Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 GreenKnight1029

GreenKnight1029

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 24 September 2011 - 07:01 PM

Recently, my computer has been taking at least 30 minutes to start up. Also, it is very unstable, constantly crashing, and very slow. Avast Anti-virus picks up the following: MBR:\\.\PHYSICALDRIVEO and Rootkit:hiddenboost sector. But cannot remove it. Additionally, AVG Rootkit Scan picks up the following: tcpip.sys, hooked import and IRP hook,\Drive\ Disk IRP_MJ_ Read [write, and device)

DDS.TXT is as follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Sergio at 20:08:05 on 2011-09-22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.49 [GMT -6:00]
.
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {FB37ED4E-3480-4D33-9C7E-AF76D021CBCE}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Disabled*
FW: AVG Firewall *Enabled*
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\TEMP\YM623F.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{12ECD71D-0D1C-484F-97AC-3663784424C6} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sergio\application data\mozilla\firefox\profiles\o3bxvhpl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - component: c:\documents and settings\sergio\application data\mozilla\firefox\profiles\o3bxvhpl.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\sergio\application data\mozilla\firefox\profiles\o3bxvhpl.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Youtube Videos +: {D8A08B86-9656-4d3c-8318-C7AA04000985} - %profile%\extensions\{D8A08B86-9656-4d3c-8318-C7AA04000985}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-31 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-31 320856]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-31 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-31 44768]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-4-18 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-4-18 36432]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-5-2 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-8-29 22216]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-6-3 340496]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton internet security\norton antivirus\savrtpel.sys --> c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [?]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S2 ccProxy;Symantec Network Proxy;"c:\program files\common files\symantec shared\ccproxy.exe" --> c:\program files\common files\symantec shared\ccProxy.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-6-3 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-6-3 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-6-3 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-6-3 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-6-3 115216]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-6-3 160400]
S3 SAVRT;SAVRT;\??\c:\program files\norton internet security\norton antivirus\savrt.sys --> c:\program files\norton internet security\norton antivirus\SAVRT.SYS [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-18 02:57:30 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 21:54:00 -------- dc----w- c:\documents and settings\sergio\application data\Uniblue
2011-09-15 21:49:01 -------- dc-h--w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-15 21:48:58 -------- dc----w- c:\program files\Uniblue
2011-09-15 21:47:57 -------- dc----w- c:\documents and settings\sergio\local settings\application data\PackageAware
2011-09-15 19:03:21 -------- dc-h--w- C:\$AVG
2011-09-15 17:19:10 -------- dc----w- c:\documents and settings\sergio\application data\AVG2012
2011-09-15 17:10:33 -------- dc----w- c:\windows\system32\drivers\AVG
2011-09-15 17:10:33 -------- dc----w- c:\documents and settings\all users\application data\AVG2012
2011-09-15 17:05:28 -------- dc----w- c:\program files\AVG
2011-09-15 16:45:49 -------- dc-h--w- c:\documents and settings\all users\application data\Common Files
2011-09-15 16:44:10 -------- dc----w- c:\documents and settings\all users\application data\MFAData
2011-09-15 02:13:24 -------- dc----w- c:\documents and settings\sergio\application data\WinPatrol
2011-09-15 02:12:31 -------- dc----w- c:\program files\BillP Studios
2011-09-15 02:12:30 -------- dc----w- c:\documents and settings\all users\application data\InstallMate
2011-09-15 02:07:30 388096 -c--a-r- c:\documents and settings\sergio\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-15 01:13:34 -------- dc----w- C:\48bb4b89ad54a19baa
2011-09-14 23:41:48 -------- dc----w- c:\program files\iPod
2011-09-14 23:08:09 -------- dc----w- c:\program files\Bonjour
2011-09-14 04:35:11 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-14 00:51:29 -------- dc----w- c:\program files\Spybot - Search & Destroy
2011-09-14 00:51:29 -------- dc----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-09-06 20:45:29 41184 -c--a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-31 23:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 17:20:54 83816 -c--a-w- c:\windows\system32\dns-sd.exe
2011-07-12 17:20:54 73064 -c--a-w- c:\windows\system32\dnssd.dll
2011-07-12 17:20:54 178536 -c--a-w- c:\windows\system32\dnssdX.dll
2011-07-11 07:14:38 295248 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 07:14:30 16720 -c--a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 07:14:28 24272 -c--a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 07:14:28 23120 -c--a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 07:14:26 134608 -c--a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 07:13:46 229840 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 07:13:42 32464 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-06 00:37:00 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37:00 69632 -c--a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x82728A0A]<<
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; MOV ECX, [EAX+0xc]; OR ECX, [EAX+0x10]; PUSH ESI; JNZ 0x94; MOV ESI, 0x200; CMP [EAX+0x4], ESI; JB 0x94; }
1 ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Harddisk0\DR0[0x82D87AB8]
\Driver\Disk[0x82DA5030] -> IRP_MJ_READ -> 0x82728A0A
kernel: MBR read successfully
_asm { NOP ; XOR AX, AX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; NOP ; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x626; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:10:57.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 25 September 2011 - 05:50 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GreenKnight1029

GreenKnight1029
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 26 September 2011 - 09:35 PM

Hello Gringo...thank you very much for your assistance. I truly appreciate it.

I had to run combofix twice: yesterday and today. Yesterday, I had no problem running combofix and the scan was completed. However, today, when I was going to post the log, I realized that I did not properly save it. Thus, I had to run another scan today. Today, my security software (AVG Free Trial) kept on alerting me about combofix so I uninstalled AVG in order to run combofix. My computer is still running slower and being less responsive than before the rootkit alerts. Below is the combofix log:

