Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Remnants


  • This topic is locked This topic is locked
43 replies to this topic

#1 Don K K

Don K K

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 17 November 2011 - 02:08 PM

I am helping a friend who was infected with System Restore, followed by Privacy Protection. We have successfully removed both infections, and Malware Bytes shows no current infections, but some things are not right with her computer. She has Windows Vista Home Premium 64 bit. Problems include Windows Explorer does not show her correct files when opening Computer, then the C drive. It shows a number of bogus folders, and when we click on at least some of them, they are empty. Program Files and Program Files (x86) are not listed, but I can find the folders by typing the path manually in the address bar. Google has redirects when I type "Microsoft", for instance. Windows Firewall and Security Essentials are turned off, and cannot be turned back on. Hijack This shows some BHO's that cannot be removed. When I click on them and then try to remove them, when I scan again, they are still there.
Let me point out that we had to remove her hard drive, attach it to another computer with an external enclosure, and then do a full scan to remove the infected files. I think that there are no infected files left.
I read the spyware guides when they come out, and they are most helpful, and I have followed them in this case, but we still have issues. Any help you can give us will be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:50 PM

Posted 17 November 2011 - 02:25 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Don K K

Don K K
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 November 2011 - 04:25 PM

Orange Blossom, thank you for the information and guidelines. I will be back at her computer on Tuesday and will finish the steps starting with step 6 then.

Don

#4 Don K K

Don K K
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 22 November 2011 - 01:27 PM

