dcc08dcfd4aef07375d52) C:\WINDOWS\system32\DRIVERS\sscebus.sys 20:05:35.0343 1788 sscebus - ok 20:05:35.0546 1788 sscemdfl (48de57f9c5a7f39ec3ea5cfbf163b811) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys 20:05:35.0546 1788 sscemdfl - ok 20:05:35.0750 1788 sscemdm (600d634c721e57e4b89d3dfdd381cdb7) C:\WINDOWS\system32\DRIVERS\sscemdm.sys 20:05:35.0781 1788 sscemdm - ok 20:05:35.0968 1788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 20:05:36.0000 1788 SSDPSRV - ok 20:05:36.0250 1788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 20:05:36.0328 1788 stisvc - ok 20:05:36.0500 1788 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 20:05:36.0515 1788 stllssvr - ok 20:05:36.0734 1788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:05:36.0734 1788 streamip - ok 20:05:36.0953 1788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:05:36.0953 1788 swenum - ok 20:05:37.0171 1788 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 20:05:37.0296 1788 SwitchBoard - ok 20:05:37.0546 1788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:05:37.0562 1788 swmidi - ok 20:05:37.0718 1788 SwPrv - ok 20:05:37.0921 1788 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 20:05:37.0921 1788 symc810 - ok 20:05:38.0140 1788 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 20:05:38.0140 1788 symc8xx - ok 20:05:38.0328 1788 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 20:05:38.0328 1788 sym_hi - ok 20:05:38.0531 1788 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 20:05:38.0531 1788 sym_u3 - ok 20:05:38.0765 1788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:05:38.0781 1788 sysaudio - ok 20:05:39.0000 1788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 20:05:39.0015 1788 SysmonLog - ok 20:05:39.0265 1788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 20:05:39.0312 1788 TapiSrv - ok 20:05:39.0515 1788 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys 20:05:39.0531 1788 tbhsd - ok 20:05:39.0812 1788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:05:39.0906 1788 Tcpip - ok 20:05:40.0109 1788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:05:40.0125 1788 TDPIPE - ok 20:05:40.0312 1788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:05:40.0312 1788 TDTCP - ok 20:05:40.0531 1788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:05:40.0531 1788 TermDD - ok 20:05:40.0812 1788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 20:05:40.0890 1788 TermService - ok 20:05:41.0109 1788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:05:41.0109 1788 Themes - ok 20:05:41.0296 1788 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 20:05:41.0312 1788 TlntSvr - ok 20:05:41.0484 1788 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 20:05:41.0484 1788 TosIde - ok 20:05:41.0703 1788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 20:05:41.0718 1788 TrkWks - ok 20:05:41.0921 1788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:05:41.0937 1788 Udfs - ok 20:05:42.0062 1788 UleadBurningHelper (810883e6225c0037f2553d964fc866e3) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 20:05:42.0093 1788 UleadBurningHelper - ok 20:05:42.0281 1788 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 20:05:42.0296 1788 ultra - ok 20:05:42.0671 1788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:05:42.0812 1788 Update - ok 20:05:43.0078 1788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 20:05:43.0125 1788 upnphost - ok 20:05:43.0312 1788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 20:05:43.0312 1788 UPS - ok 20:05:43.0531 1788 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:05:43.0546 1788 USBAAPL - ok 20:05:43.0765 1788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 20:05:43.0781 1788 usbaudio - ok 20:05:43.0984 1788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:05:43.0984 1788 usbccgp - ok 20:05:44.0203 1788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:05:44.0203 1788 usbehci - ok 20:05:44.0437 1788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:05:44.0453 1788 usbhub - ok 20:05:44.0671 1788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:05:44.0671 1788 usbscan - ok 20:05:44.0890 1788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:05:44.0890 1788 USBSTOR - ok 20:05:45.0078 1788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:05:45.0078 1788 usbuhci - ok 20:05:45.0328 1788 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 20:05:45.0359 1788 usbvideo - ok 20:05:45.0578 1788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:05:45.0578 1788 VgaSave - ok 20:05:45.0781 1788 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 20:05:45.0796 1788 viaagp - ok 20:05:45.0984 1788 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 20:05:45.0984 1788 ViaIde - ok 20:05:46.0171 1788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:05:46.0187 1788 VolSnap - ok 20:05:46.0437 1788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 20:05:46.0515 1788 VSS - ok 20:05:46.0734 1788 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 20:05:46.0781 1788 w32time - ok 20:05:46.0984 1788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:05:47.0000 1788 Wanarp - ok 20:05:47.0156 1788 WDICA - ok 20:05:47.0421 1788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:05:47.0437 1788 wdmaud - ok 20:05:47.0625 1788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 20:05:47.0640 1788 WebClient - ok 20:05:47.0921 1788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:05:47.0953 1788 winmgmt - ok 20:05:48.0406 1788 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll 20:05:48.0718 1788 WinRM - ok 20:05:48.0953 1788 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 20:05:48.0968 1788 WmdmPmSN - ok 20:05:49.0296 1788 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 20:05:49.0437 1788 Wmi - ok 20:05:49.0656 1788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:05:49.0687 1788 WmiApSrv - ok 20:05:49.0921 1788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:05:49.0937 1788 WS2IFSL - ok 20:05:50.0171 1788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 20:05:50.0187 1788 wscsvc - ok 20:05:50.0343 1788 WSearch - ok 20:05:50.0546 1788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:05:50.0562 1788 WSTCODEC - ok 20:05:50.0750 1788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 20:05:50.0750 1788 wuauserv - ok 20:05:51.0046 1788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 20:05:51.0171 1788 WZCSVC - ok 20:05:51.0375 1788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 20:05:51.0421 1788 xmlprov - ok 20:05:51.0468 1788 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 20:05:51.0500 1788 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected 20:05:51.0500 1788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0) 20:05:51.0515 1788 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR6 20:05:51.0515 1788 \Device\Harddisk1\DR6 - ok 20:05:51.0562 1788 Boot (0x1200) (7019eb4ed7475397299dcfc0ef612fee) \Device\Harddisk0\DR0\Partition0 20:05:51.0562 1788 \Device\Harddisk0\DR0\Partition0 - ok 20:05:51.0578 1788 Boot (0x1200) (ea94d10371f902e50906ebd662495cb5) \Device\Harddisk1\DR6\Partition0 20:05:51.0578 1788 \Device\Harddisk1\DR6\Partition0 - ok 20:05:51.0593 1788 ============================================================ 20:05:51.0593 1788 Scan finished 20:05:51.0593 1788 ============================================================ 20:05:51.0609 1780 Detected object count: 1 20:05:51.0609 1780 Actual detected object count: 1 20:06:35.0796 1780 \Device\Harddisk0\DR0\# - copied to quarantine 20:06:35.0796 1780 \Device\Harddisk0\DR0 - copied to quarantine 20:06:35.0875 1780 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 20:06:35.0875 1780 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine 20:06:35.0875 1780 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine 20:06:35.0890 1780 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine 20:06:35.0906 1780 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine 20:06:35.0906 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot 20:06:35.0906 1780 \Device\Harddisk0\DR0 - ok 20:06:36.0171 1780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 20:06:52.0390 1752 Deinitialize success
- March 30, 2012
- 31 replies

Sign In

Fcvolunteer

Posts

Joined

Last visited

Reputation

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Trojan.FakeAlert not being caught by Malwarebytes :-(

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information