ComboFix 11-09-26.02 - Sergio 09/26/2011 19:13:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.148 [GMT -6:00]
Running from: c:\documents and settings\Sergio\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-25 06:38 . 2011-09-25 06:38 -------- dc----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-25 05:27 . 2011-09-25 05:27 -------- dc----w- c:\documents and settings\Sergio\log
2011-09-18 02:57 . 2011-09-18 02:57 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 21:48 . 2011-09-15 21:48 -------- dc----w- c:\program files\Uniblue
2011-09-15 21:47 . 2011-09-15 21:47 -------- dc----w- c:\documents and settings\Sergio\Local Settings\Application Data\PackageAware
2011-09-15 19:03 . 2011-09-15 19:03 -------- dc----w- C:\$AVG
2011-09-15 17:19 . 2011-09-15 17:19 -------- dc----w- c:\documents and settings\Sergio\Application Data\AVG2012
2011-09-15 17:10 . 2011-09-26 23:20 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-15 17:10 . 2011-09-26 10:50 -------- dc----w- c:\windows\system32\drivers\AVG
2011-09-15 17:05 . 2011-09-15 17:05 -------- dc----w- c:\program files\AVG
2011-09-15 16:45 . 2011-09-15 16:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-15 16:44 . 2011-09-26 23:20 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-15 02:13 . 2011-09-15 02:13 -------- dc----w- c:\documents and settings\Sergio\Application Data\WinPatrol
2011-09-15 02:12 . 2011-09-15 02:12 -------- dc----w- c:\program files\BillP Studios
2011-09-15 02:12 . 2011-09-25 06:40 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-09-15 02:07 . 2011-09-15 02:07 388096 -c--a-r- c:\documents and settings\Sergio\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-15 01:13 . 2011-09-15 01:13 -------- dc----w- C:\48bb4b89ad54a19baa
2011-09-14 23:41 . 2011-09-14 23:41 -------- dc----w- c:\program files\iPod
2011-09-14 23:08 . 2011-09-14 23:08 -------- dc----w- c:\program files\Bonjour
2011-09-14 00:51 . 2011-09-15 06:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-14 00:51 . 2011-09-14 00:56 -------- dc----w- c:\program files\Spybot - Search & Destroy
2011-09-10 01:52 . 2011-09-14 15:06 -------- dc----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Conduit
2011-09-10 01:52 . 2011-09-15 07:09 -------- dc----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\BitTorrentBar
2011-09-09 23:28 . 2011-09-09 23:28 -------- dcsh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2011-03-31 20:22 41184 -c--a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-03-31 20:22 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-31 20:23 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-03-31 20:23 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-03-31 20:23 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-03-31 20:23 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-03-31 20:23 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-03-31 20:23 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-03-31 20:23 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-03-31 20:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-31 23:00 . 2008-08-30 04:41 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 17:20 . 2011-07-12 17:20 83816 -c--a-w- c:\windows\system32\dns-sd.exe
2011-07-12 17:20 . 2011-07-12 17:20 73064 -c--a-w- c:\windows\system32\dnssd.dll
2011-07-12 17:20 . 2011-07-12 17:20 178536 -c--a-w- c:\windows\system32\dnssdX.dll
2011-07-06 00:37 . 2011-07-06 00:37 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37 . 2011-07-06 00:37 69632 -c--a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-26_07.12.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-26 22:19 . 2011-09-26 22:19 16384 c:\windows\Temp\Perflib_Perfdata_644.dat
+ 2011-09-26 22:22 . 2011-09-27 01:26 72192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{00AD3ED0-E88E-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:57 . 2011-09-26 23:10 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EB952CEA-E892-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:11 . 2011-09-26 23:13 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E9A3E0F1-E894-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:52 20992 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{825E8790-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:36 . 2011-09-26 23:48 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5C7F27A9-E898-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:54 . 2011-09-27 00:58 25088 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4DD98D32-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:49 . 2011-09-26 23:52 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2ADA0EFB-E89A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:31 . 2011-09-27 00:38 61440 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CF0A9E8-E8A0-11E0-9659-0014A52CF965}.dat
- 2011-09-10 04:48 . 2011-09-14 16:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-09-10 04:48 . 2011-09-26 23:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-09-03 21:51 . 2011-09-15 12:05 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-09-03 21:51 . 2011-09-27 00:25 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-09-26 22:19 . 2011-09-27 01:25 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FF5417D3-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FF5417D2-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:59 . 2011-09-27 00:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FB6E019E-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:14 . 2011-09-27 01:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FA9ACFD4-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:31 . 2011-09-27 00:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F6B59CBB-E89F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:30 . 2011-09-27 00:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F6B59CBA-E89F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F54C5332-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F54C5331-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F54C5330-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:59 . 2011-09-27 00:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EEB53563-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:59 . 2011-09-27 00:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EEB53562-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EDDDBEA5-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EDDDBEA4-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:13 . 2011-09-27 01:13 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ECD23785-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:13 . 2011-09-27 01:13 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ECD23784-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:09 . 2011-09-27 00:09 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC9BA862-E89C-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:11 . 2011-09-26 23:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E9A3E0F0-E894-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E62ECA9B-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E62ECA9A-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:59 . 2011-09-27 00:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E3FF6517-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:59 . 2011-09-27 00:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E3FF6516-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:13 . 2011-09-27 01:13 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E320478B-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:13 . 2011-09-27 01:13 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E320478A-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:23 . 2011-09-27 00:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DFA37C28-E89E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DC1190CF-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DC1190CE-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:15 . 2011-09-27 00:17 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D821550D-E89D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:15 . 2011-09-27 00:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D821550C-E89D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:13 . 2011-09-27 01:13 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D72D5E7C-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:35 . 2011-09-26 22:39 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D6DADD70-E88F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D2DDFD77-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:20 . 2011-09-27 01:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D2DDFD76-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:51 . 2011-09-27 00:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D0406C06-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:12 . 2011-09-27 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CE8675E3-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:12 . 2011-09-27 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CE8675E2-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:54 . 2011-09-26 23:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD78539C-E89A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CAD934C6-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CAD934C5-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CAD934C4-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:01 . 2011-09-27 00:04 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C97C64E4-E89B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:12 . 2011-09-27 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C6925DA7-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:12 . 2011-09-27 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C6925DA6-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:32 . 2011-09-26 23:35 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C2C10410-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BF4F332F-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BF4F332E-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:12 . 2011-09-27 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCBF0CC1-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:12 . 2011-09-27 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCBF0CC0-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:26 . 2011-09-27 01:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B6C7C8E7-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:26 . 2011-09-27 01:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B6C7C8E6-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B4628CCD-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B4628CCC-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AC21A991-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AC21A990-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:19 . 2011-09-27 01:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA5865D1-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:18 . 2011-09-27 01:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA5865D0-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:25 . 2011-09-27 01:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A258E192-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1F88403-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1F88402-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:18 . 2011-09-27 01:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A0792928-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{994A745B-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{994A745A-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:49 . 2011-09-27 00:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{98E4D256-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:52 . 2011-09-26 23:52 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9741FB2B-E89A-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:52 . 2011-09-26 23:59 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9741FB2A-E89A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:18 . 2011-09-27 01:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9544FC3A-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:42 . 2011-09-27 00:44 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{943513C0-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:49 . 2011-09-27 00:49 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{91A84F2C-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90822AD5-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:11 . 2011-09-27 01:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90822AD4-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:03 . 2011-09-27 01:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8E02B4DC-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:42 . 2011-09-27 00:42 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CA51E48-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:16 . 2011-09-26 23:19 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8C612425-E895-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:16 . 2011-09-26 23:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8C612424-E895-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:10 . 2011-09-27 01:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8951936C-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:18 . 2011-09-27 01:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{889A7E1B-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:17 . 2011-09-27 01:17 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{889A7E1A-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:49 . 2011-09-27 00:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{878650AD-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:49 . 2011-09-27 00:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{878650AC-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:03 . 2011-09-27 01:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8581F1E2-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:20 . 2011-09-27 00:25 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84F248A4-E89E-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:40 . 2011-09-26 22:44 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82927B8C-E890-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:17 . 2011-09-27 01:17 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82833C2F-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:17 . 2011-09-27 01:17 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82833C2E-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:23 . 2011-09-26 23:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7FF9E79C-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7C08573E-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:03 . 2011-09-27 01:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7BFD4E96-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:10 . 2011-09-27 01:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7BE1321E-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B9DFEB0-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B9DFEAF-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B9DFEAE-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:40 . 2011-09-26 22:40 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{792A7479-E890-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:40 . 2011-09-26 22:40 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{792A7478-E890-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:17 . 2011-09-27 01:17 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{78CA2526-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:30 . 2011-09-26 23:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{762BDB2B-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:30 . 2011-09-26 23:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{762BDB2A-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{74F54D51-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{74F54D50-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{716CC0D1-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{716CC0D0-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:17 . 2011-09-27 01:17 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E99D88A-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:47 . 2011-09-26 22:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E3BEB7D-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E3BEB7C-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:05 . 2011-09-27 00:07 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A049AC7-E89C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:05 . 2011-09-27 00:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A049AC6-E89C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{679BD246-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{679BD245-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{679BD244-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{677B629B-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{677B629A-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:22 . 2011-09-26 23:28 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{659C4658-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:22 . 2011-09-26 23:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{659C4657-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:22 . 2011-09-26 23:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{659C4656-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{64E2A41D-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{64E2A41C-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:48 . 2011-09-27 00:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{64D9FDCE-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:16 . 2011-09-27 01:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{61ECF810-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{60F58341-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:24 . 2011-09-27 01:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{60F58340-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D67B237-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D67B236-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:36 . 2011-09-26 23:36 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5C7F27A8-E898-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5BB1731F-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5BB1731E-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{572494B5-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{572494B4-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:16 . 2011-09-27 01:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54815B76-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{531F8E17-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:46 . 2011-09-26 22:46 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{531F8E16-E891-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:53 . 2011-09-26 22:53 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{524BDC8C-E892-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FFFE90F-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FFFE90E-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FD19CE1-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FD19CE0-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:02 . 2011-09-27 01:02 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E09BBFB-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:02 . 2011-09-27 01:02 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E09BBFA-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47B4FCAB-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:09 . 2011-09-27 01:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47B4FCAA-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47222A60-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47222A5F-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47222A5E-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:16 . 2011-09-27 01:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44186C03-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:16 . 2011-09-27 01:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44186C02-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{401C7D4B-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{401C7D4A-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:28 . 2011-09-26 23:30 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3FB2C0E0-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:18 . 2011-09-27 00:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3CB8EC47-E89E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:18 . 2011-09-27 00:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3CB8EC46-E89E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:54 . 2011-09-27 00:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3BCA9D84-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:23 . 2011-09-27 01:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{38F56F4B-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{38F56F4A-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:28 . 2011-09-26 23:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{38ED734C-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:28 . 2011-09-26 23:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{38ED734B-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:28 . 2011-09-26 23:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{38ED734A-E897-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:01 . 2011-09-27 01:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3864E2F2-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:08 . 2011-09-27 01:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{36F89AE8-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3589F085-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3589F084-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31DA4D0D-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31DA4D0C-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:20 . 2011-09-26 23:22 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2FC08740-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:54 . 2011-09-27 00:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2F8DCB91-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:54 . 2011-09-27 00:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2F8DCB90-E8A3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:18 . 2011-09-27 00:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2F7CFEB4-E89E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:01 . 2011-09-27 01:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2EABCBEA-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:08 . 2011-09-27 01:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2D7D8104-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2CFADF70-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2CFADF6F-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2CFADF6E-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:49 . 2011-09-26 23:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2ADA0EFA-E89A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2AC8B437-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2AC8B436-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:20 . 2011-09-26 23:20 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{292623FF-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:20 . 2011-09-26 23:20 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{292623FE-E896-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:52 . 2011-09-26 22:52 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27F095A5-E892-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:52 . 2011-09-26 22:52 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27F095A4-E892-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:08 . 2011-09-27 01:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{272AA44E-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:00 . 2011-09-27 01:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{261CBAD4-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 23:13 . 2011-09-26 23:15 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{230BFFF8-E895-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{23044B04-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{23044B03-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{23044B02-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22FCA435-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:15 . 2011-09-27 01:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22FCA434-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:46 . 2011-09-27 00:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2050C4A8-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:07 . 2011-09-27 01:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1D195644-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:00 . 2011-09-27 01:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1C17588E-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:00 . 2011-09-27 01:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1C17588D-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:00 . 2011-09-27 01:00 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1C17588C-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1B6F90D7-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:22 . 2011-09-27 01:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1B6F90D6-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:14 . 2011-09-27 01:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14886295-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:14 . 2011-09-27 01:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14886294-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:07 . 2011-09-27 01:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{13C926B4-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{139A772D-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{139A772C-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:39 . 2011-09-27 00:42 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12E70AAA-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:38 . 2011-09-27 00:38 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12E70AA9-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:38 . 2011-09-27 00:38 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12E70AA8-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:00 . 2011-09-27 01:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0EFF2E40-E8A4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:45 . 2011-09-27 00:46 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E54E7CA-E8A2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09B1B11D-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:21 . 2011-09-27 01:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09B1B11C-E8A7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:38 . 2011-09-27 00:38 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09672C11-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:38 . 2011-09-27 00:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09672C10-E8A1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:07 . 2011-09-27 01:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07BC03C8-E8A5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:14 . 2011-09-27 01:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{077E8665-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:14 . 2011-09-27 01:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{077E8664-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 00:31 . 2011-09-27 00:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0307E3D8-E8A0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:14 . 2011-09-27 01:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00C05FDC-E8A6-11E0-9659-0014A52CF965}.dat
+ 2011-09-26 22:22 . 2011-09-26 22:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00AD3ED2-E88E-11E0-9659-0014A52CF965}.dat
+ 2011-09-09 23:28 . 2011-09-27 00:54 983040 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2006-01-10 13:43 . 2011-09-27 01:25 163840 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-27 00:25 . 2011-09-27 00:29 104960 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{260BEDF8-E89F-11E0-9659-0014A52CF965}.dat
- 2011-03-03 00:33 . 2011-09-15 06:37 7700480 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-03 00:33 . 2011-09-27 01:25 7700480 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-26 01:03 . 2010-04-21 01:32 14194624 c:\windows\SoftwareDistribution\Download\Install\NDP1.1sp1-KB979906-X86.exe
+ 2011-09-27 01:11 . 2011-09-27 01:11 17456640 c:\windows\Installer\a12637.msp
+ 2011-09-26 13:18 . 2011-09-26 13:18 17456640 c:\windows\Installer\3c9a233.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit1.dll" [2011-03-10 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-10 21:46 3911776 -c--a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-10 21:46 3911776 -c--a-w- c:\program files\BitTorrentBar\tbBit1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit1.dll" [2011-03-10 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-03-10 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBit1.dll" [2011-03-10 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 397312]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFEQ04tVFFMVFktQUJBQk8tQVNNVDctSkNLRlctTA&inst=NzYtOTIyNzU3NjU5LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=94&ver=2012.0.1809&mid=7ee8af08d1c847d1b5fdd15de3c81096-68b11d9d0276f02b5b6ed447f2f1883d53ddb191" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Sergio\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/31/2011 2:23 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2011 2:23 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2011 2:23 PM 20568]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [8/19/2011 6:24 AM 2399560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/29/2008 10:41 PM 366152]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/2/2005 6:33 PM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/29/2008 10:41 PM 22216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/1/2011 6:16 AM 5265248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [6/3/2010 7:41 PM 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [6/3/2010 7:41 PM 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [6/3/2010 7:41 PM 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [6/3/2010 7:41 PM 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [6/3/2010 7:41 PM 115216]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [6/3/2010 7:41 PM 160400]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2011 9:08 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2011 9:08 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2011-09-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-06-10 14:25]
.
2011-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-25 22:33]
.
2010-02-07 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-14 10:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Sergio\Application Data\Mozilla\Firefox\Profiles\o3bxvhpl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 19:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
c:\program files\Internet Explorer\iexplore.exe [2756] 0x8213E930
c:\program files\Internet Explorer\iexplore.exe [2860] 0x8212FBB0
c:\program files\Internet Explorer\iexplore.exe [3384] 0x8214A248
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?7?6??p???? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,e2,fd,ff,c3,73,f2,48,80,b6,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,e2,fd,ff,c3,73,f2,48,80,b6,ac,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3984)
c:\windows\system32\WININET.dll
c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-26 20:06:57
ComboFix-quarantined-files.txt 2011-09-27 02:06
ComboFix2.txt 2011-09-26 07:28
.
Pre-Run: 32,269,627,392 bytes free
Post-Run: 32,854,970,368 bytes free
.
- - End Of File - - BE67268E5535AF79ED912C0587202937