Here is the DDS.txt log: (run in safe mode)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Barbara at 11:10:43 on 2011-11-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.3033 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\Desktop\Downloads\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.aol.com/
uWindow Title = Microsoft Internet Explorer provided by America Online
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: The G.E.T.Team Toolbar: {3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a} - C:\Program Files (x86)\The_G.E.T.Team\prxtbThe_.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: The G.E.T.Team Toolbar: {3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a} - C:\Program Files (x86)\The_G.E.T.Team\prxtbThe_.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Gbridge] "C:\Program Files (x86)\Gbridge LLC\Gbridge\pstartw.exe" "C:\Program Files (x86)\Gbridge LLC\Gbridge\Gbridge.exe" -autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
mRun: [eRecoveryService]
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRun: [iWinArcade Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeup.dll",DllRegisterServer
dRun: [Macromedia Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempup.dll",DllRegisterServer
dRun: [Yahoo Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.dll",DllRegisterServer
dRun: [Hewlett-Packard Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.dll",DllRegisterServer
dRun: [KeApplet] \Windows Desktop Search\{4E4591C1-9ED7-4D2A-BD42-04C851494EF9}\LicenseValidator.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
dRunOnce: [KeApplet] \Windows Desktop Search\{4E4591C1-9ED7-4D2A-BD42-04C851494EF9}\LicenseValidator.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7AB302A1-E26E-430E-BE6B-3EA17BDFBA5F} : DhcpNameServer = 10.239.255.254
TCP: Interfaces\{DB7D724C-CB2D-4983-9D15-E985BCA574E6} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: The G.E.T.Team Toolbar: {3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A} - C:\Program Files (x86)\The_G.E.T.Team\prxtbThe_.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
mRun-x64: [eRecoveryService]
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2731364&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\LivingPlay\nplplaypop.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Barbara\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Users\Barbara\AppData\Local\Roblox\Versions\version-87de5333d4254860\NPRobloxProxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R3 gbridge;Gbridge Virtual Miniport;C:\Windows\system32\DRIVERS\gbridge64.sys --> C:\Windows\system32\DRIVERS\gbridge64.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-2-17 24576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-15 136176]
S2 uvnc_service_gs;uvnc_service_gs;C:\Program Files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-6-12 1587536]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-15 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-22 17:07:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A433891-811A-411C-AEC5-F1957AB2D211}\offreg.dll
2011-11-19 15:24:19 821248 ----a-w- C:\ProgramData\8FB1.tmp
2011-11-18 08:17:12 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A433891-811A-411C-AEC5-F1957AB2D211}\mpengine.dll
2011-11-17 18:42:25 -------- d-----w- C:\Users\Barbara\AppData\Roaming\Gbridge
2011-11-17 18:40:54 -------- d-----w- C:\Program Files (x86)\Gbridge LLC
2011-11-17 18:03:51 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E96556AF-A791-4BCD-AF52-CB57294A34BE}\mpengine.dll
2011-11-17 18:03:43 8570192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-17 16:31:02 111408 ----a-w- C:\Windows\System32\drivers\88671586.sys
2011-11-15 19:49:57 -------- d-----w- C:\$AVG
2011-11-10 21:13:50 -------- d-----w- C:\Windows\System32\MpEngineStore
2011-11-09 21:11:38 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:11:37 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-11-09 21:11:36 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-09 21:11:36 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:11:34 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:11:34 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:11:34 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-09 17:49:10 -------- d-----w- C:\Windows Desktop Search
2011-11-09 17:48:55 -------- d-----w- C:\Skype
2011-11-09 15:07:25 -------- d-----w- C:\Users\Barbara\AppData\Roaming\jONtxAucSiDpGaH
2011-11-09 15:07:23 -------- d-----w- C:\Users\Barbara\AppData\Roaming\wVelIBtzPyAuD
2011-11-09 15:07:18 -------- d-----w- C:\Users\Barbara\AppData\Roaming\x1uvD2obFpGsJdK
2011-11-09 15:07:07 -------- d-----w- C:\Users\Barbara\AppData\Roaming\uuvS2ibFpGaHdKf
2011-11-09 15:07:06 -------- d-----w- C:\Users\Barbara\AppData\Roaming\uuvS2ibF3n5Q6W7
2011-11-09 15:07:06 -------- d-----w- C:\Users\Barbara\AppData\Roaming\mbD3pnG4aHs7E
2011-11-09 15:07:06 -------- d-----w- C:\Users\Barbara\AppData\Roaming\LnG5aQ6dW79TqYe
2011-11-09 15:07:03 -------- d-----w- C:\Users\Barbara\AppData\Roaming\CYCkVrlBx01nas8
2011-11-09 15:07:00 -------- d-----w- C:\Users\Barbara\AppData\Roaming\qOuFGQKRg
2011-11-09 15:06:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\phwVOzy1Dnp5JEg
2011-11-09 15:06:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\NEl37wyaRO27hI
2011-11-09 15:06:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\VghwVOzy1Dnp
2011-11-09 15:06:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\SdRhwVOzy1
2011-11-09 15:06:56 -------- d-----w- C:\Users\Barbara\AppData\Roaming\J4W9YOuDa
2011-11-09 15:06:54 -------- d-----w- C:\Users\Barbara\AppData\Roaming\UGj2ExHki7VngB2
2011-11-09 15:06:54 -------- d-----w- C:\Users\Barbara\AppData\Roaming\pUltcu2Fms6K
2011-11-09 15:06:51 -------- d-----w- C:\Users\Barbara\AppData\Roaming\zGQs7LTjwV
2011-11-09 15:06:49 -------- d-----w- C:\Users\Barbara\AppData\Roaming\kimLwzDsRVz1bs8
2011-11-09 13:38:16 -------- d-----w- C:\Users\Barbara\AppData\Roaming\QwUVelIBtzNcAuD
2011-11-09 13:37:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\cwzD5fBuFaKhCz0
2011-11-09 13:37:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\SlvsqlA4dYtvpJf
2011-11-09 13:37:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\D7hI1pEex2m6Rq
2011-11-09 13:37:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\cYtvpJfXlNv3Q8T
2011-11-09 13:37:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\clvsqlA4dYtvpJf
2011-11-09 13:37:56 -------- d-----w- C:\Users\Barbara\AppData\Roaming\VNiQLCtDJC04
2011-11-09 13:37:56 -------- d-----w- C:\Users\Barbara\AppData\Roaming\aYNiQLCtDJC04Ek
2011-11-09 12:43:29 -------- d-----w- C:\Users\Barbara\AppData\Roaming\XDpEXtvG8jNoQLe
2011-11-09 12:43:02 -------- d-----w- C:\Users\Barbara\AppData\Roaming\zgqjCIVASip4Q
2011-11-09 12:43:01 -------- d-----w- C:\Users\Barbara\AppData\Roaming\GQ6dKRL9gXYeIrN
2011-11-09 12:43:01 -------- d-----w- C:\Users\Barbara\AppData\Roaming\GnG5aQH6dKfLgqC
2011-11-09 04:20:33 -------- d-----w- C:\YUVrlOOBtPyc1
2011-11-09 04:19:59 -------- d-----w- C:\XonnFF4amHsJ7E8
2011-11-09 04:18:59 -------- d-----w- C:\YpnnGG5aQH6dK7R
2011-11-09 04:17:59 -------- d-----w- C:\FmGG55s6dEKfR9T
2011-11-09 04:16:58 -------- d-----w- C:\s999gTTXqjCekVr
2011-11-09 04:15:58 -------- d-----w- C:\RA11uuvS2obFpm5
2011-11-09 04:14:58 -------- d-----w- C:\yHH5sQQJ7dE
2011-11-09 04:13:56 -------- d-----w- C:\owwjjUVeeIBtzNc
2011-11-09 04:12:56 -------- d-----w- C:\UZZqqhYYXwUVeOB
2011-11-09 04:11:58 -------- d-----w- C:\lvvD33onF4am
2011-11-09 04:10:59 -------- d-----w- C:\R99ggTZqjYCwIr
2011-11-09 04:09:57 -------- d-----w- C:\ncAA1iivD2oF4pH
2011-11-09 04:08:58 -------- d-----w- C:\t111ivvD3o
2011-11-09 04:07:59 -------- d-----w- C:\WKKK7ffEL9gTqjC
2011-11-09 04:06:58 -------- d-----w- C:\VoobbF44pm5sQ6E
2011-11-09 04:05:59 -------- d-----w- C:\QXwwkUVelOBtPy
2011-11-09 04:04:59 -------- d-----w- C:\G666sWWK7fE9gZq
2011-11-09 04:03:57 -------- d-----w- C:\y5ssQQJ7dEK8RZh
2011-11-09 04:02:59 -------- d-----w- C:\mpppmGG5sQJ6E
2011-11-09 04:01:57 -------- d-----w- C:\ETTXXwjUCelIrzN
2011-11-09 04:00:58 -------- d-----w- C:\I66ddEKK8fZ9hXj
2011-11-09 03:59:56 -------- d-----w- C:\hGG5aQQH6dKfR9T
2011-11-09 03:58:57 -------- d-----w- C:\IjjjUCellIrz
2011-11-09 03:57:59 -------- d-----w- C:\hddEEK8fRZ9hXjI
2011-11-09 03:56:57 -------- d-----w- C:\VDD3ppnG4aH6
2011-11-09 03:55:59 -------- d-----w- C:\NqjYCekIVzNx0c2
2011-11-09 03:54:59 -------- d-----w- C:\x88ffZZ9hTwjUeI
2011-11-09 03:53:59 -------- d-----w- C:\S4pmH5sQJdKgZhX
2011-11-09 03:52:59 -------- d-----w- C:\uG4aQH6sW7E9TqY
2011-11-09 03:51:59 -------- d-----w- C:\jjUCelIBrPyAuSo
2011-11-09 03:50:59 -------- d-----w- C:\IqhYXwkUV
2011-11-09 03:49:57 -------- d-----w- C:\DQQQJ66dEK8fZ9T
2011-11-09 03:48:56 -------- d-----w- C:\w2ibD3pnGaHsKfL
2011-11-09 03:47:59 -------- d-----w- C:\XQJJ7dEK8RZ9YwU
2011-11-09 03:46:59 -------- d-----w- C:\ktxPP0uc1ibDoG
2011-11-09 03:45:57 -------- d-----w- C:\I1iivD2oF
2011-11-09 03:44:58 -------- d-----w- C:\WZZZqjYCwkIrlNt
2011-11-09 03:43:58 -------- d-----w- C:\gFFF3pmmG5aJ6WK
2011-11-09 03:43:53 -------- d-----w- C:\eGGG55aQJ6dW8fL
2011-11-09 03:43:47 -------- d-----w- C:\KvDD2oobFpmGsQ6
2011-11-09 03:43:42 -------- d-----w- C:\NdEK88gRZhX
2011-11-09 03:43:36 -------- d-----w- C:\xffEEL8gTZqYCkV
2011-11-09 03:43:30 -------- d-----w- C:\eiibD33pn4aQ6sK
2011-11-09 03:43:24 -------- d-----w- C:\h222ibbF3
2011-11-09 03:43:19 -------- d-----w- C:\mjYYCekIVz
2011-11-09 03:43:14 -------- d-----w- C:\cyyxxA00uv2iFpn
2011-11-09 03:43:09 -------- d-----w- C:\F66ddWKK8RL9Tqj
2011-11-09 03:43:03 -------- d-----w- C:\zllIIBtzPNyAuDo
2011-11-09 03:26:43 -------- d-----w- C:\OLLLggTXqj
2011-11-09 03:26:36 -------- d-----w- C:\uyyyccA1uvD2bFp
2011-11-09 03:26:32 -------- d-----w- C:\YttzzPNyyc
2011-11-09 03:26:27 -------- d-----w- C:\PIIIBttzPNyc1uD
2011-11-09 03:26:22 -------- d-----w- C:\GeellIBBrzNyx1v
2011-11-09 03:26:17 -------- d-----w- C:\ZUUCeelIBrzP
2011-11-09 03:26:12 -------- d-----w- C:\CEEKK8ffRZ9TXjU
2011-11-09 03:26:08 -------- d-----w- C:\jdddEKK8fRZ9T
2011-11-09 03:26:03 -------- d-----w- C:\RppmmG5ssQ6dE8R
2011-11-09 03:24:56 -------- d-----w- C:\vRRRL99gTXqjCeI
2011-11-09 03:24:51 -------- d-----w- C:\sKK77fRRL9g
2011-11-09 03:24:47 -------- d-----w- C:\PHHH6ssWK7fE9gZ
2011-11-09 03:24:42 -------- d-----w- C:\f3ppnnG4aQH6s
2011-11-09 03:24:37 -------- d-----w- C:\IDD33pnGG
2011-11-09 03:24:32 -------- d-----w- C:\Z4aaQQH6s
2011-11-09 03:24:27 -------- d-----w- C:\fCCeekIIVrzNtA0
2011-11-09 03:24:22 -------- d-----w- C:\hKK77fRRL9TX
2011-11-09 03:24:17 -------- d-----w- C:\qKK77fEE9
2011-11-09 03:24:12 -------- d-----w- C:\SbbDD3ppnGaQH
2011-11-09 03:24:07 -------- d-----w- C:\G9ggTTXqjY
2011-11-09 03:24:02 -------- d-----w- C:\qrzzOONxxAuvSib
2011-11-09 03:23:57 -------- d-----w- C:\lhhhTXXqj
2011-11-09 03:23:52 -------- d-----w- C:\oppmmG5aaJ6
2011-11-09 03:23:47 -------- d-----w- C:\ZNNNyxxA1S2o3mG
2011-11-09 03:23:42 -------- d-----w- C:\nKK88fRLL9TXqUe
2011-11-09 03:23:37 -------- d-----w- C:\LWWWKK8fRL9
2011-11-09 03:23:32 -------- d-----w- C:\PvvvSS2obF3pG5
2011-11-09 03:23:28 -------- d-----w- C:\fPPNNxx1uvS2bFp
2011-11-09 03:23:22 -------- d-----w- C:\zZZ99hTXXw
2011-11-09 03:23:17 -------- d-----w- C:\XttzzPNNycAuv2o
2011-11-09 03:23:12 -------- d-----w- C:\yEKK8ffRZ9hTwjC
2011-11-09 03:23:07 -------- d-----w- C:\FPPPNyycA1uv2oF
2011-11-09 03:23:02 -------- d-----w- C:\FNNyccA1uvD2bFp
2011-11-09 03:22:57 -------- d-----w- C:\NgggRZ9hhYwjUeI
2011-11-09 03:22:52 -------- d-----w- C:\f11iivDDonF4pHs
2011-11-09 03:22:47 -------- d-----w- C:\jEEEL88gRZqhX
2011-11-09 03:22:42 -------- d-----w- C:\RmHHH5sQJ7dE8gZ
2011-11-09 03:22:37 -------- d-----w- C:\v2oonnF4pmH5Q
2011-11-09 03:22:33 -------- d-----w- C:\rF444pmH5sQJ
2011-11-09 03:22:28 -------- d-----w- C:\RlOOBttzP0yA1v
2011-11-09 03:22:22 -------- d-----w- C:\VaammH5sWJ7d
2011-11-09 03:22:18 -------- d-----w- C:\TSSS1iivD3on4aH
2011-11-09 03:22:13 -------- d-----w- C:\VELLL8gRZqYXwUe
2011-11-09 03:22:08 -------- d-----w- C:\z3oonnF4amH5WJd
2011-11-09 03:22:02 -------- d-----w- C:\T77ffEL88gZh
2011-11-09 03:21:57 -------- d-----w- C:\oaaamHH6sWJfELg
2011-11-09 03:21:52 -------- d-----w- C:\lOOONNtxP0uc1iD
2011-11-09 03:21:49 -------- d-----w- C:\moonnFF4amHsW7d
2011-11-09 03:21:44 -------- d-----w- C:\X33oonF4amH5WJd
2011-11-09 03:21:39 -------- d-----w- C:\pKKK8ggRZ
2011-11-09 03:21:35 -------- d-----w- C:\HRRRZ99hYXwjVeI
2011-11-09 03:21:29 -------- d-----w- C:\nAA1iivD2onFpH5
2011-11-09 03:21:24 -------- d-----w- C:\QxxPP0ycc1ivDoF
2011-11-09 03:21:18 -------- d-----w- C:\RnnnG4aaQWK7E9g
2011-11-09 03:21:13 -------- d-----w- C:\B666dWWK7fR9gXq
2011-11-09 03:21:08 -------- d-----w- C:\iGGG44aQH6sW7fL
2011-11-09 03:21:03 -------- d-----w- C:\jbbbD33pnG
2011-11-09 03:19:59 -------- d-----w- C:\FH66ddWK7fRLgTq
2011-11-09 03:18:57 -------- d-----w- C:\YIIIVrrlON
2011-11-09 03:17:57 -------- d-----w- C:\uS2ibF3pn5Q6
2011-11-09 03:16:59 -------- d-----w- C:\JONyxA0uv
2011-11-09 03:15:59 -------- d-----w- C:\x9hYXwjUVlB
2011-11-09 03:14:56 -------- d-----w- C:\FA1uvD2ob4m5Q6E
2011-11-09 03:13:59 -------- d-----w- C:\wPPPNyyxA1uv2
2011-11-09 03:12:57 -------- d-----w- C:\ifEL9gTZqYwIrOt
2011-11-09 03:11:59 -------- d-----w- C:\lCwkIVrlOtPu
2011-11-09 03:10:59 -------- d-----w- C:\Y6ddWK8fR9hTq
2011-11-09 03:09:56 -------- d-----w- C:\rPNyyAAuvS2b3mG
2011-11-09 03:09:51 -------- d-----w- C:\teekIBrzOyxAuSi
2011-11-09 03:09:47 -------- d-----w- C:\pUCeeIIrzONx0vS
2011-11-09 03:09:41 -------- d-----w- C:\txA00uvSibFpn5Q
2011-11-09 03:09:37 -------- d-----w- C:\RzzONyyA0uS2b3n
2011-11-09 03:09:32 -------- d-----w- C:\G5aaQH6dK7
2011-11-09 03:09:27 -------- d-----w- C:\PL99hTXqjCkBzNx
2011-11-09 03:09:22 -------- d-----w- C:\f66ddWK8fR
2011-11-09 03:09:17 -------- d-----w- C:\FAAA1uuvS2ob
2011-11-09 03:09:12 -------- d-----w- C:\XQQJJ6dWK8fRLhX
2011-11-09 03:09:06 -------- d-----w- C:\qbbFF4pmG5sJ6E8
2011-11-09 03:09:01 -------- d-----w- C:\zhhYYXwwjUelItP
2011-11-09 03:08:55 -------- d-----w- C:\x888gRRZqhYwkV
2011-11-09 03:08:50 -------- d-----w- C:\hivD3oonFamHsJ7
2011-11-09 03:08:45 -------- d-----w- C:\ronn44amH6sJ7L8
2011-11-09 03:08:40 -------- d-----w- C:\uZZZqhhYCwkVrOt
2011-11-09 03:08:35 -------- d-----w- C:\UnnGG4amH6sWJfL
2011-11-09 03:08:30 -------- d-----w- C:\EffEEL9gTZ
2011-11-09 03:08:25 -------- d-----w- C:\uQQQH66sWK7ELgT
2011-11-09 03:08:19 -------- d-----w- C:\ZWKK77fRL9gXqYe
2011-11-09 03:08:15 -------- d-----w- C:\TWWWK7ffRL9TXjY
2011-11-09 03:08:10 -------- d-----w- C:\mA00uccS2ib3pGa
2011-11-09 03:08:04 -------- d-----w- C:\b77ffRL9gTXqYCk
2011-11-09 03:08:00 -------- d-----w- C:\bIIVVrzOONxA0c2
2011-11-09 03:07:55 -------- d-----w- C:\XFFF3ppnG5QH6W7
2011-11-09 03:07:50 -------- d-----w- C:\OddWWK77fL9gTqY
2011-11-09 03:07:45 -------- d-----w- C:\snnG5aQQHdWKfR
2011-11-09 03:07:41 -------- d-----w- C:\gIVVrzONxA0
2011-11-09 03:07:36 -------- d-----w- C:\V1ibb33nG4aHsJf
2011-11-09 03:07:32 -------- d-----w- C:\iVVrrOOtxPyc1v3
2011-11-09 03:07:27 -------- d-----w- C:\WUVrrOOtxP0c
2011-11-09 03:07:23 -------- d-----w- C:\Z5sWWJ7dL
2011-11-09 03:07:18 -------- d-----w- C:\divDD3on4am5sJE
2011-11-09 03:07:13 -------- d-----w- C:\grllBttP0yS1v3n
2011-11-09 03:07:08 -------- d-----w- C:\sqhhYXwkVel
2011-11-09 03:07:03 -------- d-----w- C:\jggRZqhYXwUVlBz
2011-11-09 03:06:59 -------- d-----w- C:\dhhYwkUVeltz0Ai
2011-11-09 03:06:54 -------- d-----w- C:\vF44amH5sJ7dLgZ
2011-11-09 03:06:48 -------- d-----w- C:\iWJJ7fEL8TZqY
2011-11-09 03:06:43 -------- d-----w- C:\DqjYYCwkVrlOtPu
2011-11-09 03:06:38 -------- d-----w- C:\pQHH66sWK
2011-11-09 03:06:33 -------- d-----w- C:\LfffELL9gTZjYw
2011-11-09 03:06:28 -------- d-----w- C:\GeekkIVrzONtA0c
2011-11-09 03:06:22 -------- d-----w- C:\Z99hXqqUCekBzOy
2011-11-09 03:06:17 -------- d-----w- C:\VAA1uvS2ob3pGaJ
2011-11-09 03:06:12 -------- d-----w- C:\tQQJJddK8f
2011-11-09 03:06:06 -------- d-----w- C:\YXwwjUVeeIBtPyc
2011-11-09 03:06:01 -------- d-----w- C:\essQQJ6dEK8RZhX
2011-11-09 03:05:56 -------- d-----w- C:\GUUVVelIBtzPyc1
2011-11-09 03:05:51 -------- d-----w- C:\dDD22onnF4pH5QJ
2011-11-09 03:05:46 -------- d-----w- C:\ZtzzP00ycA1iD2n
2011-11-09 03:05:41 -------- d-----w- C:\YZZqhhYXwk
2011-11-09 03:05:36 -------- d-----w- C:\HoonF4amH5W
2011-11-09 03:05:31 -------- d-----w- C:\V8ggRZqhYwkUeOt
2011-11-09 03:05:26 -------- d-----w- C:\YycSSiiD3on4m5s
2011-11-09 03:05:20 -------- d-----w- C:\ZYCwwkIVlONx
2011-11-09 03:05:15 -------- d-----w- C:\fbbD3pnG4a
2011-11-09 03:05:10 -------- d-----w- C:\ARL99TTqjYCkVrO
2011-11-09 03:05:04 -------- d-----w- C:\HQJ6dWW8fR9TXjC
2011-11-09 03:04:59 -------- d-----w- C:\kXqjjCCeIBr
2011-11-09 03:04:54 -------- d-----w- C:\HUUCelIBrPNyAu
2011-11-09 03:04:48 -------- d-----w- C:\mzPPNycA1uvDoFp
2011-11-09 03:04:43 -------- d-----w- C:\nJJ7ddEK8gZ9hXj
2011-11-09 03:04:39 -------- d-----w- C:\m77ddEK8gRZhYwU
2011-11-09 03:04:34 -------- d-----w- C:\gssQQJ7dEK8
2011-11-09 03:04:29 -------- d-----w- C:\tyccA11uv2ob4