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 27 September 2011 - 08:54 AM

Greetings GreenKnight1029



:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: avast! Antivirus

AV: Norton Internet Security 2006

AV: Trend Micro OfficeScan Antivirus


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GreenKnight1029

GreenKnight1029
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 27 September 2011 - 05:01 PM

Hello Gringo.

You're absolutely right. I'm using to many anti-virus utilities. When I initially got this computer infection, I downloaded many utilities hoping one would fix the issue. And some I thought I had already removed a while back. I will be removing them again.

TDSSKiller did find one infected file. I selected cure and the computer rebooted. The log is below:

Windows directory: C:\WINDOWS
12:02:34.0890 2504 System windows directory: C:\WINDOWS
12:02:36.0796 2504 Processor architecture: Intel x86
12:02:36.0796 2504 Number of processors: 1
12:02:36.0796 2504 Page size: 0x1000
12:02:36.0796 2504 Boot type: Normal boot
12:02:36.0796 2504 ============================================================
12:03:00.0593 2504 Initialize success
12:03:24.0828 3972 ============================================================
12:03:24.0828 3972 Scan started
12:03:24.0828 3972 Mode: Manual;
12:03:24.0828 3972 ============================================================
12:03:27.0078 3972 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:03:27.0265 3972 Aavmker4 - ok
12:03:28.0281 3972 Abiosdsk - ok
12:03:29.0000 3972 abp480n5 - ok
12:03:30.0046 3972 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:03:30.0218 3972 ACPI - ok
12:03:31.0046 3972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:03:31.0062 3972 ACPIEC - ok
12:03:32.0015 3972 adpu160m - ok
12:03:33.0093 3972 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
12:03:33.0203 3972 aec - ok
12:03:34.0328 3972 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:03:34.0453 3972 AFD - ok
12:03:35.0218 3972 Aha154x - ok
12:03:36.0281 3972 aic78u2 - ok
12:03:36.0953 3972 aic78xx - ok
12:03:37.0765 3972 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:03:37.0828 3972 AliIde - ok
12:03:38.0828 3972 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:03:38.0875 3972 AmdK8 - ok
12:03:39.0640 3972 amsint - ok
12:03:40.0468 3972 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:03:40.0562 3972 Arp1394 - ok
12:03:41.0578 3972 asc - ok
12:03:42.0406 3972 asc3350p - ok
12:03:43.0390 3972 asc3550 - ok
12:03:44.0437 3972 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:03:44.0468 3972 aswFsBlk - ok
12:03:45.0468 3972 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
12:03:45.0578 3972 aswMon2 - ok
12:03:46.0531 3972 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
12:03:46.0578 3972 aswRdr - ok
12:03:47.0765 3972 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
12:03:48.0203 3972 aswSnx - ok
12:03:49.0343 3972 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
12:03:49.0656 3972 aswSP - ok
12:03:50.0656 3972 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
12:03:50.0781 3972 aswTdi - ok
12:03:51.0968 3972 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:03:52.0000 3972 AsyncMac - ok
12:03:52.0875 3972 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:03:52.0875 3972 atapi - ok
12:03:53.0812 3972 Atdisk - ok
12:03:56.0156 3972 ati2mtag (bf278c2d512ef0d2748cdac641bb9649) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:03:57.0265 3972 ati2mtag - ok
12:03:58.0703 3972 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:03:58.0843 3972 Atmarpc - ok
12:04:00.0234 3972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:04:00.0234 3972 audstub - ok
12:04:05.0875 3972 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:04:08.0531 3972 BCM43XX - ok
12:04:10.0218 3972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:04:10.0593 3972 Beep - ok
12:04:13.0828 3972 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\WINDOWS\system32\drivers\BMLoad.sys
12:04:14.0078 3972 BMLoad - ok
12:04:16.0546 3972 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys
12:04:16.0781 3972 CAMCAUD - ok
12:04:19.0531 3972 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys
12:04:19.0781 3972 CAMCHALA - ok
12:04:20.0609 3972 catchme - ok
12:04:23.0296 3972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:04:23.0546 3972 cbidf2k - ok
12:04:24.0906 3972 cd20xrnt - ok
12:04:26.0593 3972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:04:26.0625 3972 Cdaudio - ok
12:04:27.0906 3972 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:04:28.0187 3972 Cdfs - ok
12:04:29.0453 3972 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:04:29.0796 3972 Cdrom - ok
12:04:30.0906 3972 Changer - ok
12:04:32.0421 3972 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:04:32.0500 3972 CmBatt - ok
12:04:33.0781 3972 CmdIde - ok
12:04:34.0890 3972 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:04:34.0984 3972 Compbatt - ok
12:04:35.0781 3972 Cpqarray - ok
12:04:36.0453 3972 dac2w2k - ok
12:04:37.0156 3972 dac960nt - ok
12:04:37.0906 3972 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:04:37.0953 3972 Disk - ok
12:04:39.0593 3972 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:04:39.0937 3972 dmboot - ok
12:04:41.0484 3972 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:04:41.0625 3972 dmio - ok
12:04:42.0859 3972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:04:42.0968 3972 dmload - ok
12:04:44.0421 3972 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:04:44.0546 3972 DMusic - ok
12:04:45.0656 3972 dpti2o - ok
12:04:46.0468 3972 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:04:46.0484 3972 drmkaud - ok
12:04:47.0578 3972 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
12:04:47.0640 3972 eabfiltr - ok
12:04:49.0125 3972 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
12:04:49.0281 3972 eabusb - ok
12:04:49.0625 3972 eeCtrl - ok
12:04:49.0687 3972 EraserUtilRebootDrv - ok
12:04:51.0125 3972 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:04:51.0281 3972 Fastfat - ok
12:04:52.0140 3972 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:04:52.0187 3972 Fdc - ok
12:04:53.0046 3972 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:04:53.0187 3972 Fips - ok
12:04:54.0328 3972 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:04:54.0359 3972 Flpydisk - ok
12:04:55.0609 3972 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
12:04:55.0734 3972 FltMgr - ok
12:04:56.0515 3972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:04:56.0531 3972 Fs_Rec - ok
12:04:57.0500 3972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:04:57.0578 3972 Ftdisk - ok
12:04:58.0468 3972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:04:58.0500 3972 GEARAspiWDM - ok
12:04:59.0703 3972 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:04:59.0812 3972 Gpc - ok
12:05:01.0093 3972 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:01.0171 3972 HidUsb - ok
12:05:02.0156 3972 hpn - ok
12:05:03.0265 3972 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:05:03.0359 3972 HPZid412 - ok
12:05:04.0125 3972 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:05:04.0171 3972 HPZipr12 - ok
12:05:05.0093 3972 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:05:05.0125 3972 HPZius12 - ok
12:05:06.0078 3972 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
12:05:06.0250 3972 HSFHWATI - ok
12:05:08.0000 3972 HSF_DP (9aa69bd3377b13dd68a63c7e816ceab1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:05:08.0828 3972 HSF_DP - ok
12:05:10.0390 3972 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:05:11.0140 3972 HSF_DPV - ok
12:05:12.0562 3972 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:12.0828 3972 HTTP - ok
12:05:13.0671 3972 i2omgmt - ok
12:05:14.0390 3972 i2omp - ok
12:05:15.0484 3972 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:05:15.0531 3972 i8042prt - ok
12:05:16.0421 3972 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:16.0531 3972 Imapi - ok
12:05:17.0296 3972 ini910u - ok
12:05:18.0203 3972 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:05:18.0281 3972 IntelIde - ok
12:05:19.0546 3972 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
12:05:19.0593 3972 Ip6Fw - ok
12:05:20.0390 3972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:20.0421 3972 IpFilterDriver - ok
12:05:21.0250 3972 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:21.0281 3972 IpInIp - ok
12:05:22.0093 3972 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:22.0171 3972 IpNat - ok
12:05:23.0578 3972 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:23.0640 3972 IPSec - ok
12:05:24.0828 3972 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:24.0937 3972 IRENUM - ok
12:05:25.0953 3972 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:26.0078 3972 isapnp - ok
12:05:27.0265 3972 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:27.0296 3972 Kbdclass - ok
12:05:28.0359 3972 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
12:05:28.0500 3972 kmixer - ok
12:05:29.0859 3972 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:29.0953 3972 KSecDD - ok
12:05:30.0921 3972 lbrtfdc - ok
12:05:31.0921 3972 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
12:05:32.0000 3972 MBAMProtector - ok
12:05:32.0796 3972 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:05:32.0812 3972 mdmxsdk - ok
12:05:33.0953 3972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:33.0968 3972 mnmdd - ok
12:05:34.0812 3972 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:05:34.0890 3972 Modem - ok
12:05:35.0609 3972 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:35.0656 3972 Mouclass - ok
12:05:36.0515 3972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:36.0593 3972 mouhid - ok
12:05:37.0562 3972 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:37.0765 3972 MountMgr - ok
12:05:38.0609 3972 mraid35x - ok
12:05:39.0718 3972 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:39.0875 3972 MRxDAV - ok
12:05:41.0171 3972 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:41.0515 3972 MRxSmb - ok
12:05:42.0453 3972 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:05:42.0468 3972 Msfs - ok
12:05:43.0500 3972 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:43.0515 3972 MSKSSRV - ok
12:05:44.0531 3972 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:44.0546 3972 MSPCLOCK - ok
12:05:45.0296 3972 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:45.0312 3972 MSPQM - ok
12:05:46.0046 3972 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:46.0062 3972 mssmbios - ok