2011-11-09 03:04:24 -------- d-----w- C:\O8gRRZ9hXwjUe
2011-11-09 03:04:19 -------- d-----w- C:\NRZZ9hYXwUV
2011-11-09 03:04:15 -------- d-----w- C:\IobbF4pm5
2011-11-09 03:04:09 -------- d-----w- C:\lA1iiDD2nF4m5sJ
2011-11-09 03:04:04 -------- d-----w- C:\gmHH5sWJdEL8Rq
2011-11-09 03:03:59 -------- d-----w- C:\z444pmmH5s
2011-11-09 03:03:54 -------- d-----w- C:\c000yccA1iD2oF4
2011-11-09 03:03:49 -------- d-----w- C:\jF4aamH5WJ7ELgZ
2011-11-09 03:03:44 -------- d-----w- C:\ELL88gTZZqYCwUr
2011-11-09 03:03:38 -------- d-----w- C:\lQHH66sWK7fE
2011-11-09 03:03:33 -------- d-----w- C:\yCCeekIVVzONx0c
2011-11-09 03:03:27 -------- d-----w- C:\ejjjYCekIVrONtA
2011-11-09 03:03:22 -------- d-----w- C:\puvSS2ibb3pnGaH
2011-11-09 03:03:17 -------- d-----w- C:\L33ppmG55aJ6dK8
2011-11-09 03:03:12 -------- d-----w- C:\CTTXXwjUCelIrzN
2011-11-09 03:03:07 -------- d-----w- C:\BQQJJ6ddK8
2011-11-09 03:03:02 -------- d-----w- C:\TdEEEK8fR
2011-11-09 03:02:57 -------- d-----w- C:\nxxxA11uS
2011-11-09 03:02:52 -------- d-----w- C:\zRRRZ99hTX
2011-11-09 03:02:47 -------- d-----w- C:\ZobbF4pmG5sQ
2011-11-09 03:02:42 -------- d-----w- C:\nwwjUVVelBtz
2011-11-09 03:02:37 -------- d-----w- C:\IZZ99hYXwjUVlIt
2011-11-09 03:02:32 -------- d-----w- C:\TQJJ77dEK8gR
2011-11-09 03:02:27 -------- d-----w- C:\SjjUVellIBtPNc1
2011-11-09 03:02:22 -------- d-----w- C:\l0yycAA1iv2oF4m
2011-11-09 03:02:16 -------- d-----w- C:\cJJJ7ddE8gZq
2011-11-09 03:02:11 -------- d-----w- C:\xkkIIVrlONx
2011-11-09 03:02:05 -------- d-----w- C:\TRLLgTTqjCekVrO
2011-11-09 03:02:00 -------- d-----w- C:\iRRRL99hTqjUeIB
2011-11-09 03:00:59 -------- d-----w- C:\DhhYYXwwkUVlOtz
2011-11-09 02:59:56 -------- d-----w- C:\t8gRZqhYXkVlBz0
2011-11-09 02:58:57 -------- d-----w- C:\qZqhYCwkUrOt
2011-11-09 02:57:57 -------- d-----w- C:\V9gTXqjYCkVzNx0
2011-11-09 02:56:59 -------- d-----w- C:\pfRL9gTXqYeIrOt
2011-11-09 02:55:57 -------- d-----w- C:\c8ggRRZqh
2011-11-09 02:54:57 -------- d-----w- C:\HLL99gTTXqjCeIV
2011-11-09 02:53:57 -------- d-----w- C:\dvvvDD2obF4pG5Q
2011-11-09 02:52:59 -------- d-----w- C:\XaaaQJJ6dW
2011-11-09 02:51:57 -------- d-----w- C:\y00uucSS2ib3pG4
2011-11-09 02:50:58 -------- d-----w- C:\ZNyyxA00uvSi
2011-11-09 02:50:53 -------- d-----w- C:\NzONNyxxA0uS2bF
2011-11-09 02:50:48 -------- d-----w- C:\OuuuvSS2obFpm
2011-11-09 02:50:43 -------- d-----w- C:\t111uvvS2o
2011-11-09 02:50:38 -------- d-----w- C:\mjjUUCeeIBrzN
2011-11-09 02:50:33 -------- d-----w- C:\HCeelIBBrPN
2011-11-09 02:50:28 -------- d-----w- C:\xG55aaQJ6dW
2011-11-09 02:50:23 -------- d-----w- C:\yEEKK8ffRZhTXjU
2011-11-09 02:50:18 -------- d-----w- C:\p66ddEK8fRZ9
2011-11-09 02:50:14 -------- d-----w- C:\yllIBrrzPNyA1vS
2011-11-09 02:50:09 -------- d-----w- C:\ouuuvSS2obFpm5a
2011-11-09 02:50:04 -------- d-----w- C:\LuvvvS2obF3pm5Q
2011-11-09 02:50:00 -------- d-----w- C:\ndWWKK8fRL9h
2011-11-09 02:49:55 -------- d-----w- C:\fQQHH6dWW7fR9gX
2011-11-09 02:49:50 -------- d-----w- C:\R6ddWWK7fRL9TXj
2011-11-09 02:49:46 -------- d-----w- C:\cLL9gTXXqjCeIVz
2011-11-09 02:49:41 -------- d-----w- C:\RCeekIIVrzONxAu
2011-11-09 02:49:37 -------- d-----w- C:\tDD33pnGG4QH6W7
2011-11-09 02:49:32 -------- d-----w- C:\UaaQQH6sWK7fE9T
2011-11-09 02:49:27 -------- d-----w- C:\NwwwkIIVrlONxP
2011-11-09 02:49:22 -------- d-----w- C:\EgTTZZqjYCwIVrO
2011-11-09 02:49:17 -------- d-----w- C:\HsssWKK7fELgTq
2011-11-09 02:49:13 -------- d-----w- C:\SIIIVrrlONtP0cS
2011-11-09 02:49:08 -------- d-----w- C:\XEELL8gTTqhYCkV
2011-11-09 02:49:04 -------- d-----w- C:\QBBtxxP0ycS1vD
2011-11-09 02:47:57 -------- d-----w- C:\YellOOBtzP0yA1v
2011-11-09 02:47:52 -------- d-----w- C:\DmmGG5ssQJ6EKf
2011-11-09 02:47:48 -------- d-----w- C:\PFF33pmGG5QJ6WK
2011-11-09 02:47:44 -------- d-----w- C:\myyxxA00uv2ib3p
2011-11-09 02:47:40 -------- d-----w- C:\vzzOONtxA0ucS
2011-11-09 02:47:35 -------- d-----w- C:\ZSS22ibbD3nG4QH
2011-11-09 02:47:30 -------- d-----w- C:\eGG44aQQH6sK7EL
2011-11-09 02:47:26 -------- d-----w- C:\kTTTZqqjYCwIVlO
2011-11-09 02:47:21 -------- d-----w- C:\N66ssWJ77fL8gZ
2011-11-09 02:47:16 -------- d-----w- C:\sfffELL8gTZhYC
2011-11-09 02:47:11 -------- d-----w- C:\TZZqqjYCwkIVlNx
2011-11-09 02:47:06 -------- d-----w- C:\IcSSS2ibD3nGaQ6
2011-11-09 02:47:01 -------- d-----w- C:\ixxAA0uucS
2011-11-09 02:46:56 -------- d-----w- C:\OGG55aQHH6WK7R9
2011-11-09 02:46:51 -------- d-----w- C:\zGGG4aaQH6sK7EL
2011-11-09 02:46:46 -------- d-----w- C:\vEEEL99gTZqjCwI
2011-11-09 02:46:42 -------- d-----w- C:\XCCwwkIVrlOtx0u
2011-11-09 02:46:37 -------- d-----w- C:\G44aaQQH6sW7fLg
2011-11-09 02:46:32 -------- d-----w- C:\XtxxAA0ucS
2011-11-09 02:46:27 -------- d-----w- C:\r55aaQHH6dW7fL9
2011-11-09 02:46:21 -------- d-----w- C:\PmmmGG5aQJ6dKfR
2011-11-09 02:46:16 -------- d-----w- C:\dppmmG55aQJdW8f
2011-11-09 02:46:10 -------- d-----w- C:\XjUUCCelIBrzNyA
2011-11-09 02:46:05 -------- d-----w- C:\mpppmGG5sQJ6E8f
2011-11-09 02:46:00 -------- d-----w- C:\VhhYYXwwjUelBzP
2011-11-09 02:45:56 -------- d-----w- C:\mVVVelIBtzPNcAu
2011-11-09 02:45:50 -------- d-----w- C:\xAAA1iivD2on4mH
2011-11-09 02:45:45 -------- d-----w- C:\PgRRZZ9hYXwjVeI
2011-11-09 02:45:40 -------- d-----w- C:\QBBttzPP0yA1iD2
2011-11-09 02:45:36 -------- d-----w- C:\nKK88gRRZ9YXwUV
2011-11-09 02:45:31 -------- d-----w- C:\UXXwwjUVelBPNyA
2011-11-09 02:45:26 -------- d-----w- C:\LeellIBttPNyc1v
2011-11-09 02:45:22 -------- d-----w- C:\duuvvD2oob4pm5Q
2011-11-09 02:45:17 -------- d-----w- C:\ESS22obFFpmG5Q6
2011-11-09 02:45:12 -------- d-----w- C:\rjjjUCCelIBrPNx
2011-11-09 02:45:07 -------- d-----w- C:\nwwjjUCelIBrPyx
2011-11-09 02:45:02 -------- d-----w- C:\deelIttzPNyA1v2
2011-11-09 02:43:58 -------- d-----w- C:\uKK88gRZ9hYw
2011-11-09 02:42:59 -------- d-----w- C:\wSS11ivD3onFam5
2011-11-09 02:41:57 -------- d-----w- C:\nF4pmH5sQ7E8R9Y
2011-11-09 02:40:58 -------- d-----w- C:\QxP0ycS1iDoFaHs
2011-11-09 02:39:57 -------- d-----w- C:\yHHH6ddWK7fR9g
2011-11-09 02:38:56 -------- d-----w- C:\annnF44amH5WJ
2011-11-09 02:37:56 -------- d-----w- C:\v3ppnnG4aQH6WKf
2011-11-09 02:36:56 -------- d-----w- C:\TpmmGG5aQJ6dK8R
2011-11-09 02:35:55 -------- d-----w- C:\HgTTZqqhYCwUVl
2011-11-09 02:35:51 -------- d-----w- C:\rLLL8ggRZqhYwkV
2011-11-09 02:35:47 -------- d-----w- C:\iZZ9hhYXwjUVlIt
2011-11-09 02:35:43 -------- d-----w- C:\zwwjjUVeelBtzNc
2011-11-09 02:35:38 -------- d-----w- C:\cppmmG5sQJ6d
2011-11-09 02:35:34 -------- d-----w- C:\PzzPPNyyxAu
2011-11-09 02:35:29 -------- d-----w- C:\hmmGG5aaQJdWKfL
2011-11-09 02:35:25 -------- d-----w- C:\wkkIIBrzONyx0
2011-11-09 02:35:21 -------- d-----w- C:\YK77fEEL9gTqj
2011-11-09 02:35:16 -------- d-----w- C:\SttxxP00ucSib3o
2011-11-09 02:35:12 -------- d-----w- C:\LWJJ77fEL8gZqYC
2011-11-09 02:35:07 -------- d-----w- C:\trllOOBtxP
2011-11-09 02:35:03 -------- d-----w- C:\T44amHH5WJ7ELgR
2011-11-09 02:33:58 -------- d-----w- C:\XHH66dWWK7RL9Tq
2011-11-09 02:32:57 -------- d-----w- C:\F77ddEL8gRZqYXk
2011-11-09 02:31:57 -------- d-----w- C:\o444aaQH6sW
2011-11-09 02:31:52 -------- d-----w- C:\PCCCwkkIVrlNtP0
2011-11-09 02:31:48 -------- d-----w- C:\IHH66sWWJ7fL8TZ
2011-11-09 02:31:44 -------- d-----w- C:\qttzzP0yyA1iv2n
2011-11-09 02:31:39 -------- d-----w- C:\eddEEK8gRZ9
2011-11-09 02:31:35 -------- d-----w- C:\GyyycA11uvDoF4m
2011-11-09 02:31:30 -------- d-----w- C:\xsssQJJ6dEKfR9
2011-11-09 02:31:26 -------- d-----w- C:\b99hhTXwwjCelBz
2011-11-09 02:31:21 -------- d-----w- C:\kGGG5aaQJ6dK8R9
2011-11-09 02:31:17 -------- d-----w- C:\FkkIIBrzONyA
2011-11-09 02:31:13 -------- d-----w- C:\N33ppnG4aQH6WKf
2011-11-09 02:31:08 -------- d-----w- C:\ZgTTZZqjYCwk
2011-11-09 02:31:04 -------- d-----w- C:\GPPP0uucS1ib3oG
2011-11-09 02:29:59 -------- d-----w- C:\jKK8ffRL9hTXj
2011-11-09 02:28:59 -------- d-----w- C:\xZZ99hYXwjU
2011-11-09 02:27:56 -------- d-----w- C:\NvvDD2oobFpmGsJ
2011-11-09 02:26:56 -------- d-----w- C:\esWWJJ7fEL8gZh
2011-11-09 02:25:56 -------- d-----w- C:\i333pnnG5aQ6dK7
2011-11-09 02:25:51 -------- d-----w- C:\PQQHH6ddWK7RLgT
2011-11-09 02:25:47 -------- d-----w- C:\SONNttxA0ucSib3
2011-11-09 02:25:42 -------- d-----w- C:\c33ppnGG4aQ6sK7
2011-11-09 02:25:38 -------- d-----w- C:\G7ffEEL9gT
2011-11-09 02:25:33 -------- d-----w- C:\riibbD3on
2011-11-09 02:25:29 -------- d-----w- C:\gL88ggRZqhYXkUe
2011-11-09 02:25:24 -------- d-----w- C:\ptttP00yA
2011-11-09 02:25:20 -------- d-----w- C:\lVVVellOBtz0yA1
2011-11-09 02:25:15 -------- d-----w- C:\yHHH5ssQJ7dK8g
2011-11-09 02:25:11 -------- d-----w- C:\DzzzPNyycA1
2011-11-09 02:25:06 -------- d-----w- C:\eppmmG55sQ6dE8f
2011-11-09 02:25:02 -------- d-----w- C:\GeellIBrrzNyx
2011-11-09 02:23:57 -------- d-----w- C:\IXXXwkkUVelOtz0
2011-11-09 02:23:52 -------- d-----w- C:\jmmHH5sQJ7dK8RZ
2011-11-09 02:23:48 -------- d-----w- C:\L777dEEK8gRZhYw
2011-11-09 02:23:43 -------- d-----w- C:\uuuvvD2oob4pm5s
2011-11-09 02:23:39 -------- d-----w- C:\a555sQJJ6dE8fZ9
2011-11-09 02:23:34 -------- d-----w- C:\vddEEK8fRZ9hXwU
2011-11-09 02:23:30 -------- d-----w- C:\fzPPNyyxA1uS2bF
2011-11-09 02:23:25 -------- d-----w- C:\RNyyyxA0uvS2bF
2011-11-09 02:23:20 -------- d-----w- C:\kbbbF33pnG5aH6W
2011-11-09 02:23:16 -------- d-----w- C:\GHH6dWWK7fRLgTq
2011-11-09 02:23:11 -------- d-----w- C:\nqqqjYYCe
2011-11-09 02:23:06 -------- d-----w- C:\dOONtxxA0ucS
2011-11-09 02:23:02 -------- d-----w- C:\OsWWK77fEL9gZqY
2011-11-09 02:21:56 -------- d-----w- C:\sVeellIBtzPNcAu
2011-11-09 02:20:56 -------- d-----w- C:\dLLL9ggTZ
2011-11-09 02:20:51 -------- d-----w- C:\itxxPP0ucS1iD3n
2011-11-09 02:20:47 -------- d-----w- C:\ARRRZqqhYXwUVlB
2011-11-09 02:20:42 -------- d-----w- C:\AtttzPP0ycA1vDo
2011-11-09 02:20:38 -------- d-----w- C:\hpppmHH5sJ7d
2011-11-09 02:20:33 -------- d-----w- C:\KJ77ddEK8gRZh
2011-11-09 02:20:29 -------- d-----w- C:\TPPNNycA1
2011-11-09 02:20:24 -------- d-----w- C:\A66ddEK8fRZ9TXj
2011-11-09 02:20:20 -------- d-----w- C:\I88ffRLL9hTqjCe
2011-11-09 02:20:15 -------- d-----w- C:\GqjjjUCekIBrzNx
2011-11-09 02:20:11 -------- d-----w- C:\AvSS22ibF3pn
2011-11-09 02:20:06 -------- d-----w- C:\aqqjjUCekIBzO
2011-11-09 02:20:01 -------- d-----w- C:\XqqqjUUCek
2011-11-09 02:18:56 -------- d-----w- C:\H777dEEK8gR
2011-11-09 02:18:52 -------- d-----w- C:\N2oobbF4pmG
2011-11-09 02:18:47 -------- d-----w- C:\YFF44pmGG5
2011-11-09 02:18:42 -------- d-----w- C:\WGGG5aaQJ
2011-11-09 02:18:38 -------- d-----w- C:\E55aaQJ6dWK8fLh
2011-11-09 02:18:33 -------- d-----w- C:\cbbFF3pmG5aQJdK
2011-11-09 02:18:28 -------- d-----w- C:\zyyyxAA1uvSob3p
2011-11-09 02:18:23 -------- d-----w- C:\v333pmmG5a
2011-11-09 02:18:19 -------- d-----w- C:\meeekIIBrzONxAu
2011-11-09 02:18:15 -------- d-----w- C:\WaaaQQH6sWK7ELg
2011-11-09 02:18:10 -------- d-----w- C:\fbbD33onG4amHsJ
2011-11-09 02:18:06 -------- d-----w- C:\XwkkUUVrlOBtP0c
2011-11-09 02:18:01 -------- d-----w- C:\fffEEL88gT
2011-11-09 02:16:57 -------- d-----w- C:\W00uucSS2bD3pGa
2011-11-09 02:16:52 -------- d-----w- C:\uLL99gTXXqYCeIr
2011-11-09 02:16:47 -------- d-----w- C:\GbbbD33pnG4aH
2011-11-09 02:16:43 -------- d-----w- C:\KssWWK77fELgTqY
2011-11-09 02:16:38 -------- d-----w- C:\GffEEL8gTZqhYwU
2011-11-09 02:16:34 -------- d-----w- C:\ChhYYCwwkUrlOtx
2011-11-09 02:16:29 -------- d-----w- C:\nVVrrlOOBtP0yS1
2011-11-09 02:16:24 -------- d-----w- C:\OssWWJ77fE8gTqh
2011-11-09 02:16:19 -------- d-----w- C:\x11iibD3onG4mHs
2011-11-09 02:16:14 -------- d-----w- C:\k333onnG4amHsW7
2011-11-09 02:16:10 -------- d-----w- C:\xJJ77dEEL8g
2011-11-09 02:16:05 -------- d-----w- C:\VgggRRZqhYXw
2011-11-09 02:16:00 -------- d-----w- C:\ykkUUVeelOtzPy
2011-11-09 02:15:56 -------- d-----w- C:\AeeelOOBtzPy
2011-11-09 02:15:51 -------- d-----w- C:\VzzPP0ycc1iv
2011-11-09 02:15:46 -------- d-----w- C:\hYYYXwwkUVelBtP
2011-11-09 02:15:41 -------- d-----w- C:\LL88ggRZqhY
2011-11-09 02:15:36 -------- d-----w- C:\xhhYYXwjUVe
2011-11-09 02:15:32 -------- d-----w- C:\tPPPNyccA1vDoF4
2011-11-09 02:15:27 -------- d-----w- C:\GPPPNyycA1uD2
2011-11-09 02:15:22 -------- d-----w- C:\lVVVelIIBtzNyA1
2011-11-09 02:15:18 -------- d-----w- C:\vjjUUVelIBtzPyA
2011-11-09 02:15:12 -------- d-----w- C:\KZZZqhhYXwkVe
2011-11-09 02:15:08 -------- d-----w- C:\QoobbF44pm5
2011-11-09 02:15:03 -------- d-----w- C:\UTTXXwjUUClIBzN
2011-11-09 02:13:58 -------- d-----w- C:\diivvD33onFa
2011-11-09 02:13:53 -------- d-----w- C:\ZlllOBBtxP0cSiD
2011-11-09 02:13:49 -------- d-----w- C:\AmmHH5ssWJ7E
2011-11-09 02:13:44 -------- d-----w- C:\IWWJJ7ddELgR
2011-11-09 02:13:39 -------- d-----w- C:\dxxPP0ycS1iv
2011-11-09 02:13:34 -------- d-----w- C:\NHHH5sJJdEL8RqY
2011-11-09 02:13:29 -------- d-----w- C:\N5ssWWJ7dEL8RZh
2011-11-09 02:13:24 -------- d-----w- C:\XZZqqhYYCwkVr
2011-11-09 02:13:19 -------- d-----w- C:\qgggTZZqh
2011-11-09 02:13:15 -------- d-----w- C:\FVVrrlOOBtP0
2011-11-09 02:13:10 -------- d-----w- C:\gFFF4aamH5sW7E8
2011-11-09 02:13:05 -------- d-----w- C:\khYCCwkUrlOtx0c
2011-11-09 02:11:56 -------- d-----w- C:\bqhhYYCwkUVrOBx
2011-11-09 02:10:58 -------- d-----w- C:\W888gTTZqhYw
2011-11-09 02:09:58 -------- d-----w- C:\ZbF3pnG5aHdK
2011-11-09 02:08:55 -------- d-----w- C:\oIIBBzzNyx0uSiF
2011-11-09 02:08:50 -------- d-----w- C:\LIVVrzONtA0uSi
2011-11-09 02:08:46 -------- d-----w- C:\YQHH6sWK7E
2011-11-09 02:08:41 -------- d-----w- C:\YH66sWK7EL9gZjC
2011-11-09 02:08:37 -------- d-----w- C:\iIVrrlONxP0cSiD
2011-11-09 02:08:31 -------- d-----w- C:\rNyyxA0uv
2011-11-09 02:08:24 -------- d-----w- C:\CIBttPPycA1
2011-11-09 02:08:20 -------- d-----w- C:\FxA11vvSobFp
2011-11-09 02:08:15 -------- d-----w- C:\dFF33mm5aQ6dKfL
2011-11-09 02:08:10 -------- d-----w- C:\XXwwjUCelBrzN
2011-11-09 02:08:06 -------- d-----w- C:\GQJJ6dWK8RL9T
2011-11-09 02:08:02 -------- d-----w- C:\T2iibF3pG5aQ6W7
2011-11-09 02:07:57 -------- d-----w- C:\dzzONyxA0uS2b3n
2011-11-09 02:07:52 -------- d-----w- C:\nA0uuSSibF3n5QH
2011-11-09 02:07:48 -------- d-----w- C:\vTZqqjYCkIVrOtP
2011-11-09 02:07:44 -------- d-----w- C:\ahhYCwwUVrOBx
2011-11-09 02:07:40 -------- d-----w- C:\P8ggRZ9hYwjUeI
2011-11-09 02:07:36 -------- d-----w- C:\VEK88RR9hTXjClI
2011-11-09 02:07:31 -------- d-----w- C:\KjjUVeeIBtPNc
2011-11-09 02:07:25 -------- d-----w- C:\XH5ssWJ7EL8gZhX
2011-11-09 02:07:20 -------- d-----w- C:\fUUVelOBtx0ySiD
2011-11-09 02:07:14 -------- d-----w- C:\mtxxP0uc1i
2011-11-09 02:07:08 -------- d-----w- C:\YeekIVrzONxAuSi
2011-11-09 02:07:02 -------- d-----w- C:\oTXXwjUCeIBrPyA
2011-11-09 02:06:56 -------- d-----w- C:\IZqqhYXwkVel
2011-11-09 02:06:50 -------- d-----w- C:\EcS11bb3onGaH
2011-11-09 02:06:45 -------- d-----w- C:\ycSS11ibD3onGa
2011-11-09 02:06:39 -------- d-----w- C:\rzOONyxAuvS2b3n
2011-11-09 02:06:32 -------- d-----w- C:\otzzPNycAuvDoFp
2011-11-09 02:06:27 -------- d-----w- C:\neelOOBtzP0yAiv
2011-11-09 02:06:20 -------- d-----w- C:\RAA00ucSSibDpn4
2011-11-09 02:06:13 -------- d-----w- C:\gzPPNyxA1vS2b3m
2011-11-09 02:06:07 -------- d-----w- C:\kssWJ7dEL8RZhX
2011-11-09 02:06:00 -------- d-----w- C:\dAA0ucS2i
2011-11-09 02:05:54 -------- d-----w- C:\rQJ66EE8fRZh
2011-11-09 02:05:48 -------- d-----w- C:\G44pmHH5sQ
2011-11-09 02:05:43 -------- d-----w- C:\nJJ77dEEK8gZ9YX
2011-11-09 02:05:38 -------- d-----w- C:\GqqhhYXXwkVelBz
2011-11-09 02:05:33 -------- d-----w- C:\RgggRZZqhYXwUVl
2011-11-09 02:05:29 -------- d-----w- C:\LttzzPP0ycAiv2o
2011-11-09 02:05:24 -------- d-----w- C:\gwwjjUVVelB
2011-11-09 02:05:19 -------- d-----w- C:\sKKK8ggRZ9hXwUe
2011-11-09 02:05:15 -------- d-----w- C:\b999hTTXwjUClIr
2011-11-09 02:05:10 -------- d-----w- C:\ERRRZ9hhTXwUC
2011-11-09 02:05:05 -------- d-----w- C:\qCCellIBrzPNxAu
2011-11-09 02:05:01 -------- d-----w- C:\ehhhTTXqjUCkIrz
2011-11-09 02:03:57 -------- d-----w- C:\JRRRZ9hhTwjUelB
2011-11-09 02:03:51 -------- d-----w- C:\TllOOtPP0cAiv2n
2011-11-09 02:03:46 -------- d-----w- C:\psssWJJ7dELgRqh
2011-11-09 02:03:42 -------- d-----w- C:\TooonFFppH5sJ7E
2011-11-09 02:03:36 -------- d-----w- C:\VVVeelOBBtP0
2011-11-09 02:03:32 -------- d-----w- C:\j111vvD2onF4mHs
2011-11-09 02:03:28 -------- d-----w- C:\kzzPPNyccAuvDoF
2011-11-09 02:03:23 -------- d-----w- C:\F66ddEKZ9hTXjUe
2011-11-09 02:03:19 -------- d-----w- C:\lvvvS22ob3pm5aJ
2011-11-09 02:03:15 -------- d-----w- C:\rOONyxxA0vS2bFp
2011-11-09 02:03:11 -------- d-----w- C:\WttxxA00uc2i
2011-11-09 02:03:06 -------- d-----w- C:\OWWWJ77fEL8TqYC
2011-11-09 02:03:02 -------- d-----w- C:\n3oonnF4a
2011-11-09 02:01:56 -------- d-----w- C:\NjUCelIBrPy
2011-11-09 02:00:56 -------- d-----w- C:\ysQJ7dEK8R9YwUe
2011-11-09 01:59:59 -------- d-----w- C:\RF4ppGGsQJ6E8RZ
2011-11-09 01:58:58 -------- d-----w- C:\nqhhYCwkVrlO
2011-11-09 01:57:59 -------- d-----w- C:\DbbF3pnGaQHdW7R
2011-11-09 01:56:59 -------- d-----w- C:\mRRZ9hhXwj
2011-11-09 01:55:57 -------- d-----w- C:\HL9hhTXqUCeIBzN
2011-11-09 01:54:57 -------- d-----w- C:\jAA1ivD2oF4pHsJ
2011-11-09 01:53:57 -------- d-----w- C:\QZZqqYYwkUr
2011-11-09 01:52:56 -------- d-----w- C:\p2oobF3pmG5a
2011-11-09 01:52:52 -------- d-----w- C:\kibbF33pn5aQ6dK
2011-11-09 01:52:48 -------- d-----w- C:\gcSS2ibD3pn
2011-11-09 01:52:44 -------- d-----w- C:\JyyccS1ivD3nFaH
2011-11-09 01:52:40 -------- d-----w- C:\X4mHWJJ7dE8gZqY