12:05:46.0953 3972 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:05:47.0062 3972 Mup - ok
12:05:48.0093 3972 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:05:48.0281 3972 NDIS - ok
12:05:49.0171 3972 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:49.0171 3972 NdisTapi - ok
12:05:50.0078 3972 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:50.0093 3972 Ndisuio - ok
12:05:50.0937 3972 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:51.0046 3972 NdisWan - ok
12:05:51.0828 3972 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:51.0875 3972 NDProxy - ok
12:05:52.0609 3972 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:52.0656 3972 NetBIOS - ok
12:05:53.0859 3972 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:53.0984 3972 NetBT - ok
12:05:54.0859 3972 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:05:54.0906 3972 NIC1394 - ok
12:05:55.0734 3972 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:05:55.0765 3972 Npfs - ok
12:05:57.0093 3972 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:57.0609 3972 Ntfs - ok
12:05:58.0468 3972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:05:58.0484 3972 Null - ok
12:05:59.0296 3972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:59.0312 3972 NwlnkFlt - ok
12:06:00.0125 3972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:06:00.0156 3972 NwlnkFwd - ok
12:06:01.0000 3972 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:06:01.0062 3972 ohci1394 - ok
12:06:02.0093 3972 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
12:06:02.0203 3972 Parport - ok
12:06:03.0109 3972 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:06:03.0125 3972 PartMgr - ok
12:06:04.0062 3972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:06:04.0093 3972 ParVdm - ok
12:06:05.0015 3972 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:06:05.0093 3972 PCI - ok
12:06:05.0875 3972 PCIDump - ok
12:06:06.0625 3972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:06:06.0640 3972 PCIIde - ok
12:06:07.0593 3972 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:06:07.0687 3972 Pcmcia - ok
12:06:08.0359 3972 PDCOMP - ok
12:06:09.0093 3972 PDFRAME - ok
12:06:09.0859 3972 PDRELI - ok
12:06:10.0578 3972 PDRFRAME - ok
12:06:11.0265 3972 perc2 - ok
12:06:11.0953 3972 perc2hib - ok
12:06:12.0859 3972 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:06:12.0937 3972 PptpMiniport - ok
12:06:13.0906 3972 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
12:06:13.0968 3972 Processor - ok
12:06:14.0875 3972 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:06:15.0046 3972 PSched - ok
12:06:16.0046 3972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:06:16.0109 3972 Ptilink - ok
12:06:17.0046 3972 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys
12:06:17.0109 3972 PTUMWBus - ok
12:06:17.0968 3972 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\WINDOWS\system32\DRIVERS\PTUMWCDF.sys
12:06:18.0015 3972 PTUMWCDF - ok
12:06:18.0750 3972 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys
12:06:18.0796 3972 PTUMWFLT - ok
12:06:19.0734 3972 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys
12:06:19.0875 3972 PTUMWMdm - ok
12:06:20.0718 3972 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys
12:06:20.0859 3972 PTUMWNET - ok
12:06:21.0796 3972 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys
12:06:21.0875 3972 PTUMWVsp - ok
12:06:22.0750 3972 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:06:22.0921 3972 PxHelp20 - ok
12:06:24.0078 3972 ql1080 - ok
12:06:24.0781 3972 Ql10wnt - ok
12:06:25.0671 3972 ql12160 - ok
12:06:26.0390 3972 ql1240 - ok
12:06:27.0187 3972 ql1280 - ok
12:06:28.0000 3972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:06:28.0078 3972 RasAcd - ok
12:06:29.0093 3972 Rasirda - ok
12:06:30.0156 3972 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:06:30.0218 3972 Rasl2tp - ok
12:06:31.0062 3972 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:06:31.0234 3972 RasPppoe - ok
12:06:31.0984 3972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:06:32.0218 3972 Raspti - ok
12:06:33.0171 3972 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:06:33.0484 3972 Rdbss - ok
12:06:34.0406 3972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:06:34.0421 3972 RDPCDD - ok
12:06:35.0500 3972 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:06:35.0656 3972 RDPWD - ok
12:06:36.0531 3972 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:06:36.0593 3972 redbook - ok
12:06:38.0734 3972 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:06:38.0968 3972 RTL8023xp - ok
12:06:39.0078 3972 SAVRT - ok
12:06:39.0140 3972 SAVRTPEL - ok
12:06:40.0437 3972 SbcpHid (aaf28ab6effd8990bfe20398e92f101e) C:\WINDOWS\system32\Drivers\SbcpHid.sys
12:06:40.0546 3972 SbcpHid - ok
12:06:41.0750 3972 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:06:41.0937 3972 sdbus - ok
12:06:43.0203 3972 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:06:43.0390 3972 Secdrv - ok
12:06:45.0218 3972 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:06:45.0515 3972 serenum - ok
12:06:47.0062 3972 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
12:06:47.0218 3972 Serial - ok
12:06:48.0031 3972 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:06:48.0062 3972 Sfloppy - ok
12:06:48.0859 3972 Simbad - ok
12:06:49.0843 3972 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
12:06:51.0031 3972 SMCIRDA - ok
12:06:52.0156 3972 Sparrow - ok
12:06:52.0734 3972 SPBBCDrv - ok
12:06:53.0718 3972 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:06:53.0828 3972 splitter - ok
12:06:54.0984 3972 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:06:55.0093 3972 sr - ok
12:06:56.0421 3972 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:06:56.0828 3972 Srv - ok
12:06:58.0812 3972 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:06:59.0062 3972 swenum - ok
12:07:02.0171 3972 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:07:02.0281 3972 swmidi - ok
12:07:03.0656 3972 symc810 - ok
12:07:05.0187 3972 symc8xx - ok
12:07:05.0953 3972 SYMDNS - ok
12:07:06.0640 3972 SymEvent - ok
12:07:07.0609 3972 SYMFW - ok
12:07:08.0625 3972 SYMIDS - ok
12:07:09.0593 3972 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
12:07:13.0953 3972 symlcbrd - ok
12:07:15.0796 3972 SYMNDIS - ok
12:07:17.0734 3972 SYMREDRV - ok
12:07:19.0281 3972 SYMTDI - ok
12:07:20.0625 3972 sym_hi - ok
12:07:21.0671 3972 sym_u3 - ok
12:07:22.0875 3972 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:07:23.0171 3972 SynTP - ok
12:07:24.0796 3972 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:07:24.0937 3972 sysaudio - ok
12:07:26.0812 3972 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:07:30.0328 3972 Tcpip - ok
12:07:33.0296 3972 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
12:07:34.0578 3972 tcpipBM - ok
12:07:36.0656 3972 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:07:36.0734 3972 TDPIPE - ok
12:07:38.0750 3972 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:07:38.0937 3972 TDTCP - ok
12:07:41.0000 3972 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:07:41.0140 3972 TermDD - ok
12:07:44.0203 3972 tifm21 (2448935e1cf84b0341a24a17908c7311) C:\WINDOWS\system32\drivers\tifm21.sys
12:07:44.0734 3972 tifm21 - ok
12:07:47.0500 3972 TosIde - ok
12:07:50.0125 3972 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:07:50.0187 3972 Udfs - ok
12:07:51.0859 3972 ultra - ok
12:07:53.0250 3972 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:07:53.0484 3972 Update - ok
12:07:55.0062 3972 USBAAPL - ok
12:07:57.0515 3972 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:07:58.0046 3972 usbccgp - ok
12:08:00.0718 3972 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:00.0796 3972 usbehci - ok
12:08:02.0531 3972 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:02.0734 3972 usbhub - ok
12:08:04.0218 3972 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:08:04.0453 3972 usbohci - ok
12:08:06.0109 3972 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:08:06.0218 3972 usbprint - ok
12:08:07.0437 3972 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:08:07.0546 3972 usbscan - ok
12:08:08.0625 3972 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:08.0734 3972 USBSTOR - ok
12:08:09.0812 3972 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:09.0875 3972 usbuhci - ok
12:08:10.0640 3972 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:08:10.0687 3972 VgaSave - ok
12:08:11.0656 3972 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:08:11.0703 3972 ViaIde - ok
12:08:12.0484 3972 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:12.0546 3972 VolSnap - ok
12:08:13.0359 3972 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:13.0468 3972 Wanarp - ok
12:08:14.0343 3972 wanatw - ok
12:08:15.0046 3972 WDICA - ok
12:08:16.0000 3972 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:16.0062 3972 wdmaud - ok
12:08:18.0265 3972 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:08:19.0656 3972 winachsf - ok
12:08:21.0109 3972 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:08:21.0312 3972 WmiAcpi - ok
12:08:23.0000 3972 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:08:23.0156 3972 WpdUsb - ok
12:08:24.0921 3972 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:08:25.0062 3972 WS2IFSL - ok
12:08:26.0468 3972 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:08:26.0593 3972 WudfPf - ok
12:08:28.0312 3972 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:08:28.0453 3972 WudfRd - ok
12:08:28.0875 3972 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
12:08:29.0125 3972 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
12:08:29.0125 3972 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
12:08:29.0265 3972 Boot (0x1200) (dbb964c5d5892ab5ea726e8bb5f162f4) \Device\Harddisk0\DR0\Partition0
12:08:29.0296 3972 \Device\Harddisk0\DR0\Partition0 - ok
12:08:29.0312 3972 ============================================================
12:08:29.0312 3972 Scan finished
12:08:29.0312 3972 ============================================================
12:08:29.0343 0472 Detected object count: 1
12:08:29.0343 0472 Actual detected object count: 1
12:09:06.0687 0472 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
12:09:06.0703 0472 \Device\Harddisk0\DR0 - ok
12:09:06.0703 0472 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
12:09:31.0234 0356 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 27 September 2011 - 07:02 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Conduit
c:\windows\system32\config\systemprofile\Local Settings\Application Data\BitTorrentBar