2011-11-09 01:52:35 -------- d-----w- C:\IVVeelOBtzPyc1v
2011-11-09 01:52:31 -------- d-----w- C:\RBttzyciDoF45Q7
2011-11-09 01:52:26 -------- d-----w- C:\IonF4pmHsQ7dKg9
2011-11-09 01:52:21 -------- d-----w- C:\okkUelOBtPy1iDn
2011-11-09 01:52:17 -------- d-----w- C:\kdKKgRZ9hwVeIBz
2011-11-09 01:52:12 -------- d-----w- C:\xBttzyA1uDoFp5s
2011-11-09 01:52:06 -------- d-----w- C:\immH5QJJ7EKgRhX
2011-11-09 01:52:02 -------- d-----w- C:\hddEEK8gRZ9hXwU
2011-11-09 01:51:57 -------- d-----w- C:\uiivvonF4pH5sJd
2011-11-09 01:51:52 -------- d-----w- C:\JvDD22nF4pH5sJd
2011-11-09 01:51:47 -------- d-----w- C:\s111iDDonF4pHs
2011-11-09 01:51:43 -------- d-----w- C:\BZZZ9hhTXw
2011-11-09 01:51:38 -------- d-----w- C:\B9hTXXjUCeIBzPx
2011-11-09 01:51:33 -------- d-----w- C:\OVllIIBtzPNcA
2011-11-09 01:51:28 -------- d-----w- C:\UJJ6dEK8fRZ
2011-11-09 01:51:24 -------- d-----w- C:\nRZZ99TTXwjC
2011-11-09 01:51:19 -------- d-----w- C:\gbbF4pmm5sJ6E8
2011-11-09 01:51:13 -------- d-----w- C:\NssQQJ7dEK8gZhX
2011-11-09 01:51:08 -------- d-----w- C:\ycccA1uvD2oF4mG
2011-11-09 01:51:03 -------- d-----w- C:\T99hhYXwj
2011-11-09 01:50:58 -------- d-----w- C:\kHH55sQJ7dEKgR
2011-11-09 01:50:53 -------- d-----w- C:\qVellOBtzP0y
2011-11-09 01:50:48 -------- d-----w- C:\jllOOBtzz0
2011-11-09 01:50:43 -------- d-----w- C:\VUUVVrlOB
2011-11-09 01:50:38 -------- d-----w- C:\qoonnF4aam5sW7E
2011-11-09 01:50:33 -------- d-----w- C:\hCwwkkUVrlOBxPy
2011-11-09 01:50:28 -------- d-----w- C:\foonnG44am6sW7f
2011-11-09 01:50:23 -------- d-----w- C:\wTTTZqqjYCwIVrO
2011-11-09 01:50:17 -------- d-----w- C:\wIIVVrzONtxAuc2
2011-11-09 01:50:12 -------- d-----w- C:\PGG55aQHHdWK7R9
2011-11-09 01:50:07 -------- d-----w- C:\cxAA00ucS
2011-11-09 01:50:02 -------- d-----w- C:\WTTTXqqjYCeI
2011-11-09 01:49:57 -------- d-----w- C:\aSSS22ibF3
2011-11-09 01:49:52 -------- d-----w- C:\AjUUCeekIBrz
2011-11-09 01:49:47 -------- d-----w- C:\bSS22obbF3pG5QJ
2011-11-09 01:49:42 -------- d-----w- C:\zQQJJ6ddEK8RZhT
2011-11-09 01:49:36 -------- d-----w- C:\W66ddEK8fRZhXwU
2011-11-09 01:49:31 -------- d-----w- C:\NeellIBBtzNyc1
2011-11-09 01:49:26 -------- d-----w- C:\u22oonF44
2011-11-09 01:49:21 -------- d-----w- C:\cYYYXwwkU
2011-11-09 01:49:16 -------- d-----w- C:\V0yyccS1ivD3nFa
2011-11-09 01:49:10 -------- d-----w- C:\ycccS11ibD3nGmH
2011-11-09 01:49:04 -------- d-----w- C:\OwwwkIIVrlONx
2011-11-09 01:48:59 -------- d-----w- C:\CCeekkIVrzONxA
2011-11-09 01:48:54 -------- d-----w- C:\e666dWWK7fR9gXq
2011-11-09 01:48:49 -------- d-----w- C:\ITXXqjjUC
2011-11-09 01:48:43 -------- d-----w- C:\IIBBrrzPNyxAuv2
2011-11-09 01:48:38 -------- d-----w- C:\eyyccA1uvD2oF4m
2011-11-09 01:48:33 -------- d-----w- C:\TyyycAA1uvDob4p
2011-11-09 01:48:27 -------- d-----w- C:\ND22oonF4pm
2011-11-09 01:48:22 -------- d-----w- C:\AllOOBtzzPyc1iD
2011-11-09 01:48:17 -------- d-----w- C:\mxPP00ycS1iv3oF
2011-11-09 01:48:12 -------- d-----w- C:\BuuucSS1ibDon4a
2011-11-09 01:48:07 -------- d-----w- C:\tjjjYCCwkI
2011-11-09 01:48:01 -------- d-----w- C:\QcccS11ibD3nG4m
2011-11-09 01:47:56 -------- d-----w- C:\eH66ssWK7fELgT
2011-11-09 01:47:51 -------- d-----w- C:\u77ffRL9gTXqjCk
2011-11-09 01:47:46 -------- d-----w- C:\leeekIIBrzNy
2011-11-09 01:47:40 -------- d-----w- C:\vzzzPNyyxA1vSob
2011-11-09 01:47:35 -------- d-----w- C:\DDDD2oobF4pG5QJ
2011-11-09 01:47:29 -------- d-----w- C:\xUUVVelIIBzPNc
2011-11-09 01:47:24 -------- d-----w- C:\C111iivD2onFpm5
2011-11-09 01:47:19 -------- d-----w- C:\wBBBtxxP0yc1iD3
2011-11-09 01:47:13 -------- d-----w- C:\ccSS11ibD
2011-11-09 01:47:08 -------- d-----w- C:\H3ppnnG4aQHsW7
2011-11-09 01:47:02 -------- d-----w- C:\OpppnGG4aQHsW7f
2011-11-09 01:46:57 -------- d-----w- C:\aRRLL9ggTX
2011-11-09 01:46:52 -------- d-----w- C:\ykkkIBrrzONxAuS
2011-11-09 01:46:47 -------- d-----w- C:\S111uvvS2o
2011-11-09 01:46:41 -------- d-----w- C:\JBttzzPNycA1vDo
2011-11-09 01:46:36 -------- d-----w- C:\tXXXwjjUVelIt
2011-11-09 01:46:32 -------- d-----w- C:\oPPPNNycA1uv2oF
2011-11-09 01:46:27 -------- d-----w- C:\HwjjUCCelIBrPNx
2011-11-09 01:46:22 -------- d-----w- C:\o22oobFF4pm5sJd
2011-11-09 01:46:17 -------- d-----w- C:\bKKK8ffRZ9h
2011-11-09 01:46:12 -------- d-----w- C:\H4ppmGG5sQJdEKf
2011-11-09 01:46:07 -------- d-----w- C:\FjjUUVellItzPyA
2011-11-09 01:46:02 -------- d-----w- C:\yhhhYXXwkUVlOB
2011-11-09 01:45:56 -------- d-----w- C:\jzzPP0yycA1vDon
2011-11-09 01:45:51 -------- d-----w- C:\RtttxPP0ycS1vDo
2011-11-09 01:45:46 -------- d-----w- C:\gtttxP00yS1iD3n
2011-11-09 01:45:41 -------- d-----w- C:\B11iibD33n
2011-11-09 01:45:36 -------- d-----w- C:\twkkIIVrlONtx
2011-11-09 01:45:31 -------- d-----w- C:\XooonGG4amHsW7f
2011-11-09 01:45:26 -------- d-----w- C:\wlllOOBtxP
2011-11-09 01:45:21 -------- d-----w- C:\xaaamHH6sJ7fL8T
2011-11-09 01:45:17 -------- d-----w- C:\d77ffEL88
2011-11-09 01:45:12 -------- d-----w- C:\kWJJJ7fEL8gTqhC
2011-11-09 01:45:06 -------- d-----w- C:\wgTTZZqjYC
2011-11-09 01:45:01 -------- d-----w- C:\KpppnGG4aQH6W
2011-11-09 01:44:57 -------- d-----w- C:\ylllOBBtxP0
2011-11-09 01:44:53 -------- d-----w- C:\F77dEEL8g
2011-11-09 01:44:48 -------- d-----w- C:\eP00yccS1iD3n4a
2011-11-09 01:44:43 -------- d-----w- C:\w77fEL88gTZhYwk
2011-11-09 01:44:38 -------- d-----w- C:\HssWWJ7ffE8gTqh
2011-11-09 01:44:33 -------- d-----w- C:\KibbDD3onG4mHsW
2011-11-09 01:44:28 -------- d-----w- C:\n3oonGG4amHsW7E
2011-11-09 01:44:23 -------- d-----w- C:\DYYYCwwkUVrOBxP
2011-11-09 01:44:18 -------- d-----w- C:\KqqhhCCwkUVlOtx
2011-11-09 01:44:13 -------- d-----w- C:\RHH66sWJJ7EL8Tq
2011-11-09 01:44:08 -------- d-----w- C:\zP00uccS1ibDon4
2011-11-09 01:44:04 -------- d-----w- C:\VVVVrllONtx0uS1
2011-11-09 01:42:58 -------- d-----w- C:\j55ssQJJ6dE8f
2011-11-09 01:42:53 -------- d-----w- C:\n8ffRRZ9hTXwjCl
2011-11-09 01:42:49 -------- d-----w- C:\ikIIBrrzONyx0uS
2011-11-09 01:42:44 -------- d-----w- C:\JSS22ibFF
2011-11-09 01:42:40 -------- d-----w- C:\vKK77fRRL9TXqYe
2011-11-09 01:42:35 -------- d-----w- C:\gTXXqqjYCekIrzN
2011-11-09 01:42:30 -------- d-----w- C:\errrzONNtxAuc2i
2011-11-09 01:42:26 -------- d-----w- C:\DrzzONNtxA0uS2b
2011-11-09 01:42:21 -------- d-----w- C:\HGG44aQQH6WK7E
2011-11-09 01:42:16 -------- d-----w- C:\uaaaQHH6sWKf
2011-11-09 01:42:11 -------- d-----w- C:\cqqqjYYCwkIVlOt
2011-11-09 01:42:07 -------- d-----w- C:\C111ibbD3on
2011-11-09 01:42:02 -------- d-----w- C:\PmmmH66sWJ7ELg
2011-11-09 01:41:58 -------- d-----w- C:\zZZZqhhYCwkUrlB
2011-11-09 01:41:53 -------- d-----w- C:\YwwwkUUVrlOBxPy
2011-11-09 01:41:48 -------- d-----w- C:\JDDD2oonF4pm
2011-11-09 01:41:44 -------- d-----w- C:\uEEEK88gRZ9YXjU
2011-11-09 01:41:39 -------- d-----w- C:\JEEEK88gRZ9hXwU
2011-11-09 01:41:34 -------- d-----w- C:\i88ggRZZ9hYwj
2011-11-09 01:41:30 -------- d-----w- C:\PYYXXwjUUVlIBz
2011-11-09 01:41:25 -------- d-----w- C:\HHH55sQQJ7EK8RZ
2011-11-09 01:41:19 -------- d-----w- C:\BssQJJ7dEK8gZ9Y
2011-11-09 01:41:14 -------- d-----w- C:\QsWWWJ7dEL8gRqY
2011-11-09 01:41:09 -------- d-----w- C:\EiiivvD3on
2011-11-09 01:41:04 -------- d-----w- C:\zJJ77fELL8TZqYw
2011-11-09 01:40:59 -------- d-----w- C:\knnnG44amH6
2011-11-09 01:40:54 -------- d-----w- C:\KrrllONttx0uc
2011-11-09 01:40:48 -------- d-----w- C:\RsWWKK7fEL9gZqY
2011-11-09 01:40:43 -------- d-----w- C:\NnnGG5aaQHdW7R
2011-11-09 01:40:38 -------- d-----w- C:\RkIIBBrzONyxAu
2011-11-09 01:40:32 -------- d-----w- C:\A555sQQJ6dE8fR9
2011-11-09 01:40:26 -------- d-----w- C:\LQQQJ77dEK8gZ9Y
2011-11-09 01:40:21 -------- d-----w- C:\mhhhYYXwkUVeO
2011-11-09 01:40:16 -------- d-----w- C:\ggRRZZ9hYXwjVeI
2011-11-09 01:40:12 -------- d-----w- C:\QYYYXwwjUVelBtP
2011-11-09 01:40:07 -------- d-----w- C:\HccAA1uuvDobFp
2011-11-09 01:40:03 -------- d-----w- C:\FhTTXXwjUCel
2011-11-09 01:39:58 -------- d-----w- C:\QobbFF3pmG5aJ6W
2011-11-09 01:39:54 -------- d-----w- C:\oCCCekkIBrzOyx0
2011-11-09 01:39:50 -------- d-----w- C:\DddWKK7fRL9gXqY
2011-11-09 01:39:45 -------- d-----w- C:\RCCCekkIVrONxA
2011-11-09 01:39:40 -------- d-----w- C:\wtttxAA0ucSib3p
2011-11-09 01:39:35 -------- d-----w- C:\j444aaQH6sWKfE9
2011-11-09 01:39:31 -------- d-----w- C:\SG44aaQH6sWKfE9
2011-11-09 01:39:26 -------- d-----w- C:\vGG44aQH6sWKfE9
2011-11-09 01:39:21 -------- d-----w- C:\nAAA0uccS2bD3nG
2011-11-09 01:39:15 -------- d-----w- C:\lUUUCeekIBrzNyA
2011-11-09 01:39:10 -------- d-----w- C:\jJJ66dWK8fRL9Tq
2011-11-09 01:39:04 -------- d-----w- C:\EQQQJ66dEK8fZ9T
2011-11-09 01:37:56 -------- d-----w- C:\DmHHH5sQJ7dEKgZ
2011-11-09 01:37:51 -------- d-----w- C:\XEEKK8gRRZhYXjU
2011-11-09 01:37:46 -------- d-----w- C:\SPPPNyycA1uv2oF
2011-11-09 01:37:42 -------- d-----w- C:\PRRRZ99hTXwjCl
2011-11-09 01:37:38 -------- d-----w- C:\f33ppnGG5aH6W
2011-11-09 01:37:33 -------- d-----w- C:\EUUCCeekIBrON
2011-11-09 01:37:28 -------- d-----w- C:\mffRRL9hTXqjCeI
2011-11-09 01:37:24 -------- d-----w- C:\XaQQHH6dWK7fL9T
2011-11-09 01:37:19 -------- d-----w- C:\UbbDD3pnnGa
2011-11-09 01:37:15 -------- d-----w- C:\OYYYCwwkIVrONxP
2011-11-09 01:37:11 -------- d-----w- C:\H33oonG4amH6sJf
2011-11-09 01:37:06 -------- d-----w- C:\okkkUVVelOBzPy
2011-11-09 01:37:02 -------- d-----w- C:\rDDD2oonF4pH5QJ
2011-11-09 01:35:59 -------- d-----w- C:\HKK88gRZZ9YXwU
2011-11-09 01:34:55 -------- d-----w- C:\iQQQJ77dEK
2011-11-09 01:34:51 -------- d-----w- C:\cnnnF44pmH5QJdE
2011-11-09 01:34:46 -------- d-----w- C:\GEKK88gRZ9hYwjV
2011-11-09 01:34:41 -------- d-----w- C:\Z777dEEK8gZ9hXj
2011-11-09 01:34:37 -------- d-----w- C:\LUUUVeelIBtPNcA
2011-11-09 01:34:32 -------- d-----w- C:\PFFF3pmmG5aJ6WK
2011-11-09 01:34:28 -------- d-----w- C:\T99hhTXXq
2011-11-09 01:34:23 -------- d-----w- C:\IAAA11uvS2ob3pG
2011-11-09 01:34:18 -------- d-----w- C:\xRRRL99hTXqjCeI
2011-11-09 01:34:14 -------- d-----w- C:\CqqjjUCCekBrzNx
2011-11-09 01:34:09 -------- d-----w- C:\zF33ppnG5aQHd
2011-11-09 01:34:05 -------- d-----w- C:\sQQHH6dWK7fRLg
2011-11-09 01:34:00 -------- d-----w- C:\oibbbD3pnG4aQ6W
2011-11-09 01:33:55 -------- d-----w- C:\xnnnG44aQH6WKfE
2011-11-09 01:33:50 -------- d-----w- C:\hZZZqjjYCwIr
2011-11-09 01:33:45 -------- d-----w- C:\oqqqjYYCekIVzO
2011-11-09 01:33:39 -------- d-----w- C:\IWWWK88fR
2011-11-09 01:33:35 -------- d-----w- C:\QhhTTXqjUCe
2011-11-09 01:33:29 -------- d-----w- C:\oppmmG55aQ6dW8f
2011-11-09 01:33:24 -------- d-----w- C:\VbFF33pmG5aQ
2011-11-09 01:33:20 -------- d-----w- C:\GaaQJJ6dW8fRL
2011-11-09 01:33:15 -------- d-----w- C:\TSSS2iibF3pG5aH
2011-11-09 01:33:11 -------- d-----w- C:\pekkIIVrzONtx0c
2011-11-09 01:33:06 -------- d-----w- C:\GVrrzONttA0uS
2011-11-09 01:33:02 -------- d-----w- C:\lIVVVrlONtxPuc1
2011-11-09 01:32:57 -------- d-----w- C:\j44aamH6sWJ7fLg
2011-11-09 01:32:53 -------- d-----w- C:\kmmmH6WJ7fE8gZh
2011-11-09 01:32:47 -------- d-----w- C:\PwkkIVrlOtx0Si
2011-11-08 22:38:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\ltodkcmZe
2011-11-08 22:37:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\ONiQLIunEI
2011-11-08 22:36:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\iri5gU04glvQTPF
2011-11-08 22:35:54 -------- d-----w- C:\Users\Barbara\AppData\Roaming\xdE8YjeBPc1
2011-11-08 22:34:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\XSpHfXkNc3EISHZ
2011-11-08 22:33:55 -------- d-----w- C:\Users\Barbara\AppData\Roaming\YushzbWUAGLV26q
2011-11-08 22:32:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\Y0v4Qd8gR9YwUeI
2011-11-08 22:31:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\vd8wIushzFKC05T
2011-11-08 22:30:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\TYt37UiQYPF8
2011-11-08 22:29:52 -------- d-----w- C:\Users\Barbara\AppData\Roaming\glNvpWXOiHTxaq0
2011-11-08 22:28:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\rgjeVONxu2Dnas7
2011-11-08 22:27:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\OGemIHNK0LuE0
2011-11-08 22:26:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\CXN37wuaglimLw0
2011-11-08 22:25:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\VGQd8ZXUl
2011-11-08 22:24:54 -------- d-----w- C:\Users\Barbara\AppData\Roaming\r27YBum8jP2JhI0
2011-11-08 22:23:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\RBmwDZc6IpXv7z
2011-11-08 22:22:53 -------- d-----w- C:\Users\Barbara\AppData\Roaming\fjYCekIrzt0ci
2011-11-08 22:21:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\xtD5gUNoQZCybJ9
2011-11-08 22:20:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\cWchF094BWvqat8
2011-11-08 22:19:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\lFVHemC2J
2011-11-08 22:18:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\YpmG5QJ6dKfLh
2011-11-08 22:17:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\VSvo4HW7d8ZYklt
2011-11-08 22:16:58 -------- d-----w- C:\Users\Barbara\AppData\Roaming\RA1uvS2ob3m5Q6W
2011-11-08 22:15:57 -------- d-----w- C:\Users\Barbara\AppData\Roaming\VLwxDsTry
2011-11-08 22:14:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\qzva9ridC0HZNDW
2011-11-08 22:13:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\zrzOAcibp4
2011-11-08 22:12:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\Je60Znld1XGP
2011-11-08 22:11:55 -------- d-----w- C:\Users\Barbara\AppData\Roaming\xHq2EOGT0HwidU1
2011-11-08 22:10:59 -------- d-----w- C:\Users\Barbara\AppData\Roaming\kP1oJLjB0pWXrAi
2011-11-08 22:08:14 -------- d-----w- C:\Windows\SysWow64\wD2obF4pm5Q6E8R
2011-11-08 22:08:13 -------- d-----w- C:\BxP0ycS1iDoFaHs
2011-11-08 22:08:09 -------- d-----w- C:\KqhYXwkUVlBz0c1
2011-11-08 22:08:05 -------- d-----w- C:\ztzPNycA1v2b4m5
2011-11-08 22:08:01 -------- d-----w- C:\jTXqjUCekBzNx0v
2011-11-08 22:06:59 -------- d-----w- C:\CxA0ucS2iDpGaHs
2011-11-08 22:05:56 -------- d-----w- C:\zaQH6sWK7E9Tq
2011-11-08 22:04:59 -------- d-----w- C:\bHHH55sWJ7dE8gZ
2011-11-08 22:04:55 -------- d-----w- C:\NZZ9hYYXwUVeIBz
2011-11-08 22:04:51 -------- d-----w- C:\OjUUCelIBzPNx1v
2011-11-08 22:04:47 -------- d-----w- C:\nK7fRL9gTqYeIrO
2011-11-08 22:04:43 -------- d-----w- C:\iONtxP0uc1
2011-11-08 22:04:39 -------- d-----w- C:\HmH5sWJ7dLgZhX
2011-11-08 22:04:35 -------- d-----w- C:\S8gRZ9hYXjVlB
2011-11-08 22:04:31 -------- d-----w- C:\NEK8fRZ9hXjClBz
2011-11-08 22:04:27 -------- d-----w- C:\fNyxA0uvSi
2011-11-08 22:04:24 -------- d-----w- C:\KWK7fEL9gZjCkVl
2011-11-08 22:04:20 -------- d-----w- C:\XVrrlOBtx0yc1v3
2011-11-07 22:54:46 438272 --sh--w- C:\Program Files (x86)\Common Files\nfxkj.exe
2011-11-07 22:54:20 438272 --sh--w- C:\Program Files (x86)\Common Files\chkcu.exe
2011-11-07 22:53:57 438272 --sh--w- C:\Program Files (x86)\Common Files\dnbsr.exe
2011-11-07 22:01:41 438272 --sh--w- C:\Program Files (x86)\Common Files\ubjd.exe
2011-11-07 22:01:02 438272 --sh--w- C:\Program Files (x86)\Common Files\cofje.exe
2011-11-07 22:00:05 438272 --sh--w- C:\Program Files (x86)\Common Files\rfrw.exe
2011-11-05 14:24:14 487424 --sha-w- C:\Windows\SysWow64\abucl.exe
2011-11-05 14:24:10 487424 --sha-w- C:\Windows\SysWow64\htcyw.exe
2011-11-05 14:24:03 487424 --sh--w- C:\Windows\SysWow64\nbvz.exe
2011-11-05 14:23:51 487424 --sh--w- C:\Windows\SysWow64\ysbn.exe
2011-11-05 14:23:47 487424 --sh--w- C:\Windows\SysWow64\clofy.exe
2011-11-05 14:23:29 487424 --sh--w- C:\Windows\SysWow64\llgc.exe
2011-11-05 14:23:19 487424 --sh--w- C:\Windows\SysWow64\tnjcy.exe
2011-11-05 14:23:07 487424 --sh--w- C:\Windows\SysWow64\ixulg.exe
2011-11-05 14:23:03 487424 --sh--w- C:\Windows\SysWow64\bqyg.exe
2011-11-05 14:22:47 487424 --sh--w- C:\Windows\SysWow64\jocn.exe
2011-11-05 14:22:46 487424 --sh--w- C:\Windows\SysWow64\fvjc.exe
2011-11-05 14:22:36 487424 --sh--w- C:\Windows\SysWow64\batgz.exe
2011-11-05 14:22:31 487424 --sh--w- C:\Windows\SysWow64\eqmbo.exe
2011-11-05 14:22:20 487424 --sh--w- C:\Windows\SysWow64\djsrv.exe
2011-11-05 14:22:09 487424 --sh--w- C:\Windows\SysWow64\xsbe.exe
2011-11-05 14:22:00 487424 --sh--w- C:\Windows\SysWow64\nzgu.exe
2011-11-05 14:21:53 487424 --sh--w- C:\Windows\SysWow64\rolz.exe
2011-11-05 14:21:31 487424 --sh--w- C:\Windows\SysWow64\suic.exe
2011-11-05 14:21:26 487424 --sh--w- C:\Windows\SysWow64\rrmv.exe
2011-11-05 14:21:08 487424 --sh--w- C:\Windows\SysWow64\wkmuz.exe
2011-11-05 14:20:58 487424 --sh--w- C:\Windows\SysWow64\wwop.exe
2011-11-05 14:20:40 487424 --sh--w- C:\Windows\SysWow64\hxzmy.exe
2011-11-05 14:20:33 487424 --sh--w- C:\Windows\SysWow64\cowj.exe
2011-11-05 14:20:30 487424 --sh--w- C:\Windows\SysWow64\wxyws.exe
2011-11-05 14:20:04 487424 --sh--w- C:\Windows\SysWow64\tmrww.exe
2011-11-05 14:19:47 487424 --sh--w- C:\Windows\SysWow64\ndxd.exe
2011-11-05 14:19:21 487424 --sh--w- C:\Windows\SysWow64\npfnm.exe
2011-11-05 14:19:07 487424 --sh--w- C:\Windows\SysWow64\vsel.exe
2011-11-05 14:18:49 487424 --sh--w- C:\Windows\SysWow64\cyruy.exe
2011-11-05 14:18:39 30 ----a-w- C:\Windows\SysWow64\del.tmp
2011-11-05 14:18:38 487424 --sh--w- C:\Windows\SysWow64\cvgw.exe
2011-11-04 14:32:29 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-11-04 14:05:55 -------- d-----we C:\Windows\system64
.
==================== Find3M ====================
.
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
.
============= FINISH: 11:20:35.89 ===============

Attached is the attached.txt file.


Don

Attached Files



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 22 November 2011 - 02:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428294 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:50 PM

Posted 22 November 2011 - 02:23 PM

Moderator note: Current logs were posted about an hour before HelpBot's reply. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 PM

Posted 22 November 2011 - 03:22 PM

Hello Don K K,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 PM

Posted 26 November 2011 - 12:15 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Don K K

Don K K
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 26 November 2011 - 01:27 PM

fireman4it , I am still here. I had been out of town for Thanksgiving, but am back now, and looking forward to finishing this. Thank you in advance for your time and efforts. I have 2 tdss files, one from the first time I worked on her computer fighting System Restore, (TDSSKiller did find a file), and a log from Wednesday, when I did the last run. Also attached is the combofix.txt log, which took some time to produce. I started the program Wednesday before leaving to go out of town, and when I returned Friday night, the computer was locked and I could not get a screen back. I turned off the computer and rebooted, and combofix began producing a report. Some time Saturday morning the program finished, which means it took 8-10 hours to complete, (the computer may have hibernated during some of that time,) but the log appeared on the screen and I am pasting it below.
Now that ComboFix is finished, Windows Firewall is back on, but Microsoft Security Essentials does not appear to be installed anymore. We still have garbage folders in the C:\ directory, and the start menu has some missing program entries, (the folders are still there but they show "empty" where the shortcut to the executable should be.) The computer is not connected to the internet so I have not tried to use Firefox or IE to test for popups. Here are the files you requested:

14:21:19.0128 3056 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
14:21:19.0752 3056 ============================================================
14:21:19.0752 3056 Current date / time: 2011/11/07 14:21:19.0752
14:21:19.0752 3056 SystemInfo:
14:21:19.0752 3056
14:21:19.0752 3056 OS Version: 6.0.6002 ServicePack: 2.0
14:21:19.0752 3056 Product type: Workstation
14:21:19.0752 3056 ComputerName: GLOVER-VISTA
14:21:19.0752 3056 UserName: Barbara
14:21:19.0752 3056 Windows directory: C:\Windows
14:21:19.0752 3056 System windows directory: C:\Windows
14:21:19.0752 3056 Running under WOW64
14:21:19.0752 3056 Processor architecture: Intel x64
14:21:19.0752 3056 Number of processors: 4
14:21:19.0752 3056 Page size: 0x1000
14:21:19.0752 3056 Boot type: Safe boot with network
14:21:19.0752 3056 ============================================================
14:21:23.0824 3056 Initialize success
14:21:28.0816 2356 ============================================================
14:21:28.0816 2356 Scan started
14:21:28.0816 2356 Mode: Manual;
14:21:28.0816 2356 ============================================================
14:21:34.0354 2356 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:21:34.0370 2356 ACPI - ok
14:21:34.0572 2356 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:21:34.0619 2356 adp94xx - ok
14:21:34.0728 2356 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:21:34.0775 2356 adpahci - ok
14:21:34.0884 2356 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:21:34.0900 2356 adpu160m - ok
14:21:34.0962 2356 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:21:34.0994 2356 adpu320 - ok
14:21:35.0134 2356 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
14:21:35.0165 2356 AFD - ok
14:21:35.0540 2356 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys
14:21:35.0633 2356 AgereSoftModem - ok
14:21:35.0711 2356 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:21:35.0727 2356 agp440 - ok
14:21:35.0898 2356 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:21:35.0945 2356 aic78xx - ok
14:21:36.0132 2356 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:21:36.0164 2356 aliide - ok
14:21:36.0242 2356 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:21:36.0257 2356 amdide - ok
14:21:36.0382 2356 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:21:36.0382 2356 AmdK8 - ok
14:21:36.0522 2356 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:21:36.0538 2356 arc - ok
14:21:36.0585 2356 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:21:36.0600 2356 arcsas - ok
14:21:36.0647 2356 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:36.0678 2356 AsyncMac - ok
14:21:36.0772 2356 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:21:36.0772 2356 atapi - ok
14:21:37.0646 2356 atikmdag (0746ea434a4693251c7d3be3cccc77d6) C:\Windows\system32\DRIVERS\atikmdag.sys
14:21:38.0114 2356 atikmdag - ok
14:21:38.0363 2356 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:21:38.0379 2356 AtiPcie - ok
14:21:38.0644 2356 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:21:38.0675 2356 blbdrive - ok
14:21:38.0816 2356 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:21:38.0847 2356 bowser - ok
14:21:38.0956 2356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:21:38.0956 2356 BrFiltLo - ok
14:21:39.0065 2356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:21:39.0081 2356 BrFiltUp - ok
14:21:39.0206 2356 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:21:39.0221 2356 Brserid - ok
14:21:39.0486 2356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:21:39.0533 2356 BrSerWdm - ok
14:21:39.0658 2356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:21:39.0689 2356 BrUsbMdm - ok
14:21:39.0752 2356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:21:39.0783 2356 BrUsbSer - ok
14:21:39.0908 2356 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:21:39.0923 2356 BTHMODEM - ok
14:21:40.0157 2356 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:21:40.0204 2356 cdfs - ok
14:21:40.0376 2356 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:21:40.0391 2356 cdrom - ok
14:21:40.0485 2356 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:21:40.0500 2356 circlass - ok
14:21:40.0625 2356 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:21:40.0656 2356 CLFS - ok
14:21:40.0812 2356 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:21:40.0812 2356 cmdide - ok
14:21:40.0906 2356 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
14:21:40.0953 2356 Compbatt - ok
14:21:41.0140 2356 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:21:41.0156 2356 crcdisk - ok
14:21:41.0390 2356 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:21:41.0436 2356 DfsC - ok
14:21:41.0561 2356 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:21:41.0577 2356 disk - ok
14:21:41.0702 2356 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:21:41.0702 2356 drmkaud - ok
14:21:41.0858 2356 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:21:41.0951 2356 DXGKrnl - ok
14:21:42.0060 2356 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:21:42.0076 2356 E1G60 - ok
14:21:42.0216 2356 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:21:42.0263 2356 Ecache - ok
14:21:42.0482 2356 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:21:42.0560 2356 elxstor - ok
14:21:42.0731 2356 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:21:42.0731 2356 ErrDev - ok
14:21:42.0934 2356 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:21:42.0965 2356 exfat - ok
14:21:43.0090 2356 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:21:43.0106 2356 fastfat - ok
14:21:43.0230 2356 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:21:43.0246 2356 fdc - ok
14:21:43.0308 2356 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:21:43.0324 2356 FileInfo - ok
14:21:43.0433 2356 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:21:43.0433 2356 Filetrace - ok
14:21:43.0527 2356 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:43.0542 2356 flpydisk - ok
14:21:43.0620 2356 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:21:43.0667 2356 FltMgr - ok
14:21:43.0823 2356 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:21:43.0823 2356 Fs_Rec - ok
14:21:43.0917 2356 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:21:43.0932 2356 gagp30kx - ok
14:21:44.0182 2356 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:21:44.0213 2356 HdAudAddService - ok
14:21:44.0354 2356 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:21:44.0432 2356 HDAudBus - ok
14:21:44.0525 2356 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:21:44.0525 2356 HidBth - ok
14:21:44.0634 2356 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:21:44.0634 2356 HidIr - ok
14:21:44.0728 2356 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:21:44.0728 2356 HidUsb - ok
14:21:44.0853 2356 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:21:44.0884 2356 HpCISSs - ok
14:21:45.0071 2356 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:21:45.0118 2356 HTTP - ok
14:21:45.0196 2356 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:21:45.0212 2356 i2omp - ok
14:21:45.0321 2356 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:21:45.0321 2356 i8042prt - ok
14:21:45.0461 2356 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:21:45.0508 2356 iaStorV - ok
14:21:45.0664 2356 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:21:45.0680 2356 iirsp - ok
14:21:45.0882 2356 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
14:21:45.0914 2356 int15 - ok
14:21:46.0163 2356 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys
14:21:46.0210 2356 IntcAzAudAddService - ok
14:21:46.0288 2356 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:21:46.0304 2356 intelide - ok
14:21:46.0382 2356 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:21:46.0397 2356 intelppm - ok
14:21:46.0475 2356 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:46.0491 2356 IpFilterDriver - ok
14:21:46.0553 2356 IpInIp - ok
14:21:46.0647 2356 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:21:46.0678 2356 IPMIDRV - ok
14:21:46.0756 2356 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:21:46.0756 2356 IPNAT - ok
14:21:46.0803 2356 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:21:46.0818 2356 IRENUM - ok
14:21:46.0959 2356 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:21:46.0959 2356 isapnp - ok
14:21:47.0068 2356 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:21:47.0084 2356 iScsiPrt - ok
14:21:47.0162 2356 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:21:47.0162 2356 iteatapi - ok
14:21:47.0286 2356 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:21:47.0302 2356 iteraid - ok
14:21:47.0380 2356 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:47.0380 2356 kbdclass - ok
14:21:47.0474 2356 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:21:47.0474 2356 kbdhid - ok
14:21:47.0645 2356 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
14:21:47.0692 2356 KSecDD - ok
14:21:47.0770 2356 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:21:47.0786 2356 ksthunk - ok
14:21:47.0848 2356 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:47.0848 2356 lltdio - ok
14:21:47.0942 2356 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:21:47.0957 2356 LSI_FC - ok
14:21:48.0113 2356 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:21:48.0113 2356 LSI_SAS - ok
14:21:48.0222 2356 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:21:48.0254 2356 LSI_SCSI - ok
14:21:48.0363 2356 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:21:48.0363 2356 luafv - ok
14:21:48.0456 2356 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:21:48.0488 2356 megasas - ok
14:21:48.0628 2356 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:21:48.0706 2356 MegaSR - ok
14:21:48.0800 2356 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:21:48.0800 2356 Modem - ok
14:21:48.0924 2356 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:21:48.0940 2356 monitor - ok
14:21:49.0034 2356 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:21:49.0049 2356 mouclass - ok
14:21:49.0127 2356 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:49.0143 2356 mouhid - ok
14:21:49.0174 2356 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:21:49.0205 2356 MountMgr - ok
14:21:49.0377 2356 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
14:21:49.0392 2356 MpFilter - ok
14:21:49.0439 2356 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:21:49.0439 2356 mpio - ok
14:21:49.0533 2356 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:21:49.0533 2356 MpNWMon - ok
14:21:49.0626 2356 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:21:49.0642 2356 mpsdrv - ok
14:21:49.0720 2356 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:21:49.0720 2356 Mraid35x - ok
14:21:49.0845 2356 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:21:49.0876 2356 MRxDAV - ok
14:21:49.0970 2356 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:49.0985 2356 mrxsmb - ok
14:21:50.0079 2356 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:50.0094 2356 mrxsmb10 - ok
14:21:50.0188 2356 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:50.0188 2356 mrxsmb20 - ok
14:21:50.0313 2356 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:21:50.0328 2356 msahci - ok
14:21:50.0406 2356 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:21:50.0406 2356 msdsm - ok
14:21:50.0562 2356 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:21:50.0578 2356 Msfs - ok
14:21:50.0734 2356 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:21:50.0765 2356 msisadrv - ok
14:21:50.0874 2356 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:50.0921 2356 MSKSSRV - ok
14:21:51.0015 2356 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:51.0030 2356 MSPCLOCK - ok
14:21:51.0296 2356 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:21:51.0311 2356 MSPQM - ok
14:21:51.0498 2356 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:21:51.0545 2356 MsRPC - ok
14:21:51.0592 2356 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:21:51.0608 2356 mssmbios - ok
14:21:51.0654 2356 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:21:51.0670 2356 MSTEE - ok
14:21:51.0779 2356 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:21:51.0810 2356 Mup - ok
14:21:51.0966 2356 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:51.0998 2356 NativeWifiP - ok
14:21:52.0232 2356 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:21:52.0356 2356 NDIS - ok
14:21:52.0497 2356 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:52.0497 2356 NdisTapi - ok
14:21:52.0622 2356 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:52.0637 2356 Ndisuio - ok
14:21:52.0746 2356 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:52.0778 2356 NdisWan - ok
14:21:52.0840 2356 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:21:52.0856 2356 NDProxy - ok
14:21:52.0980 2356 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:21:52.0980 2356 NetBIOS - ok
14:21:53.0121 2356 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:21:53.0152 2356 netbt - ok
14:21:53.0230 2356 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:21:53.0246 2356 nfrd960 - ok
14:21:53.0339 2356 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:21:53.0339 2356 NisDrv - ok
14:21:53.0448 2356 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:21:53.0480 2356 Npfs - ok
14:21:53.0589 2356 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:21:53.0604 2356 nsiproxy - ok
14:21:53.0823 2356 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:21:53.0948 2356 Ntfs - ok
14:21:54.0041 2356 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:21:54.0041 2356 Null - ok
14:21:54.0119 2356 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:21:54.0135 2356 nvraid - ok
14:21:54.0228 2356 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:21:54.0244 2356 nvstor - ok
14:21:54.0306 2356 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:21:54.0338 2356 nv_agp - ok
14:21:54.0384 2356 NwlnkFlt - ok
14:21:54.0447 2356 NwlnkFwd - ok
14:21:54.0540 2356 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:21:54.0556 2356 ohci1394 - ok
14:21:54.0712 2356 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
14:21:54.0774 2356 Parport - ok
14:21:54.0946 2356 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
14:21:54.0962 2356 partmgr - ok
14:21:55.0024 2356 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:21:55.0024 2356 pci - ok
14:21:55.0086 2356 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:21:55.0086 2356 pciide - ok
14:21:55.0196 2356 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:21:55.0211 2356 pcmcia - ok
14:21:55.0430 2356 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:21:55.0476 2356 PEAUTH - ok
14:21:55.0632 2356 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:55.0632 2356 PptpMiniport - ok
14:21:55.0664 2356 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
14:21:55.0695 2356 Processor - ok
14:21:55.0820 2356 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:21:55.0835 2356 PSched - ok
14:21:56.0007 2356 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:21:56.0241 2356 ql2300 - ok
14:21:56.0350 2356 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:21:56.0366 2356 ql40xx - ok
14:21:56.0459 2356 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:21:56.0475 2356 QWAVEdrv - ok
14:21:56.0553 2356 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:56.0553 2356 RasAcd - ok
14:21:56.0693 2356 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:56.0709 2356 Rasl2tp - ok
14:21:56.0771 2356 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:56.0771 2356 RasPppoe - ok
14:21:56.0974 2356 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:56.0990 2356 RasSstp - ok
14:21:57.0161 2356 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:57.0177 2356 rdbss - ok
14:21:57.0270 2356 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:57.0286 2356 RDPCDD - ok
14:21:57.0364 2356 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:21:57.0380 2356 rdpdr - ok
14:21:57.0458 2356 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:21:57.0473 2356 RDPENCDD - ok
14:21:57.0536 2356 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
14:21:57.0551 2356 RDPWD - ok
14:21:57.0754 2356 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:57.0770 2356 rspndr - ok
14:21:57.0972 2356 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
14:21:58.0004 2356 RTHDMIAzAudService - ok
14:21:58.0113 2356 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
14:21:58.0113 2356 RTSTOR - ok
14:21:58.0238 2356 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:21:58.0253 2356 sbp2port - ok
14:21:58.0300 2356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:58.0316 2356 secdrv - ok
14:21:58.0394 2356 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
14:21:58.0394 2356 Serenum - ok
14:21:58.0472 2356 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
14:21:58.0503 2356 Serial - ok
14:21:58.0550 2356 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:21:58.0565 2356 sermouse - ok
14:21:58.0612 2356 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:21:58.0612 2356 sffdisk - ok
14:21:58.0674 2356 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:58.0674 2356 sffp_mmc - ok
14:21:58.0799 2356 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:21:58.0830 2356 sffp_sd - ok
14:21:58.0908 2356 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
14:21:58.0924 2356 sfloppy - ok
14:21:59.0018 2356 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:21:59.0018 2356 SiSRaid2 - ok
14:21:59.0080 2356 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:21:59.0096 2356 SiSRaid4 - ok
14:21:59.0236 2356 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:21:59.0252 2356 Smb - ok
14:21:59.0361 2356 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:21:59.0361 2356 spldr - ok
14:21:59.0501 2356 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:21:59.0548 2356 srv - ok
14:21:59.0642 2356 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:21:59.0657 2356 srv2 - ok
14:21:59.0735 2356 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:59.0751 2356 srvnet - ok
14:21:59.0891 2356 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:21:59.0922 2356 swenum - ok
14:21:59.0985 2356 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:22:00.0000 2356 Symc8xx - ok
14:22:00.0078 2356 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:22:00.0094 2356 Sym_hi - ok
14:22:00.0188 2356 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:22:00.0203 2356 Sym_u3 - ok
14:22:00.0468 2356 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys
14:22:00.0562 2356 Tcpip - ok
14:22:00.0702 2356 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:00.0702 2356 Tcpip6 - ok
14:22:00.0780 2356 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys
14:22:00.0796 2356 tcpipreg - ok
14:22:00.0905 2356 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:22:00.0936 2356 TDPIPE - ok
14:22:01.0092 2356 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:22:01.0108 2356 TDTCP - ok
14:22:01.0280 2356 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:22:01.0295 2356 tdx - ok
14:22:01.0373 2356 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:22:01.0389 2356 TermDD - ok
14:22:01.0545 2356 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:01.0560 2356 tssecsrv - ok
14:22:01.0685 2356 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:22:01.0685 2356 tunmp - ok
14:22:01.0810 2356 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:01.0826 2356 tunnel - ok
14:22:01.0919 2356 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:22:01.0935 2356 uagp35 - ok
14:22:02.0060 2356 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:22:02.0091 2356 udfs - ok
14:22:02.0216 2356 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:22:02.0216 2356 uliagpkx - ok
14:22:02.0325 2356 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:22:02.0356 2356 uliahci - ok
14:22:02.0418 2356 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:22:02.0450 2356 UlSata - ok
14:22:02.0559 2356 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:22:02.0574 2356 ulsata2 - ok
14:22:02.0668 2356 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:22:02.0668 2356 umbus - ok
14:22:02.0824 2356 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:02.0840 2356 usbccgp - ok
14:22:02.0933 2356 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:22:02.0933 2356 usbcir - ok
14:22:03.0058 2356 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:03.0074 2356 usbehci - ok
14:22:03.0152 2356 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:03.0167 2356 usbhub - ok
14:22:03.0261 2356 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
14:22:03.0276 2356 usbohci - ok
14:22:03.0354 2356 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:22:03.0370 2356 usbprint - ok
14:22:03.0464 2356 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:22:03.0464 2356 usbscan - ok
14:22:03.0573 2356 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:03.0573 2356 USBSTOR - ok
14:22:03.0682 2356 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:03.0713 2356 usbuhci - ok
14:22:03.0776 2356 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:03.0807 2356 vga - ok
14:22:03.0900 2356 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:22:03.0916 2356 VgaSave - ok
14:22:04.0025 2356 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:22:04.0041 2356 viaide - ok
14:22:04.0181 2356 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:22:04.0197 2356 volmgr - ok
14:22:04.0290 2356 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:22:04.0337 2356 volmgrx - ok
14:22:04.0462 2356 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:22:04.0493 2356 volsnap - ok
14:22:04.0587 2356 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:22:04.0602 2356 vsmraid - ok
14:22:04.0727 2356 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:22:04.0743 2356 WacomPen - ok
14:22:04.0836 2356 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:04.0836 2356 Wanarp - ok
14:22:04.0852 2356 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:04.0852 2356 Wanarpv6 - ok
14:22:04.0946 2356 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:22:04.0946 2356 Wd - ok
14:22:05.0180 2356 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:22:05.0226 2356 Wdf01000 - ok
14:22:05.0398 2356 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
14:22:05.0398 2356 WmiAcpi - ok
14:22:05.0507 2356 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:22:05.0507 2356 ws2ifsl - ok
14:22:05.0663 2356 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:05.0679 2356 WUDFRd - ok
14:22:06.0006 2356 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
14:22:06.0022 2356 yukonx64 - ok
14:22:06.0038 2356 MBR (0x1B8) (7557511a3531e58059c29908427f69a5) \Device\Harddisk0\DR0
14:22:06.0038 2356 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
14:22:06.0038 2356 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
14:22:06.0069 2356 Boot (0x1200) (4095eb59d8b26087687d26edc79b90c5) \Device\Harddisk0\DR0\Partition0
14:22:06.0084 2356 \Device\Harddisk0\DR0\Partition0 - ok
14:22:06.0084 2356 ============================================================
14:22:06.0084 2356 Scan finished
14:22:06.0084 2356 ============================================================
14:22:06.0116 1284 Detected object count: 1
14:22:06.0116 1284 Actual detected object count: 1
14:22:18.0018 1284 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
14:22:18.0034 1284 \Device\Harddisk0\DR0 - ok
14:22:18.0034 1284 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
14:23:02.0900 1640 Deinitialize success