DDS::
uInternet Settings,ProxyOverride = <local>;*.local


Firefox::
FF - ProfilePath - c:\documents and settings\Sergio\Application Data\Mozilla\Firefox\Profiles\o3bxvhpl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GreenKnight1029

GreenKnight1029
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 28 September 2011 - 12:27 AM

Hello Gringo, Thank you for your continued assistance.

I dropped the CFScript into Combofix and ran the scan.I attempted many times to copy and paste the log into this box, but kept getting a message that my post was too long. So, I attached the log to this post instead. A partial log is below (and the full log is attached):
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

+ 2011-09-27 13:15 . 2011-09-27 13:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCFD5F43-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:15 . 2011-09-27 13:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCFD5F42-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:25 . 2011-09-27 17:25 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCD0D95E-E92D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:54 . 2011-09-27 09:58 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BC3EF83E-E8EE-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:58 . 2011-09-27 05:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBD6497C-E8CD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:04 . 2011-09-27 17:06 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BB5908ED-E92A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:04 . 2011-09-27 17:04 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BB5908EC-E92A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:23 . 2011-09-27 10:26 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BA8F0B42-E8F2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:47 . 2011-09-27 09:54 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B9AA0D1C-E8ED-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:24 . 2011-09-27 15:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B93E6007-E91C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:24 . 2011-09-27 15:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B93E6006-E91C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:09 . 2011-09-27 15:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B920C44E-E91A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B841C32A-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B841C329-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B841C328-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:33 . 2011-09-27 14:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B7A7F45C-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:03 . 2011-09-27 12:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B692723C-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:11 . 2011-09-27 17:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B66EAF0C-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:15 . 2011-09-27 13:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B30B0FCB-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:14 . 2011-09-27 13:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B30B0FCA-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 01:54 . 2011-09-27 01:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B28F5C4A-E8AB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:56 . 2011-09-27 11:58 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B28BFA9C-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:52 . 2011-09-27 07:54 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B267F04C-E8DD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:47 . 2011-09-27 09:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B249C6AE-E8ED-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:47 . 2011-09-27 09:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B249C6AD-E8ED-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:47 . 2011-09-27 09:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B249C6AC-E8ED-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:25 . 2011-09-27 09:31 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B144671A-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:33 . 2011-09-27 14:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B06DD38D-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:33 . 2011-09-27 14:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B06DD38C-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AFCCEBF1-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AFCCEBF0-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:43 . 2011-09-27 13:45 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AF36C5F4-E90E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:43 . 2011-09-27 13:43 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AF36C5F3-E90E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:43 . 2011-09-27 13:43 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AF36C5F2-E90E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:06 . 2011-09-27 16:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AEFB9CC1-E922-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:06 . 2011-09-27 16:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AEFB9CC0-E922-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:18 . 2011-09-27 17:24 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AD6B4A7D-E92C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:18 . 2011-09-27 17:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AD6B4A7C-E92C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:25 . 2011-09-27 17:25 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AD53F2B8-E92D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:56 . 2011-09-27 11:56 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB70D85F-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:56 . 2011-09-27 11:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB70D85E-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:15 . 2011-09-27 10:17 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A83F3C56-E8F1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A74C28F7-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:59 . 2011-09-27 15:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A74C28F6-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:04 . 2011-09-27 09:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A58DFBF0-E8E7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:07 . 2011-09-27 05:10 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A5339B4A-E8C6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:55 . 2011-09-27 11:55 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A45353C7-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:55 . 2011-09-27 11:55 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A45353C6-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:30 . 2011-09-27 15:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A3D5A188-E91D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:08 . 2011-09-27 18:09 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A3C8C485-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:08 . 2011-09-27 18:08 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A3C8C484-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:53 . 2011-09-27 17:55 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A338B7EC-E931-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:01 . 2011-09-27 15:02 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A228DD9A-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:25 . 2011-09-27 17:25 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A16830B8-E92D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:10 . 2011-09-27 17:12 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A145D04D-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:10 . 2011-09-27 17:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A145D04C-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:43 . 2011-09-27 05:43 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A0D7EB28-E8CB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:56 . 2011-09-27 17:01 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A0A5133F-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:56 . 2011-09-27 16:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A0A5133E-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:40 . 2011-09-27 14:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9F41E304-E916-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:03 . 2011-09-27 09:03 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E563D7B-E8E7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:03 . 2011-09-27 09:03 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E563D7A-E8E7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:40 . 2011-09-27 06:42 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E4056B9-E8D3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:40 . 2011-09-27 06:40 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E4056B8-E8D3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:37 . 2011-09-27 07:38 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E0192E0-E8DB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:54 . 2011-09-27 06:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9D175046-E8D5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:00 . 2011-09-27 05:01 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9C8E954A-E8C5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:30 . 2011-09-27 15:30 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9C054C94-E91D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:30 . 2011-09-27 15:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9C054C93-E91D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:30 . 2011-09-27 15:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9C054C92-E91D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:29 . 2011-09-27 10:35 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9BB4BC49-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:29 . 2011-09-27 10:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9BB4BC48-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:01 . 2011-09-27 15:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9AF3817F-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:01 . 2011-09-27 15:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9AF3817E-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:10 . 2011-09-27 17:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99D014B3-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:10 . 2011-09-27 17:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99D014B2-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:00 . 2011-09-27 18:02 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99C2E27C-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:39 . 2011-09-27 09:40 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99A97D64-E8EC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:24 . 2011-09-27 17:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9959DE9E-E92D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:21 . 2011-09-27 13:21 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99205F25-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:21 . 2011-09-27 13:21 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99205F24-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:07 . 2011-09-27 18:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{98ECCE99-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:07 . 2011-09-27 18:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{98ECCE98-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 04:38 . 2011-09-27 04:38 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{98576F22-E8C2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:41 . 2011-09-27 11:42 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{973C8C55-E8FD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:41 . 2011-09-27 11:41 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{973C8C54-E8FD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:09 . 2011-09-27 12:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{96F96722-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:57 . 2011-09-27 05:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{96EB5FE5-E8CD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:57 . 2011-09-27 05:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{96EB5FE4-E8CD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:31 . 2011-09-27 17:33 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{953C8EFA-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:18 . 2011-09-27 14:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{95317814-E913-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:56 . 2011-09-27 08:58 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{94636E42-E8E6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:51 . 2011-09-27 02:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{938417D6-E8B3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:51 . 2011-09-27 02:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{938417D5-E8B3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:51 . 2011-09-27 02:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{938417D4-E8B3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:24 . 2011-09-27 17:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{934E8874-E92D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 03:27 . 2011-09-27 03:27 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{933A4B54-E8B8-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:29 . 2011-09-27 10:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{932348D9-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:29 . 2011-09-27 10:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{932348D8-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:34 . 2011-09-27 16:35 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{92878960-E926-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:10 . 2011-09-27 17:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{927BBA05-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:10 . 2011-09-27 17:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{927BBA04-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:30 . 2011-09-27 07:31 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90D11151-E8DA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:30 . 2011-09-27 07:30 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90D11150-E8DA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:00 . 2011-09-27 18:00 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90882817-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:00 . 2011-09-27 18:00 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90882816-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:58 . 2011-09-27 07:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8DF4BC08-E8DE-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:31 . 2011-09-27 17:31 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D8D9AF1-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:31 . 2011-09-27 17:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D8D9AF0-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:41 . 2011-09-27 16:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D1A0E2B-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:41 . 2011-09-27 16:41 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D1A0E2A-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:33 . 2011-09-27 11:35 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D1084AD-E8FC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:33 . 2011-09-27 11:33 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D1084AC-E8FC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:44 . 2011-09-27 15:46 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CA39F4B-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:44 . 2011-09-27 15:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CA39F4A-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:27 . 2011-09-27 08:27 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8B291736-E8E2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:07 . 2011-09-27 18:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8AFE10A8-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:17 . 2011-09-27 09:20 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A5601D3-E8E9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:17 . 2011-09-27 09:17 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A5601D2-E8E9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:50 . 2011-09-27 05:52 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8932F84A-E8CC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:18 . 2011-09-27 14:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89245529-E913-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:18 . 2011-09-27 14:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89245528-E913-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:30 . 2011-09-27 12:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8848A79E-E904-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:31 . 2011-09-27 09:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{87DF3228-E8EB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:19 . 2011-09-27 11:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{87101AC4-E8FA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:00 . 2011-09-27 18:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{868EB192-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:00 . 2011-09-27 18:00 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{868EB191-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:00 . 2011-09-27 18:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{868EB190-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:28 . 2011-09-27 05:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85F3C6B2-E8C9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:33 . 2011-09-27 11:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85F09DBB-E8FC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:33 . 2011-09-27 11:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85F09DBA-E8FC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 04:31 . 2011-09-27 04:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85CE67C6-E8C1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:44 . 2011-09-27 15:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8577CC97-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:44 . 2011-09-27 15:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8577CC96-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:41 . 2011-09-27 16:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8568B7C7-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:41 . 2011-09-27 16:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8568B7C6-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:03 . 2011-09-27 14:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85058644-E911-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:59 . 2011-09-27 13:02 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84AB33DD-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:59 . 2011-09-27 12:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84AB33DC-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:09 . 2011-09-27 12:10 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84924073-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:09 . 2011-09-27 12:09 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84924072-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:31 . 2011-09-27 09:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{80CFFBAD-E8EB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:31 . 2011-09-27 09:31 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{80CFFBAC-E8EB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:37 . 2011-09-27 12:37 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7FAE2A86-E905-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:07 . 2011-09-27 18:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F9C970C-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:41 . 2011-09-27 16:41 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F5FC3F7-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:41 . 2011-09-27 16:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7F5FC3F6-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:48 . 2011-09-27 16:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7EEDD2D6-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:43 . 2011-09-27 15:43 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E38E713-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:43 . 2011-09-27 15:43 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E38E712-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:23 . 2011-09-27 12:29 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7DFB3F0B-E903-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:23 . 2011-09-27 12:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7DFB3F0A-E903-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:14 . 2011-09-27 05:19 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7DE6D773-E8C7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:13 . 2011-09-27 05:13 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7DE6D772-E8C7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:50 . 2011-09-27 15:54 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7DB6457C-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:10 . 2011-09-27 09:14 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7CA25EED-E8E8-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:10 . 2011-09-27 09:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7CA25EEC-E8E8-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:59 . 2011-09-27 12:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7BF5FD28-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:59 . 2011-09-27 12:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7BF5FD27-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:59 . 2011-09-27 12:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7BF5FD26-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:12 . 2011-09-27 16:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7BE2157A-E923-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:00 . 2011-09-27 10:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B6FEB78-E8EF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:19 . 2011-09-27 16:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A94CC02-E924-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:11 . 2011-09-27 11:14 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A29821A-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:24 . 2011-09-27 09:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A1D4127-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:24 . 2011-09-27 09:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A1D4126-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:48 . 2011-09-27 08:53 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{78B521AA-E8E5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:48 . 2011-09-27 16:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{77B14FAD-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:48 . 2011-09-27 16:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{77B14FAC-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:06 . 2011-09-27 18:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{76FA7327-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:06 . 2011-09-27 18:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{76FA7326-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:23 . 2011-09-27 12:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{768F0CDA-E903-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:23 . 2011-09-27 12:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{768F0CD9-E903-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:23 . 2011-09-27 12:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{768F0CD8-E903-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:32 . 2011-09-27 14:33 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7601D433-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:32 . 2011-09-27 14:32 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7601D432-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:50 . 2011-09-27 15:50 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75711D4D-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:50 . 2011-09-27 15:50 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75711D4C-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:14 . 2011-09-27 10:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7442B5EA-E8F1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:45 . 2011-09-27 17:45 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7415DAEA-E930-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:57 . 2011-09-27 11:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73ED7D68-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:59 . 2011-09-27 12:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73E7AB0D-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:58 . 2011-09-27 12:58 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73E7AB0C-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:06 . 2011-09-27 13:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73165BDC-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:24 . 2011-09-27 09:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7306E39D-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:24 . 2011-09-27 09:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7306E39C-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:11 . 2011-09-27 11:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{72605433-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:11 . 2011-09-27 11:11 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{72605432-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:06 . 2011-09-27 18:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{70FD6B18-E933-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:47 . 2011-09-27 16:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6FFD96F0-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:47 . 2011-09-27 16:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6FFD96EF-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:47 . 2011-09-27 16:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6FFD96EE-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:43 . 2011-09-27 07:45 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E3B331D-E8DC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:43 . 2011-09-27 07:43 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E3B331C-E8DC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:57 . 2011-09-27 02:57 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C45A218-E8B4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:57 . 2011-09-27 10:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C2B7690-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:57 . 2011-09-27 10:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C2B768F-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:57 . 2011-09-27 10:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C2B768E-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:24 . 2011-09-27 09:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6BE6FCAB-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:23 . 2011-09-27 09:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6BE6FCAA-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:06 . 2011-09-27 10:09 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A43FAF1-E8F0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:06 . 2011-09-27 10:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A43FAF0-E8F0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:10 . 2011-09-27 14:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A254368-E912-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:58 . 2011-09-27 12:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{69985FDE-E908-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:47 . 2011-09-27 16:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{689D507F-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:47 . 2011-09-27 16:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{689D507E-E928-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:02 . 2011-09-27 09:03 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{67D399C8-E8E7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:36 . 2011-09-27 07:37 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{677C8CD4-E8DB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:40 . 2011-09-27 08:42 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66D2FEEB-E8E4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:40 . 2011-09-27 08:40 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66D2FEEA-E8E4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:19 . 2011-09-27 13:20 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{65289D6C-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{63308DBE-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:06 . 2011-09-27 10:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{62D7C8C0-E8F0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:06 . 2011-09-27 10:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{62D7C8BF-E8F0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:06 . 2011-09-27 10:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{62D7C8BE-E8F0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:28 . 2011-09-27 10:29 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{618B7EC6-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:15 . 2011-09-27 12:17 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5F05B6B3-E902-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:15 . 2011-09-27 12:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5F05B6B2-E902-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:24 . 2011-09-27 06:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E54AC72-E8D1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:51 . 2011-09-27 12:55 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D7A0CBC-E907-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:33 . 2011-09-27 08:39 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D2EDD4D-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:33 . 2011-09-27 08:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D2EDD4C-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:19 . 2011-09-27 13:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D001175-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:19 . 2011-09-27 13:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D001174-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:59 . 2011-09-27 10:06 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5CDF05A6-E8EF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:59 . 2011-09-27 09:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5CDF05A5-E8EF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:59 . 2011-09-27 09:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5CDF05A4-E8EF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A4E0A5C-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A4E0A5B-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A4E0A5A-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:54 . 2011-09-27 08:56 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A4AE137-E8E6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:54 . 2011-09-27 08:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A4AE136-E8E6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:55 . 2011-09-27 13:58 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A1F7738-E910-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:28 . 2011-09-27 07:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{597A3C54-E8DA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:32 . 2011-09-27 11:32 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{57693952-E8FC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:08 . 2011-09-27 17:10 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5749D77E-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:08 . 2011-09-27 17:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5749D77D-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:08 . 2011-09-27 17:08 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5749D77C-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:30 . 2011-09-27 17:31 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{56BEABFE-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:33 . 2011-09-27 08:33 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{55F98131-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:33 . 2011-09-27 08:33 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{55F98130-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:59 . 2011-09-27 09:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{55BF1EB3-E8EF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:59 . 2011-09-27 09:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{55BF1EB2-E8EF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:38 . 2011-09-27 14:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54EDB333-E916-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:38 . 2011-09-27 14:43 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54EDB332-E916-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:16 . 2011-09-27 09:17 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53D35E20-E8E9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:06 . 2011-09-27 15:09 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53BE8532-E91A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:19 . 2011-09-27 13:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53A6587D-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:19 . 2011-09-27 13:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53A6587C-E90B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:20 . 2011-09-27 10:22 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53A5CA7E-E8F2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:44 . 2011-09-27 17:46 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{536EE657-E930-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:44 . 2011-09-27 17:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{536EE656-E930-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:56 . 2011-09-27 02:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{524C2396-E8B4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5201BB1D-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5201BB1C-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:29 . 2011-09-27 12:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{512D6D6D-E904-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:29 . 2011-09-27 12:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{512D6D6C-E904-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 04:58 . 2011-09-27 04:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{50D72716-E8C5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:08 . 2011-09-27 17:08 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FCCF4D5-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:08 . 2011-09-27 17:08 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FCCF4D4-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:30 . 2011-09-27 17:30 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4EFA42CB-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:29 . 2011-09-27 17:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4EFA42CA-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:02 . 2011-09-27 14:03 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E79592A-E911-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:07 . 2011-09-27 12:09 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E0AD80D-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:07 . 2011-09-27 12:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E0AD80C-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:16 . 2011-09-27 09:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4CBA9E3D-E8E9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:15 . 2011-09-27 09:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4CBA9E3C-E8E9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:06 . 2011-09-27 15:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4A13BC47-E91A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:06 . 2011-09-27 15:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4A13BC46-E91A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:05 . 2011-09-27 13:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{49EEA44F-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:04 . 2011-09-27 13:04 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{49EEA44E-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:07 . 2011-09-27 12:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{46ED5375-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:07 . 2011-09-27 12:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{46ED5374-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:41 . 2011-09-27 10:46 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{46D90859-E8F5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:41 . 2011-09-27 10:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{46D90858-E8F5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:18 . 2011-09-27 16:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{45E57538-E924-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:40 . 2011-09-27 13:42 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{45A3A4A2-E90E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:36 . 2011-09-27 12:37 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{456850CD-E905-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:36 . 2011-09-27 12:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{456850CC-E905-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:44 . 2011-09-27 09:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44F5D1AF-E8ED-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:44 . 2011-09-27 09:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44F5D1AE-E8ED-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:10 . 2011-09-27 16:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4291CDF6-E923-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:04 . 2011-09-27 13:04 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4147BBB5-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:04 . 2011-09-27 13:04 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4147BBB4-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:27 . 2011-09-27 02:35 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4057D120-E8B0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:03 . 2011-09-27 16:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3FF0F714-E922-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:03 . 2011-09-27 16:03 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3FF0F713-E922-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:03 . 2011-09-27 16:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3FF0F712-E922-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:07 . 2011-09-27 12:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3F72D327-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:07 . 2011-09-27 12:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3F72D326-E901-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:12 . 2011-09-27 05:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3EE5D321-E8C7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:12 . 2011-09-27 05:12 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3EE5D320-E8C7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:33 . 2011-09-27 13:38 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E80DB96-E90D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:51 . 2011-09-27 14:51 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3D65DC4D-E918-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:51 . 2011-09-27 14:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3D65DC4C-E918-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:10 . 2011-09-27 11:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3B23B915-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:09 . 2011-09-27 11:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3B23B914-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:49 . 2011-09-27 15:50 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3A9771C7-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:49 . 2011-09-27 15:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3A9771C6-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:18 . 2011-09-27 08:19 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3A6C15C4-E8E1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 12:35 . 2011-09-27 12:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3A0DFE3E-E905-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:04 . 2011-09-27 13:04 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{39D46275-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:04 . 2011-09-27 13:04 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{39D46274-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:33 . 2011-09-27 05:33 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3938F7EC-E8CA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:52 . 2011-09-27 11:54 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{373634DF-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:52 . 2011-09-27 11:52 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{373634DE-E8FF-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:55 . 2011-09-27 10:56 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3589D44A-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:22 . 2011-09-27 09:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3553A882-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:40 . 2011-09-27 13:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3541DC3C-E90E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:09 . 