10:15:57.0782 4732 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
10:15:57.0813 4732 ============================================================
10:15:57.0814 4732 Current date / time: 2011/11/23 10:15:57.0813
10:15:57.0814 4732 SystemInfo:
10:15:57.0814 4732
10:15:57.0814 4732 OS Version: 6.0.6002 ServicePack: 2.0
10:15:57.0814 4732 Product type: Workstation
10:15:57.0814 4732 ComputerName: GLOVER-VISTA
10:15:57.0814 4732 UserName: Barbara
10:15:57.0814 4732 Windows directory: C:\Windows
10:15:57.0814 4732 System windows directory: C:\Windows
10:15:57.0814 4732 Running under WOW64
10:15:57.0814 4732 Processor architecture: Intel x64
10:15:57.0814 4732 Number of processors: 4
10:15:57.0814 4732 Page size: 0x1000
10:15:57.0814 4732 Boot type: Normal boot
10:15:57.0814 4732 ============================================================
10:15:59.0132 4732 Initialize success
10:16:01.0662 2640 ============================================================
10:16:01.0662 2640 Scan started
10:16:01.0662 2640 Mode: Manual;
10:16:01.0662 2640 ============================================================
10:16:02.0863 2640 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:16:02.0877 2640 ACPI - ok
10:16:02.0948 2640 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:16:02.0965 2640 adp94xx - ok
10:16:02.0977 2640 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:16:02.0983 2640 adpahci - ok
10:16:02.0991 2640 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:16:02.0994 2640 adpu160m - ok
10:16:03.0004 2640 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:16:03.0006 2640 adpu320 - ok
10:16:03.0044 2640 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
10:16:03.0049 2640 AFD - ok
10:16:03.0104 2640 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys
10:16:03.0130 2640 AgereSoftModem - ok
10:16:03.0159 2640 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:16:03.0161 2640 agp440 - ok
10:16:03.0182 2640 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:16:03.0184 2640 aic78xx - ok
10:16:03.0194 2640 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:16:03.0195 2640 aliide - ok
10:16:03.0205 2640 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:16:03.0206 2640 amdide - ok
10:16:03.0227 2640 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:16:03.0228 2640 AmdK8 - ok
10:16:03.0252 2640 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:16:03.0254 2640 arc - ok
10:16:03.0263 2640 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:16:03.0265 2640 arcsas - ok
10:16:03.0284 2640 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:03.0285 2640 AsyncMac - ok
10:16:03.0309 2640 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:16:03.0310 2640 atapi - ok
10:16:03.0483 2640 atikmdag (0746ea434a4693251c7d3be3cccc77d6) C:\Windows\system32\DRIVERS\atikmdag.sys
10:16:03.0582 2640 atikmdag - ok
10:16:03.0603 2640 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:16:03.0604 2640 AtiPcie - ok
10:16:03.0643 2640 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:16:03.0645 2640 blbdrive - ok
10:16:03.0665 2640 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:16:03.0666 2640 bowser - ok
10:16:03.0692 2640 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:16:03.0694 2640 BrFiltLo - ok
10:16:03.0711 2640 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:16:03.0712 2640 BrFiltUp - ok
10:16:03.0737 2640 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:16:03.0738 2640 Brserid - ok
10:16:03.0746 2640 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:16:03.0747 2640 BrSerWdm - ok
10:16:03.0756 2640 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:16:03.0757 2640 BrUsbMdm - ok
10:16:03.0783 2640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:16:03.0785 2640 BrUsbSer - ok
10:16:03.0806 2640 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:16:03.0808 2640 BTHMODEM - ok
10:16:03.0826 2640 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:16:03.0828 2640 cdfs - ok
10:16:03.0857 2640 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:16:03.0859 2640 cdrom - ok
10:16:03.0871 2640 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
10:16:03.0872 2640 circlass - ok
10:16:03.0903 2640 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:16:03.0909 2640 CLFS - ok
10:16:03.0954 2640 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:16:03.0955 2640 cmdide - ok
10:16:03.0963 2640 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:16:03.0964 2640 Compbatt - ok
10:16:03.0976 2640 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:16:03.0977 2640 crcdisk - ok
10:16:04.0038 2640 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:16:04.0040 2640 DfsC - ok
10:16:04.0088 2640 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:16:04.0089 2640 disk - ok
10:16:04.0122 2640 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:16:04.0123 2640 drmkaud - ok
10:16:04.0162 2640 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:16:04.0169 2640 DXGKrnl - ok
10:16:04.0194 2640 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:16:04.0196 2640 E1G60 - ok
10:16:04.0230 2640 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:16:04.0233 2640 Ecache - ok
10:16:04.0267 2640 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:16:04.0276 2640 elxstor - ok
10:16:04.0300 2640 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:16:04.0301 2640 ErrDev - ok
10:16:04.0344 2640 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:16:04.0348 2640 exfat - ok
10:16:04.0379 2640 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:16:04.0382 2640 fastfat - ok
10:16:04.0400 2640 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:16:04.0401 2640 fdc - ok
10:16:04.0417 2640 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:16:04.0419 2640 FileInfo - ok
10:16:04.0444 2640 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:16:04.0445 2640 Filetrace - ok
10:16:04.0454 2640 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:16:04.0455 2640 flpydisk - ok
10:16:04.0492 2640 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:16:04.0496 2640 FltMgr - ok
10:16:04.0522 2640 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:16:04.0523 2640 Fs_Rec - ok
10:16:04.0546 2640 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:16:04.0548 2640 gagp30kx - ok
10:16:04.0590 2640 gbridge (830e853d557da8f4d9449699e53cbee0) C:\Windows\system32\DRIVERS\gbridge64.sys
10:16:04.0590 2640 gbridge - ok
10:16:04.0647 2640 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:16:04.0652 2640 HdAudAddService - ok
10:16:04.0696 2640 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:16:04.0713 2640 HDAudBus - ok
10:16:04.0723 2640 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:16:04.0724 2640 HidBth - ok
10:16:04.0745 2640 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
10:16:04.0747 2640 HidIr - ok
10:16:04.0794 2640 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:16:04.0795 2640 HidUsb - ok
10:16:04.0815 2640 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:16:04.0817 2640 HpCISSs - ok
10:16:04.0847 2640 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:16:04.0872 2640 HTTP - ok
10:16:04.0884 2640 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:16:04.0886 2640 i2omp - ok
10:16:04.0915 2640 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:16:04.0916 2640 i8042prt - ok
10:16:04.0948 2640 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:16:04.0952 2640 iaStorV - ok
10:16:04.0988 2640 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:16:04.0990 2640 iirsp - ok
10:16:05.0059 2640 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
10:16:05.0060 2640 int15 - ok
10:16:05.0124 2640 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys
10:16:05.0137 2640 IntcAzAudAddService - ok
10:16:05.0163 2640 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:16:05.0164 2640 intelide - ok
10:16:05.0173 2640 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:16:05.0174 2640 intelppm - ok
10:16:05.0221 2640 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:16:05.0234 2640 IpFilterDriver - ok
10:16:05.0244 2640 IpInIp - ok
10:16:05.0268 2640 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:16:05.0270 2640 IPMIDRV - ok
10:16:05.0287 2640 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:16:05.0289 2640 IPNAT - ok
10:16:05.0310 2640 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:16:05.0311 2640 IRENUM - ok
10:16:05.0338 2640 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:16:05.0339 2640 isapnp - ok
10:16:05.0365 2640 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:16:05.0367 2640 iScsiPrt - ok
10:16:05.0375 2640 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:16:05.0377 2640 iteatapi - ok
10:16:05.0402 2640 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:16:05.0403 2640 iteraid - ok
10:16:05.0424 2640 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:16:05.0425 2640 kbdclass - ok
10:16:05.0446 2640 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:16:05.0446 2640 kbdhid - ok
10:16:05.0482 2640 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
10:16:05.0499 2640 KSecDD - ok
10:16:05.0511 2640 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:16:05.0512 2640 ksthunk - ok
10:16:05.0542 2640 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:16:05.0543 2640 lltdio - ok
10:16:05.0561 2640 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:16:05.0564 2640 LSI_FC - ok
10:16:05.0577 2640 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:16:05.0579 2640 LSI_SAS - ok
10:16:05.0606 2640 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:16:05.0608 2640 LSI_SCSI - ok
10:16:05.0633 2640 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:16:05.0635 2640 luafv - ok
10:16:05.0646 2640 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:16:05.0647 2640 megasas - ok
10:16:05.0668 2640 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:16:05.0676 2640 MegaSR - ok
10:16:05.0696 2640 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:16:05.0697 2640 Modem - ok
10:16:05.0711 2640 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:16:05.0712 2640 monitor - ok
10:16:05.0722 2640 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:16:05.0723 2640 mouclass - ok
10:16:05.0741 2640 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:16:05.0742 2640 mouhid - ok
10:16:05.0756 2640 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:16:05.0759 2640 MountMgr - ok
10:16:05.0771 2640 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:16:05.0774 2640 mpio - ok
10:16:05.0789 2640 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:16:05.0791 2640 mpsdrv - ok
10:16:05.0839 2640 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:16:05.0840 2640 Mraid35x - ok
10:16:05.0862 2640 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:16:05.0865 2640 MRxDAV - ok
10:16:05.0904 2640 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:16:05.0906 2640 mrxsmb - ok
10:16:05.0928 2640 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:16:05.0981 2640 mrxsmb10 - ok
10:16:06.0173 2640 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:16:06.0174 2640 mrxsmb20 - ok
10:16:06.0182 2640 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:16:06.0184 2640 msahci - ok
10:16:06.0194 2640 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:16:06.0196 2640 msdsm - ok
10:16:06.0220 2640 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:16:06.0220 2640 Msfs - ok
10:16:06.0239 2640 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:16:06.0240 2640 msisadrv - ok
10:16:06.0274 2640 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:16:06.0275 2640 MSKSSRV - ok
10:16:06.0284 2640 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:16:06.0285 2640 MSPCLOCK - ok
10:16:06.0312 2640 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:16:06.0313 2640 MSPQM - ok
10:16:06.0338 2640 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:16:06.0342 2640 MsRPC - ok
10:16:06.0357 2640 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:16:06.0358 2640 mssmbios - ok
10:16:06.0377 2640 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:16:06.0378 2640 MSTEE - ok
10:16:06.0387 2640 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:16:06.0388 2640 Mup - ok
10:16:06.0432 2640 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:16:06.0434 2640 NativeWifiP - ok
10:16:06.0493 2640 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:16:06.0503 2640 NDIS - ok
10:16:06.0515 2640 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:16:06.0516 2640 NdisTapi - ok
10:16:06.0532 2640 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:16:06.0533 2640 Ndisuio - ok
10:16:06.0563 2640 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:16:06.0577 2640 NdisWan - ok
10:16:06.0597 2640 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:16:06.0598 2640 NDProxy - ok
10:16:06.0616 2640 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:16:06.0617 2640 NetBIOS - ok
10:16:06.0639 2640 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:16:06.0642 2640 netbt - ok
10:16:06.0668 2640 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:16:06.0669 2640 nfrd960 - ok
10:16:06.0699 2640 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:16:06.0700 2640 Npfs - ok
10:16:06.0712 2640 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:16:06.0713 2640 nsiproxy - ok
10:16:06.0770 2640 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:16:06.0806 2640 Ntfs - ok
10:16:06.0859 2640 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:16:06.0860 2640 Null - ok
10:16:06.0869 2640 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:16:06.0872 2640 nvraid - ok
10:16:06.0880 2640 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:16:06.0881 2640 nvstor - ok
10:16:06.0901 2640 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:16:06.0903 2640 nv_agp - ok
10:16:06.0911 2640 NwlnkFlt - ok
10:16:06.0920 2640 NwlnkFwd - ok
10:16:06.0953 2640 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:16:06.0955 2640 ohci1394 - ok
10:16:06.0978 2640 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
10:16:06.0980 2640 Parport - ok
10:16:06.0988 2640 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
10:16:06.0990 2640 partmgr - ok
10:16:07.0005 2640 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:16:07.0008 2640 pci - ok
10:16:07.0033 2640 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
10:16:07.0034 2640 pciide - ok
10:16:07.0044 2640 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:16:07.0048 2640 pcmcia - ok
10:16:07.0072 2640 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:16:07.0089 2640 PEAUTH - ok
10:16:07.0140 2640 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:16:07.0142 2640 PptpMiniport - ok
10:16:07.0156 2640 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
10:16:07.0157 2640 Processor - ok
10:16:07.0188 2640 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:16:07.0190 2640 PSched - ok
10:16:07.0221 2640 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:16:07.0247 2640 ql2300 - ok
10:16:07.0267 2640 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:16:07.0269 2640 ql40xx - ok
10:16:07.0288 2640 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:16:07.0289 2640 QWAVEdrv - ok
10:16:07.0306 2640 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:16:07.0306 2640 RasAcd - ok
10:16:07.0327 2640 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:16:07.0328 2640 Rasl2tp - ok
10:16:07.0345 2640 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:16:07.0346 2640 RasPppoe - ok
10:16:07.0362 2640 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:16:07.0364 2640 RasSstp - ok
10:16:07.0392 2640 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:16:07.0396 2640 rdbss - ok
10:16:07.0410 2640 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:16:07.0410 2640 RDPCDD - ok
10:16:07.0425 2640 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:16:07.0430 2640 rdpdr - ok
10:16:07.0438 2640 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:16:07.0438 2640 RDPENCDD - ok
10:16:07.0463 2640 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
10:16:07.0468 2640 RDPWD - ok
10:16:07.0525 2640 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:16:07.0527 2640 rspndr - ok
10:16:07.0566 2640 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
10:16:07.0567 2640 RTHDMIAzAudService - ok
10:16:07.0605 2640 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
10:16:07.0606 2640 RTSTOR - ok
10:16:07.0642 2640 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:16:07.0666 2640 sbp2port - ok
10:16:07.0694 2640 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:16:07.0695 2640 secdrv - ok
10:16:07.0712 2640 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
10:16:07.0713 2640 Serenum - ok
10:16:07.0737 2640 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
10:16:07.0739 2640 Serial - ok
10:16:07.0755 2640 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:16:07.0756 2640 sermouse - ok
10:16:07.0785 2640 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:16:07.0786 2640 sffdisk - ok
10:16:07.0795 2640 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:16:07.0796 2640 sffp_mmc - ok
10:16:07.0805 2640 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:16:07.0806 2640 sffp_sd - ok
10:16:07.0831 2640 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
10:16:07.0833 2640 sfloppy - ok
10:16:07.0852 2640 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:16:07.0853 2640 SiSRaid2 - ok
10:16:07.0863 2640 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:16:07.0864 2640 SiSRaid4 - ok
10:16:07.0894 2640 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:16:07.0903 2640 Smb - ok
10:16:07.0939 2640 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:16:07.0940 2640 spldr - ok
10:16:07.0971 2640 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:16:07.0978 2640 srv - ok
10:16:08.0006 2640 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:16:08.0008 2640 srv2 - ok
10:16:08.0043 2640 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:16:08.0047 2640 srvnet - ok
10:16:08.0094 2640 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:16:08.0095 2640 swenum - ok
10:16:08.0106 2640 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:16:08.0107 2640 Symc8xx - ok
10:16:08.0116 2640 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:16:08.0118 2640 Sym_hi - ok
10:16:08.0136 2640 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:16:08.0138 2640 Sym_u3 - ok
10:16:08.0195 2640 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
10:16:08.0228 2640 Tcpip - ok
10:16:08.0253 2640 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
10:16:08.0264 2640 Tcpip6 - ok
10:16:08.0462 2640 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
10:16:08.0463 2640 tcpipreg - ok
10:16:08.0473 2640 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:16:08.0474 2640 TDPIPE - ok
10:16:08.0484 2640 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:16:08.0485 2640 TDTCP - ok
10:16:08.0510 2640 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:16:08.0512 2640 tdx - ok
10:16:08.0546 2640 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:16:08.0547 2640 TermDD - ok
10:16:08.0584 2640 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:16:08.0585 2640 tssecsrv - ok
10:16:08.0610 2640 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:16:08.0611 2640 tunmp - ok
10:16:08.0647 2640 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:16:08.0648 2640 tunnel - ok
10:16:08.0663 2640 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:16:08.0665 2640 uagp35 - ok
10:16:08.0690 2640 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:16:08.0695 2640 udfs - ok
10:16:08.0718 2640 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:16:08.0720 2640 uliagpkx - ok
10:16:08.0732 2640 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:16:08.0736 2640 uliahci - ok
10:16:08.0746 2640 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:16:08.0749 2640 UlSata - ok
10:16:08.0766 2640 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:16:08.0769 2640 ulsata2 - ok
10:16:08.0784 2640 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:16:08.0786 2640 umbus - ok
10:16:08.0828 2640 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:16:08.0830 2640 usbccgp - ok
10:16:08.0839 2640 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:16:08.0841 2640 usbcir - ok
10:16:08.0902 2640 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:16:08.0903 2640 usbehci - ok
10:16:08.0915 2640 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:16:08.0919 2640 usbhub - ok
10:16:08.0950 2640 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
10:16:08.0951 2640 usbohci - ok
10:16:08.0988 2640 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:16:08.0989 2640 usbprint - ok
10:16:09.0000 2640 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:16:09.0002 2640 usbscan - ok
10:16:09.0014 2640 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:16:09.0015 2640 USBSTOR - ok
10:16:09.0023 2640 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:16:09.0024 2640 usbuhci - ok
10:16:09.0047 2640 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:16:09.0049 2640 vga - ok
10:16:09.0061 2640 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:16:09.0061 2640 VgaSave - ok
10:16:09.0069 2640 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:16:09.0071 2640 viaide - ok
10:16:09.0104 2640 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:16:09.0106 2640 volmgr - ok
10:16:09.0134 2640 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:16:09.0148 2640 volmgrx - ok
10:16:09.0174 2640 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:16:09.0179 2640 volsnap - ok
10:16:09.0189 2640 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:16:09.0191 2640 vsmraid - ok
10:16:09.0208 2640 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:16:09.0210 2640 WacomPen - ok
10:16:09.0239 2640 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:16:09.0241 2640 Wanarp - ok
10:16:09.0245 2640 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:16:09.0246 2640 Wanarpv6 - ok
10:16:09.0267 2640 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:16:09.0268 2640 Wd - ok
10:16:09.0293 2640 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:16:09.0305 2640 Wdf01000 - ok
10:16:09.0355 2640 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:16:09.0357 2640 WmiAcpi - ok
10:16:09.0387 2640 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:16:09.0388 2640 ws2ifsl - ok
10:16:09.0417 2640 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:16:09.0419 2640 WUDFRd - ok
10:16:09.0479 2640 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
10:16:09.0484 2640 yukonx64 - ok
10:16:09.0501 2640 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
10:16:10.0318 2640 \Device\Harddisk0\DR0 - ok
10:16:10.0328 2640 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk5\DR6
10:16:10.0336 2640 \Device\Harddisk5\DR6 - ok
10:16:10.0397 2640 Boot (0x1200) (4095eb59d8b26087687d26edc79b90c5) \Device\Harddisk0\DR0\Partition0
10:16:10.0434 2640 \Device\Harddisk0\DR0\Partition0 - ok
10:16:10.0440 2640 Boot (0x1200) (d0cbb73b19ea2a10017ae165578a0faa) \Device\Harddisk5\DR6\Partition0
10:16:10.0441 2640 \Device\Harddisk5\DR6\Partition0 - ok
10:16:10.0441 2640 ============================================================
10:16:10.0441 2640 Scan finished
10:16:10.0441 2640 ============================================================
10:16:10.0453 1204 Detected object count: 0
10:16:10.0453 1204 Actual detected object count: 0
10:16:35.0971 1896 Deinitialize success