2011-09-27 11:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{33FCAB15-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:09 . 2011-09-27 11:09 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{33FCAB14-E8F9-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:18 . 2011-09-27 08:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{335A7CEF-E8E1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:17 . 2011-09-27 08:17 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{335A7CEE-E8E1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:44 . 2011-09-27 14:48 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3337724A-E917-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:36 . 2011-09-27 17:42 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3329326D-E92F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:36 . 2011-09-27 17:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3329326C-E92F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:27 . 2011-09-27 15:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3228425C-E91D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:57 . 2011-09-27 18:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{320C977C-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:48 . 2011-09-27 15:48 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31F0892D-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:48 . 2011-09-27 15:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31F0892C-E920-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:23 . 2011-09-27 14:28 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31ECEE87-E914-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:22 . 2011-09-27 14:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{31ECEE86-E914-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 15:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{313A3A8E-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:39 . 2011-09-27 08:40 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{304DF8DE-E8E4-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:53 . 2011-09-27 16:56 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2FB8D28D-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:53 . 2011-09-27 16:53 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2FB8D28C-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:56 . 2011-09-27 15:58 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2FB4D48D-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:55 . 2011-09-27 15:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2FB4D48C-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:27 . 2011-09-27 02:27 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2F8ABEE8-E8B0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:55 . 2011-09-27 10:55 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E5E0197-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:55 . 2011-09-27 10:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E5E0196-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E51CEE1-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 12:04 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E51CEE0-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:22 . 2011-09-27 09:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2DE513F8-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:22 . 2011-09-27 09:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2DE513F7-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:22 . 2011-09-27 09:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2DE513F6-E8EA-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:10 . 2011-09-27 08:14 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2C9E3900-E8E0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:36 . 2011-09-27 09:39 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2C7E1061-E8EC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:36 . 2011-09-27 09:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2C7E1060-E8EC-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:44 . 2011-09-27 14:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B8AE09C-E917-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:44 . 2011-09-27 14:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B8AE09B-E917-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:44 . 2011-09-27 14:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B8AE09A-E917-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:29 . 2011-09-27 09:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B36EE77-E8EB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:29 . 2011-09-27 09:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B36EE76-E8EB-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:11 . 2011-09-27 18:11 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2A7DA184-E934-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2956D2C9-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2956D2C8-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 03:59 . 2011-09-27 04:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{28E627F0-E8BD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 07:56 . 2011-09-27 07:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2856E222-E8DE-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:53 . 2011-09-27 16:53 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27786F11-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:52 . 2011-09-27 16:52 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27786F10-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:55 . 2011-09-27 10:55 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{274541B3-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:55 . 2011-09-27 10:55 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{274541B2-E8F7-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2744FABF-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2744FABE-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:14 . 2011-09-27 17:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{26D309B4-E92C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:48 . 2011-09-27 02:51 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{26B0E1D2-E8B3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:55 . 2011-09-27 15:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{25E183A7-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:55 . 2011-09-27 15:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{25E183A6-E921-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:57 . 2011-09-27 17:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{255D54A8-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:58 . 2011-09-27 06:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{25179424-E8D6-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:31 . 2011-09-27 16:34 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24EC0DD7-E926-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:31 . 2011-09-27 16:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24EC0DD6-E926-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:44 . 2011-09-27 14:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24532225-E917-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:44 . 2011-09-27 14:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24532224-E917-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:26 . 2011-09-27 10:26 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24248EED-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:26 . 2011-09-27 10:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24248EEC-E8F3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:11 . 2011-09-27 18:12 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22AFAEEB-E934-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:11 . 2011-09-27 18:12 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22AFAEE9-E934-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:51 . 2011-09-27 06:51 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22745AE6-E8D5-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{21271FC4-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{21271FC3-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{21271FC2-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{203CEB51-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{203CEB50-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:52 . 2011-09-27 16:52 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{203BEBE6-E929-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:41 . 2011-09-27 15:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1F2984AC-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:31 . 2011-09-27 08:31 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1EC40D21-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:31 . 2011-09-27 08:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1EC40D20-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:57 . 2011-09-27 17:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1D3003FC-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:19 . 2011-09-27 15:22 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1D2044C8-E91C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:15 . 2011-09-27 14:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1BE110A0-E913-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:31 . 2011-09-27 16:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1BBD3F32-E926-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:28 . 2011-09-27 17:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1AC483EE-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1984177B-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:58 . 2011-09-27 14:58 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1984177A-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{19242B6D-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:59 . 2011-09-27 11:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{19242B6C-E900-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:18 . 2011-09-27 10:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{18E19423-E8F2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 10:18 . 2011-09-27 10:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{18E19422-E8F2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:31 . 2011-09-27 08:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{17AB4D3D-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:31 . 2011-09-27 08:31 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{17AB4D3C-E8E3-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:42 . 2011-09-27 17:44 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{16B86481-E930-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:42 . 2011-09-27 17:42 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{16B86480-E930-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:56 . 2011-09-27 17:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{151363C6-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:24 . 2011-09-27 08:31 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14C55227-E8E2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:24 . 2011-09-27 08:24 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14C55226-E8E2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:06 . 2011-09-27 17:08 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1394CFA0-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 09:07 . 2011-09-27 09:08 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1324B2C6-E8E8-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:28 . 2011-09-27 17:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1310CB31-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:28 . 2011-09-27 17:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1310CB30-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:19 . 2011-09-27 15:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12C50DD8-E91C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:57 . 2011-09-27 14:57 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11605037-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:57 . 2011-09-27 14:57 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11605036-E919-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 04:27 . 2011-09-27 04:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1070E562-E8C1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:38 . 2011-09-27 16:41 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0FA974F9-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:38 . 2011-09-27 16:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0FA974F8-E927-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:10 . 2011-09-27 13:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0F1F01F1-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:10 . 2011-09-27 13:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0F1F01F0-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:56 . 2011-09-27 17:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0F18BE12-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:39 . 2011-09-27 13:40 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0EC8C9EE-E90E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:40 . 2011-09-27 02:48 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DE0E982-E8B2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:24 . 2011-09-27 08:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DAA2FE9-E8E2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 08:24 . 2011-09-27 08:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DAA2FE8-E8E2-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 02:26 . 2011-09-27 02:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0D55A19E-E8B0-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:28 . 2011-09-27 17:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CCE9EF0-E92E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:13 . 2011-09-27 17:18 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0C77CAC8-E92C-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:29 . 2011-09-27 14:31 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0BDD4370-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:40 . 2011-09-27 15:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09CC3230-E91F-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:07 . 2011-09-27 14:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{098EDF5A-E912-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:14 . 2011-09-27 14:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0962126C-E913-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 05:53 . 2011-09-27 05:53 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08B4DB88-E8CD-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:02 . 2011-09-27 16:03 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08A3AB7E-E922-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:10 . 2011-09-27 13:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07E27EC7-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:10 . 2011-09-27 13:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07E27EC6-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:42 . 2011-09-27 17:42 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07B2B36E-E930-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:28 . 2011-09-27 14:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{055D1A0D-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 14:28 . 2011-09-27 14:28 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{055D1A0C-E915-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:56 . 2011-09-27 17:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{051CE533-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:56 . 2011-09-27 17:56 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{051CE532-E932-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:02 . 2011-09-27 13:04 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0265B5F5-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:02 . 2011-09-27 13:02 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0265B5F4-E909-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:49 . 2011-09-27 17:49 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{017A9056-E931-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:10 . 2011-09-27 18:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{016B5F21-E934-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:10 . 2011-09-27 18:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{016B5F20-E934-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:44 . 2011-09-27 11:48 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{012A4700-E8FE-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 11:01 . 2011-09-27 11:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{005CA09E-E8F8-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 17:06 . 2011-09-27 17:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{005BDA00-E92B-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:10 . 2011-09-27 13:10 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00469D8D-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 13:09 . 2011-09-27 13:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00469D8C-E90A-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 23:29 . 2011-09-27 23:29 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
+ 2011-09-27 23:29 . 2011-09-27 23:29 328864 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.dll
+ 2006-01-10 13:43 . 2011-09-27 18:12 245760 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-26 22:22 . 2011-09-27 18:13 212480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{00AD3ED0-E88E-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 15:32 . 2011-09-27 15:38 178176 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DAE4EFF8-E91D-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 06:26 . 2011-09-27 06:39 106496 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9F839708-E8D1-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 18:11 . 2011-09-27 18:12 126976 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22AFAEE8-E934-11E0-9659-0014A52CF965}.dat
+ 2011-09-27 16:09 . 2011-09-27 16:17 153600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CFD956C-E923-11E0-9659-0014A52CF965}.dat
+ 2011-09-09 23:28 . 2011-09-27 18:08 1277952 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2011-03-03 00:33 . 2011-09-27 01:25 7700480 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-03 00:33 . 2011-09-27 18:12 7700480 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-27 23:30 . 2011-09-27 23:30 1093632 c:\windows\Installer\1186eaa.msi
+ 2011-09-28 01:05 . 2011-09-28 01:05 17456640 c:\windows\Installer\179426f.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 -c--a-w- c:\program files\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\Sergio\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-08-24 397312]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFEQ04tVFFMVFktQUJBQk8tQVNNVDctSkNLRlctTA&inst=NzYtOTIyNzU3NjU5LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=94&ver=2012.0.1809&mid=7ee8af08d1c847d1b5fdd15de3c81096-68b11d9d0276f02b5b6ed447f2f1883d53ddb191" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Sergio\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/2/2005 6:33 PM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/29/2008 10:41 PM 22216]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [6/3/2010 7:41 PM 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [6/3/2010 7:41 PM 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [6/3/2010 7:41 PM 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [6/3/2010 7:41 PM 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [6/3/2010 7:41 PM 115216]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [6/3/2010 7:41 PM 160400]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2011 9:08 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2011 9:08 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38866212
*Deregistered* - 38866212
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2010-02-07 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-14 10:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Sergio\Application Data\Mozilla\Firefox\Profiles\o3bxvhpl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Identities Update - c:\documents and settings\Sergio\Local Settings\Application Data\Identities\IdentitiesUpdate\Identitiesupdt32.exe
HKCU-Run-WindowsPolicyBackup - c:\documents and settings\All Users\Application Data\WindowsPolicyBackup.dll
HKU-Default-Run-Identities Update - c:\documents and settings\Sergio\Local Settings\Application Data\Identities\IdentitiesUpdate\Identitiesupdt32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 22:28
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?8?7?6??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,e2,fd,ff,c3,73,f2,48,80,b6,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,e2,fd,ff,c3,73,f2,48,80,b6,ac,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-27 22:36:51
ComboFix-quarantined-files.txt 2011-09-28 04:36
ComboFix2.txt 2011-09-27 02:07
ComboFix3.txt 2011-09-26 07:28
.
Pre-Run: 32,648,220,672 bytes free
Post-Run: 32,713,764,864 bytes free
.
- - End Of File - - FDCEEF1B694E4BF0785E8DD3FC9111A9

Attached Files

  • Attached File  log2.txt   186.03KB   1 downloads


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 28 September 2011 - 08:26 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 7.1.0
J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 3
Java™ 6 Update 7


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 01 October 2011 - 01:14 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 GreenKnight1029

GreenKnight1029
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 02 October 2011 - 03:15 AM

Hello Gringo! Thank you for waiting for my response. It's been a busy week. However, I'm committed to doing everything needed to make this computer function well again.

I could not remove Adobe Reader 7.1.0 and J2SE RunTime Environment 5.0 update 4 because I got the following error messages: " the feature you are trying to use is on a network resource that is unavailable" and " the installation source is unavailable." I had similar issues when attempting to remove Java 6 update 3 and 7.

MBAM Log is below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7841

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/1/2011 2:37:40 PM
mbam-log-2011-10-01 (14-37-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 287139
Time elapsed: 3 hour(s), 43 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HIJACK THIS log is below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:30 AM, on 10/2/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFEQ04tVFFMVFktQUJBQk8tQVNNVDctSkNLRlctTA"&"inst=NzYtOTIyNzU3NjU5LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=94"&"ver=2012.0.1809"&"mid=7ee8af08d1c847d1b5fdd15de3c81096-68b11d9d0276f02b5b6ed447f2f1883d53ddb191
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To CaseMap - C:\WINDOWS\system32\lnToCM.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8389 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 02 October 2011 - 09:33 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.




If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 04 October 2011 - 11:46 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 GreenKnight1029

GreenKnight1029
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 07 October 2011 - 06:07 PM

Hello Gringo,

I was able to run HighJack with no issues at all. However, I did have some problems running ESET, mostly because I have an older version of IE. I had to run ESET twice. The first time, the scan time was 10hrs and it found no threats. But I could not find a log to post, so I had to run it again. The second time, the scan time was 7hrs, but it did find some threats. The log is below. Throughout this entire cleaning process, I have used my computer very cautiously and only used if for email and news sites, but without an active anti-virus.

ESET log:

C:\Documents and Settings\Guest 4535\Application Data\Mozilla\Firefox\Profiles\96gnwgu8.default\extensions\{cd3383c0-8a50-467c-8e0c-55bd32960fff}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Guest 4535\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\okgnmkkkofmlhfpdgicnedeimjlpfpea\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Sergio\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\okgnmkkkofmlhfpdgicnedeimjlpfpea\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Sergio\My Documents\Downloads\WhiteSmokeInstaller_9515.exe a variant of Win32/InstallCore.A application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\WindowsPolicyBackup.dll.vir a variant of Win32/Kryptik.TJO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\2ghr6l1o.default\extensions\{cd3383c0-8a50-467c-8e0c-55bd32960fff}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Sergio\Application Data\Mozilla\Firefox\Profiles\o3bxvhpl.default\extensions\{cd3383c0-8a50-467c-8e0c-55bd32960fff}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Sergio\Local Settings\Application Data\SystemWin32.dll.vir a variant of Win32/Kryptik.TJO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Sergio\Local Settings\Application Data\Identities\IdentitiesUpdate\Identitiesupdt32.dll.vir a variant of Win32/Kryptik.TJO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Sergio\Local Settings\Application Data\Identities\IdentitiesUpdate\Identitiesupdt32.exe.vir a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP164\A0078750.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP164\A0078751.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP164\A0078752.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP164\A0078753.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP164\A0078754.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP164\A0078755.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081315.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081316.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081317.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081422.dll a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081435.dll a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081436.exe a variant of Win32/Kryptik.TJO trojan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP174\A0081437.dll a variant of Win32/Kryptik.TJO trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 07 October 2011 - 09:29 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\Guest 4535\Application Data\Mozilla\Firefox\Profiles\96gnwgu8.default\extensions\{cd3383c0-8a50-467c-8e0c-55bd32960fff}\chrome.manifest"
    del /f /s /q "C:\Documents and Settings\Guest 4535\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\okgnmkkkofmlhfpdgicnedeimjlpfpea\contentscript.js"
    del /f /s /q "C:\Documents and Settings\Sergio\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\okgnmkkkofmlhfpdgicnedeimjlpfpea\contentscript.js"
    del /f /s /q "C:\Documents and Settings\Sergio\My Documents\Downloads\WhiteSmokeInstaller_9515.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:02 PM

Posted 10 October 2011 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users