ComboFix 11-11-23.01 - Barbara 11/23/2011 10:30:33.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2127 [GMT -6:00]
Running from: i:\utilities\Malware\ComboFix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GuffinsEI
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\8FB1.tmp
C:\Skype
c:\skype\{B6EEB4F4-181D-49E8-B669-B39C258B6808}\6EF12556D0B44CDBA671B6CDFF6843AE.dat
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{0da945b8-2052-4cbf-8ded-daeece96dc92}
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{0da945b8-2052-4cbf-8ded-daeece96dc92}\chrome.manifest
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{0da945b8-2052-4cbf-8ded-daeece96dc92}\chrome\xulcache.jar
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{0da945b8-2052-4cbf-8ded-daeece96dc92}\defaults\preferences\xulcache.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{0da945b8-2052-4cbf-8ded-daeece96dc92}\install.rdf
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{32ba886d-1e72-4a1e-9bea-17df3b819506}
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{32ba886d-1e72-4a1e-9bea-17df3b819506}\chrome.manifest
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{32ba886d-1e72-4a1e-9bea-17df3b819506}\chrome\xulcache.jar
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{32ba886d-1e72-4a1e-9bea-17df3b819506}\defaults\preferences\xulcache.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{32ba886d-1e72-4a1e-9bea-17df3b819506}\install.rdf
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{bb4116ec-b022-4f48-87eb-fa03374e1d64}
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{bb4116ec-b022-4f48-87eb-fa03374e1d64}\chrome.manifest
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{bb4116ec-b022-4f48-87eb-fa03374e1d64}\chrome\xulcache.jar
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{bb4116ec-b022-4f48-87eb-fa03374e1d64}\defaults\preferences\xulcache.js
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\extensions\{bb4116ec-b022-4f48-87eb-fa03374e1d64}\install.rdf
c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\searchplugins\bing-zugo.xml
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeup.dll
c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.dll
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.dll
c:\windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempup.dll
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-23 17:26 . 2011-11-26 03:26 -------- d-----w- c:\users\Barbara\AppData\Local\temp
2011-11-23 17:26 . 2011-11-23 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 22:30 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-18 08:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A433891-811A-411C-AEC5-F1957AB2D211}\mpengine.dll
2011-11-17 18:42 . 2011-11-23 00:15 -------- d-----w- c:\users\Barbara\AppData\Roaming\Gbridge
2011-11-17 18:40 . 2011-11-17 18:40 -------- d-----w- c:\program files (x86)\Gbridge LLC
2011-11-17 18:03 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E96556AF-A791-4BCD-AF52-CB57294A34BE}\mpengine.dll
2011-11-17 16:31 . 2011-11-17 16:31 111408 ----a-w- c:\windows\system32\drivers\88671586.sys
2011-11-15 19:49 . 2011-11-15 19:49 -------- d-----w- C:\$AVG
2011-11-10 21:13 . 2011-11-10 22:07 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-09 21:11 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:11 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 21:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:11 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:11 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 21:11 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 17:49 . 2011-11-09 17:49 -------- d-----w- C:\Windows Desktop Search
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\jONtxAucSiDpGaH
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\wVelIBtzPyAuD
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\x1uvD2obFpGsJdK
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\uuvS2ibFpGaHdKf
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\uuvS2ibF3n5Q6W7
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\mbD3pnG4aHs7E
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\LnG5aQ6dW79TqYe
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\CYCkVrlBx01nas8
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\qOuFGQKRg
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\phwVOzy1Dnp5JEg
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\NEl37wyaRO27hI
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\VghwVOzy1Dnp
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\SdRhwVOzy1
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\J4W9YOuDa
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\UGj2ExHki7VngB2
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\pUltcu2Fms6K
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\zGQs7LTjwV
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\kimLwzDsRVz1bs8
2011-11-09 13:38 . 2011-11-09 13:38 -------- d-----w- c:\users\Barbara\AppData\Roaming\QwUVelIBtzNcAuD
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\cwzD5fBuFaKhCz0
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\SlvsqlA4dYtvpJf
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\D7hI1pEex2m6Rq
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\cYtvpJfXlNv3Q8T
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\clvsqlA4dYtvpJf
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\VNiQLCtDJC04
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\aYNiQLCtDJC04Ek
2011-11-09 12:58 . 2011-11-09 13:11 -------- d-----w- c:\programdata\WindowsSearch
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\XDpEXtvG8jNoQLe
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\zgqjCIVASip4Q
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\GQ6dKRL9gXYeIrN
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\GnG5aQH6dKfLgqC
2011-11-09 04:20 . 2011-11-09 04:20 -------- d-----w- C:\YUVrlOOBtPyc1
2011-11-09 04:19 . 2011-11-09 04:19 -------- d-----w- C:\XonnFF4amHsJ7E8
2011-11-09 04:18 . 2011-11-09 04:18 -------- d-----w- C:\YpnnGG5aQH6dK7R
2011-11-09 04:17 . 2011-11-09 04:17 -------- d-----w- C:\FmGG55s6dEKfR9T
2011-11-09 04:16 . 2011-11-09 04:16 -------- d-----w- C:\s999gTTXqjCekVr
2011-11-09 04:15 . 2011-11-09 04:15 -------- d-----w- C:\RA11uuvS2obFpm5
2011-11-09 04:14 . 2011-11-09 04:14 -------- d-----w- C:\yHH5sQQJ7dE
2011-11-09 04:13 . 2011-11-09 04:13 -------- d-----w- C:\owwjjUVeeIBtzNc
2011-11-09 04:12 . 2011-11-09 04:12 -------- d-----w- C:\UZZqqhYYXwUVeOB
2011-11-09 04:11 . 2011-11-09 04:11 -------- d-----w- C:\lvvD33onF4am
2011-11-09 04:10 . 2011-11-09 04:10 -------- d-----w- C:\R99ggTZqjYCwIr
2011-11-09 04:09 . 2011-11-09 04:09 -------- d-----w- C:\ncAA1iivD2oF4pH
2011-11-09 04:08 . 2011-11-09 04:08 -------- d-----w- C:\t111ivvD3o
2011-11-09 04:07 . 2011-11-09 04:07 -------- d-----w- C:\WKKK7ffEL9gTqjC
2011-11-09 04:06 . 2011-11-09 04:06 -------- d-----w- C:\VoobbF44pm5sQ6E
2011-11-09 04:05 . 2011-11-09 04:05 -------- d-----w- C:\QXwwkUVelOBtPy
2011-11-09 04:04 . 2011-11-09 04:04 -------- d-----w- C:\G666sWWK7fE9gZq
2011-11-09 04:03 . 2011-11-09 04:03 -------- d-----w- C:\y5ssQQJ7dEK8RZh
2011-11-09 04:02 . 2011-11-09 04:02 -------- d-----w- C:\mpppmGG5sQJ6E
2011-11-09 04:01 . 2011-11-09 04:01 -------- d-----w- C:\ETTXXwjUCelIrzN
2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- C:\I66ddEKK8fZ9hXj
2011-11-09 03:59 . 2011-11-09 03:59 -------- d-----w- C:\hGG5aQQH6dKfR9T
2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- C:\IjjjUCellIrz
2011-11-09 03:57 . 2011-11-09 03:57 -------- d-----w- C:\hddEEK8fRZ9hXjI
2011-11-09 03:56 . 2011-11-09 03:56 -------- d-----w- C:\VDD3ppnG4aH6
2011-11-09 03:55 . 2011-11-09 03:55 -------- d-----w- C:\NqjYCekIVzNx0c2
2011-11-09 03:54 . 2011-11-09 03:54 -------- d-----w- C:\x88ffZZ9hTwjUeI
2011-11-09 03:53 . 2011-11-09 03:53 -------- d-----w- C:\S4pmH5sQJdKgZhX
2011-11-09 03:52 . 2011-11-09 03:52 -------- d-----w- C:\uG4aQH6sW7E9TqY
2011-11-09 03:51 . 2011-11-09 03:51 -------- d-----w- C:\jjUCelIBrPyAuSo
2011-11-09 03:50 . 2011-11-09 03:50 -------- d-----w- C:\IqhYXwkUV
2011-11-09 03:49 . 2011-11-09 03:49 -------- d-----w- C:\DQQQJ66dEK8fZ9T
2011-11-09 03:48 . 2011-11-09 03:48 -------- d-----w- C:\w2ibD3pnGaHsKfL
2011-11-09 03:47 . 2011-11-09 03:47 -------- d-----w- C:\XQJJ7dEK8RZ9YwU
2011-11-09 03:46 . 2011-11-09 03:46 -------- d-----w- C:\ktxPP0uc1ibDoG
2011-11-09 03:45 . 2011-11-09 03:45 -------- d-----w- C:\I1iivD2oF
2011-11-09 03:44 . 2011-11-09 03:44 -------- d-----w- C:\WZZZqjYCwkIrlNt
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\gFFF3pmmG5aJ6WK
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\eGGG55aQJ6dW8fL
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\KvDD2oobFpmGsQ6
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\NdEK88gRZhX
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\xffEEL8gTZqYCkV
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\eiibD33pn4aQ6sK
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\h222ibbF3
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\mjYYCekIVz
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\cyyxxA00uv2iFpn
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\F66ddWKK8RL9Tqj
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\zllIIBtzPNyAuDo
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\OLLLggTXqj
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\uyyyccA1uvD2bFp
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\YttzzPNyyc
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\PIIIBttzPNyc1uD
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\GeellIBBrzNyx1v
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\ZUUCeelIBrzP
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\CEEKK8ffRZ9TXjU
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\jdddEKK8fRZ9T
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\RppmmG5ssQ6dE8R
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\vRRRL99gTXqjCeI
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\sKK77fRRL9g
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\PHHH6ssWK7fE9gZ
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\f3ppnnG4aQH6s
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\IDD33pnGG
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\Z4aaQQH6s
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\fCCeekIIVrzNtA0
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\hKK77fRRL9TX
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\qKK77fEE9
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\SbbDD3ppnGaQH
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\G9ggTTXqjY
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\qrzzOONxxAuvSib
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\lhhhTXXqj
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\oppmmG5aaJ6
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\ZNNNyxxA1S2o3mG
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\nKK88fRLL9TXqUe
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\LWWWKK8fRL9
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\PvvvSS2obF3pG5
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\fPPNNxx1uvS2bFp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 13:56 . 2011-10-12 18:38 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 08:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 08:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2010-01-23 14:54 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}"= "c:\program files (x86)\The_G.E.T.Team\prxtbThe_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 68856]
"Gbridge"="c:\program files (x86)\Gbridge LLC\Gbridge\pstartw.exe" [2010-06-10 90912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-17 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"iWinArcade Update"="c:\windows\system32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeup.dll" [2011-11-10 139264]
"Macromedia Update"="c:\windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempup.dll" [2011-11-10 139264]
"Yahoo Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.dll" [2011-11-10 139264]
"Hewlett-Packard Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.dll" [2011-11-10 139264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-06-24 240288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 22:11]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"combofix"="c:\combofix\CF26377.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2731364&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Smart Copy - c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
Wow6432Node-HKU-Default-Run-KeApplet - \Windows Desktop Search\{4E4591C1-9ED7-4D2A-BD42-04C851494EF9}\LicenseValidator.exe
Wow6432Node-HKU-Default-RunOnce-KeApplet - \Windows Desktop Search\{4E4591C1-9ED7-4D2A-BD42-04C851494EF9}\LicenseValidator.exe
WebBrowser-{3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-WT073554 - c:\program files (x86)\Gateway Games\G.H.O.S.T. Hunters
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"=hex:51,66,7a,6c,4c,1d,38,12,28,b9,b1,
5e,21,d7,a9,08,e9,36,2a,eb,0a,ff,3e,f3
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A}"=hex:51,66,7a,6c,4c,1d,38,12,84,f1,42,
30,f0,9a,24,0c,e2,1f,9f,5d,7e,e2,82,1e
"{008C7F63-D813-4907-B7A1-0221F73F24EC}"=hex:51,66,7a,6c,4c,1d,38,12,0d,7c,9f,
04,21,96,69,0c,c8,b7,41,61,f2,61,60,f8
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}"=hex:51,66,7a,6c,4c,1d,38,12,91,e9,dd,
10,ef,d8,6f,04,d1,21,96,ac,d9,7d,87,e2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0085D7F3-FF84-497E-A1E3-A654FB06123F}"=hex:51,66,7a,6c,4c,1d,38,12,9d,d4,96,
04,b6,b1,10,0c,de,f5,e5,14,fe,58,56,2b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,7f,1d,52,16,9b,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,47,2b,e6,d4,e7,40,8d,b4,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,47,2b,e6,d4,e7,40,8d,b4,38,\
.
[HKEY_USERS\S-1-5-21-1165403192-2655675231-1011383692-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,ed,c0,4f,20,d2,09,84,e6,77,78,bb,cb,34,0d,22,16,29,f9,b2,12,
e5,66,18,57,47,86,8a,81,bf,c2,74,3b,84,a3,0f,23,7a,28,e3,bc,c8,f2,ab,e2,3d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\MHotKey.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\Gbridge LLC\Gbridge\Gbridge.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-11-26 07:33:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 13:32
.
Pre-Run: 524,094,681,088 bytes free
Post-Run: 522,835,435,520 bytes free
.
- - End Of File - - E2DD3C4ABF87C3D6149F372B35AE3141

Thanks again, and I hope you had a great Thanksgiving. Feel free to wait till next week to reply if you want to continue enjoying the weekend.

Don

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 PM

Posted 26 November 2011 - 03:05 PM

Hello,

Looks like the main infection is gone. Just alot of leftovers. We will deal with those now.

1.
Please download and run unhide.exe


2.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
c:\users\Barbara\AppData\Roaming\jONtxAucSiDpGaH
c:\users\Barbara\AppData\Roaming\wVelIBtzPyAuD
c:\users\Barbara\AppData\Roaming\x1uvD2obFpGsJdK
c:\users\Barbara\AppData\Roaming\uuvS2ibFpGaHdKf
c:\users\Barbara\AppData\Roaming\uuvS2ibF3n5Q6W7
c:\users\Barbara\AppData\Roaming\mbD3pnG4aHs7E
c:\users\Barbara\AppData\Roaming\LnG5aQ6dW79TqYe
c:\users\Barbara\AppData\Roaming\CYCkVrlBx01nas8
c:\users\Barbara\AppData\Roaming\qOuFGQKRg
c:\users\Barbara\AppData\Roaming\phwVOzy1Dnp5JEg
c:\users\Barbara\AppData\Roaming\NEl37wyaRO27hI
c:\users\Barbara\AppData\Roaming\VghwVOzy1Dnp
c:\users\Barbara\AppData\Roaming\SdRhwVOzy1
c:\users\Barbara\AppData\Roaming\J4W9YOuDa
c:\users\Barbara\AppData\Roaming\UGj2ExHki7VngB2
c:\users\Barbara\AppData\Roaming\pUltcu2Fms6K
c:\users\Barbara\AppData\Roaming\zGQs7LTjwV
c:\users\Barbara\AppData\Roaming\kimLwzDsRVz1bs8
c:\users\Barbara\AppData\Roaming\QwUVelIBtzNcAuD
c:\users\Barbara\AppData\Roaming\cwzD5fBuFaKhCz0
c:\users\Barbara\AppData\Roaming\SlvsqlA4dYtvpJf
c:\users\Barbara\AppData\Roaming\D7hI1pEex2m6Rq
c:\users\Barbara\AppData\Roaming\cYtvpJfXlNv3Q8T
c:\users\Barbara\AppData\Roaming\clvsqlA4dYtvpJf
c:\users\Barbara\AppData\Roaming\VNiQLCtDJC04
c:\users\Barbara\AppData\Roaming\aYNiQLCtDJC04Ek
c:\users\Barbara\AppData\Roaming\XDpEXtvG8jNoQLe
c:\users\Barbara\AppData\Roaming\zgqjCIVASip4Q
c:\users\Barbara\AppData\Roaming\GQ6dKRL9gXYeIrN
c:\users\Barbara\AppData\Roaming\GnG5aQH6dKfLgqC
C:\YUVrlOOBtPyc1
C:\XonnFF4amHsJ7E8
C:\YpnnGG5aQH6dK7R
C:\FmGG55s6dEKfR9T
C:\s999gTTXqjCekVr
C:\RA11uuvS2obFpm5
C:\yHH5sQQJ7dE
C:\owwjjUVeeIBtzNc
C:\UZZqqhYYXwUVeOB
C:\lvvD33onF4am
C:\R99ggTZqjYCwIr
C:\ncAA1iivD2oF4pH
C:\t111ivvD3o
C:\WKKK7ffEL9gTqjC
C:\VoobbF44pm5sQ6E
C:\QXwwkUVelOBtPy
C:\G666sWWK7fE9gZq
C:\y5ssQQJ7dEK8RZh
C:\mpppmGG5sQJ6E
C:\ETTXXwjUCelIrzN
C:\I66ddEKK8fZ9hXj
C:\hGG5aQQH6dKfR9T
C:\IjjjUCellIrz
C:\hddEEK8fRZ9hXjI
C:\VDD3ppnG4aH6
C:\NqjYCekIVzNx0c2
C:\x88ffZZ9hTwjUeI
C:\S4pmH5sQJdKgZhX
C:\uG4aQH6sW7E9TqY
C:\jjUCelIBrPyAuSo
C:\IqhYXwkUV
C:\DQQQJ66dEK8fZ9T
C:\w2ibD3pnGaHsKfL
C:\XQJJ7dEK8RZ9YwU
C:\ktxPP0uc1ibDoG
C:\I1iivD2oF
C:\WZZZqjYCwkIrlNt
C:\gFFF3pmmG5aJ6WK
C:\eGGG55aQJ6dW8fL
C:\KvDD2oobFpmGsQ6
C:\NdEK88gRZhX
C:\xffEEL8gTZqYCkV
C:\eiibD33pn4aQ6sK
C:\h222ibbF3
C:\mjYYCekIVz
C:\cyyxxA00uv2iFpn
C:\F66ddWKK8RL9Tqj
C:\zllIIBtzPNyAuDo
C:\OLLLggTXqj
C:\uyyyccA1uvD2bFp
C:\YttzzPNyyc
C:\PIIIBttzPNyc1uD
C:\GeellIBBrzNyx1v
C:\ZUUCeelIBrzP
C:\CEEKK8ffRZ9TXjU
C:\jdddEKK8fRZ9T
C:\RppmmG5ssQ6dE8R
C:\vRRRL99gTXqjCeI
C:\sKK77fRRL9g
C:\PHHH6ssWK7fE9gZ
C:\f3ppnnG4aQH6s
C:\IDD33pnGG
C:\Z4aaQQH6s
C:\fCCeekIIVrzNtA0
C:\hKK77fRRL9TX
C:\qKK77fEE9
C:\SbbDD3ppnGaQH
C:\G9ggTTXqjY 
C:\qrzzOONxxAuvSib
C:\lhhhTXXqj
C:\oppmmG5aaJ6
C:\ZNNNyxxA1S2o3mG
C:\nKK88fRLL9TXqUe
C:\LWWWKK8fRL9
C:\PvvvSS2obF3pG5
C:\fPPNNxx1uvS2bFp

Domains::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Things to include in your next reply::
Combofix.txt
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Don K K

Don K K
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 28 November 2011 - 03:23 PM

We are making progress, and I am grateful for that, but we still have a couple of issues. I ran unhide,exe, and I think most if not all directories and files are visible again. At least the ones I checked such as Windows, Program Files, etc appeared in "My Computer" again. Then I ran combofix.exe dropping the text file over it. It produced a log file which I will show below. I also ran Malware Bytes after updating it, and I will show it below as well. Windows Firewall is turned on again, but the computer did not show an anti-virus program, so I downloaded and installed Security Essentials and let it do a scan after updating. I'll discuss the results after the logs.

Here is the combofix.txt log:
ComboFix 11-11-23.01 - Barbara 11/27/2011 10:23:26.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2196 [GMT -6:00]
Running from: c:\users\Barbara\Desktop\ComboFix.exe
Command switches used :: c:\users\Barbara\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeup.dll
c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.dll
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.dll
c:\windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempup.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 17:03 . 2011-11-27 17:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-27 17:03 . 2011-11-27 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 17:03 . 2011-11-27 17:03 -------- d-----w- c:\users\Barbara\AppData\Local\temp
2011-11-22 22:30 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-18 08:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A433891-811A-411C-AEC5-F1957AB2D211}\mpengine.dll
2011-11-17 18:42 . 2011-11-23 00:15 -------- d-----w- c:\users\Barbara\AppData\Roaming\Gbridge
2011-11-17 18:40 . 2011-11-17 18:40 -------- d-----w- c:\program files (x86)\Gbridge LLC
2011-11-17 18:03 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E96556AF-A791-4BCD-AF52-CB57294A34BE}\mpengine.dll
2011-11-17 16:31 . 2011-11-17 16:31 111408 ----a-w- c:\windows\system32\drivers\88671586.sys
2011-11-15 19:49 . 2011-11-15 19:49 -------- d-----w- C:\$AVG
2011-11-10 21:13 . 2011-11-10 22:07 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-09 21:11 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:11 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 21:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:11 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:11 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 21:11 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 17:49 . 2011-11-09 17:49 -------- d-----w- C:\Windows Desktop Search
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\jONtxAucSiDpGaH
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\wVelIBtzPyAuD
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\x1uvD2obFpGsJdK
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\uuvS2ibFpGaHdKf
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\uuvS2ibF3n5Q6W7
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\mbD3pnG4aHs7E
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\LnG5aQ6dW79TqYe
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\CYCkVrlBx01nas8
2011-11-09 15:07 . 2011-11-09 15:07 -------- d-----w- c:\users\Barbara\AppData\Roaming\qOuFGQKRg
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\phwVOzy1Dnp5JEg
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\NEl37wyaRO27hI
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\VghwVOzy1Dnp
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\SdRhwVOzy1
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\J4W9YOuDa
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\UGj2ExHki7VngB2
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\pUltcu2Fms6K
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\zGQs7LTjwV
2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\users\Barbara\AppData\Roaming\kimLwzDsRVz1bs8
2011-11-09 13:38 . 2011-11-09 13:38 -------- d-----w- c:\users\Barbara\AppData\Roaming\QwUVelIBtzNcAuD
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\cwzD5fBuFaKhCz0
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\SlvsqlA4dYtvpJf
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\D7hI1pEex2m6Rq
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\cYtvpJfXlNv3Q8T
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\clvsqlA4dYtvpJf
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\VNiQLCtDJC04
2011-11-09 13:37 . 2011-11-09 13:37 -------- d-----w- c:\users\Barbara\AppData\Roaming\aYNiQLCtDJC04Ek
2011-11-09 12:58 . 2011-11-09 13:11 -------- d-----w- c:\programdata\WindowsSearch
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\XDpEXtvG8jNoQLe
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\zgqjCIVASip4Q
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\GQ6dKRL9gXYeIrN
2011-11-09 12:43 . 2011-11-09 12:43 -------- d-----w- c:\users\Barbara\AppData\Roaming\GnG5aQH6dKfLgqC
2011-11-09 04:20 . 2011-11-09 04:20 -------- d-----w- C:\YUVrlOOBtPyc1
2011-11-09 04:19 . 2011-11-09 04:19 -------- d-----w- C:\XonnFF4amHsJ7E8
2011-11-09 04:18 . 2011-11-09 04:18 -------- d-----w- C:\YpnnGG5aQH6dK7R
2011-11-09 04:17 . 2011-11-09 04:17 -------- d-----w- C:\FmGG55s6dEKfR9T
2011-11-09 04:16 . 2011-11-09 04:16 -------- d-----w- C:\s999gTTXqjCekVr
2011-11-09 04:15 . 2011-11-09 04:15 -------- d-----w- C:\RA11uuvS2obFpm5
2011-11-09 04:14 . 2011-11-09 04:14 -------- d-----w- C:\yHH5sQQJ7dE
2011-11-09 04:13 . 2011-11-09 04:13 -------- d-----w- C:\owwjjUVeeIBtzNc
2011-11-09 04:12 . 2011-11-09 04:12 -------- d-----w- C:\UZZqqhYYXwUVeOB
2011-11-09 04:11 . 2011-11-09 04:11 -------- d-----w- C:\lvvD33onF4am
2011-11-09 04:10 . 2011-11-09 04:10 -------- d-----w- C:\R99ggTZqjYCwIr
2011-11-09 04:09 . 2011-11-09 04:09 -------- d-----w- C:\ncAA1iivD2oF4pH
2011-11-09 04:08 . 2011-11-09 04:08 -------- d-----w- C:\t111ivvD3o
2011-11-09 04:07 . 2011-11-09 04:07 -------- d-----w- C:\WKKK7ffEL9gTqjC
2011-11-09 04:06 . 2011-11-09 04:06 -------- d-----w- C:\VoobbF44pm5sQ6E
2011-11-09 04:05 . 2011-11-09 04:05 -------- d-----w- C:\QXwwkUVelOBtPy
2011-11-09 04:04 . 2011-11-09 04:04 -------- d-----w- C:\G666sWWK7fE9gZq
2011-11-09 04:03 . 2011-11-09 04:03 -------- d-----w- C:\y5ssQQJ7dEK8RZh
2011-11-09 04:02 . 2011-11-09 04:02 -------- d-----w- C:\mpppmGG5sQJ6E
2011-11-09 04:01 . 2011-11-09 04:01 -------- d-----w- C:\ETTXXwjUCelIrzN
2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- C:\I66ddEKK8fZ9hXj
2011-11-09 03:59 . 2011-11-09 03:59 -------- d-----w- C:\hGG5aQQH6dKfR9T
2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- C:\IjjjUCellIrz
2011-11-09 03:57 . 2011-11-09 03:57 -------- d-----w- C:\hddEEK8fRZ9hXjI
2011-11-09 03:56 . 2011-11-09 03:56 -------- d-----w- C:\VDD3ppnG4aH6
2011-11-09 03:55 . 2011-11-09 03:55 -------- d-----w- C:\NqjYCekIVzNx0c2
2011-11-09 03:54 . 2011-11-09 03:54 -------- d-----w- C:\x88ffZZ9hTwjUeI
2011-11-09 03:53 . 2011-11-09 03:53 -------- d-----w- C:\S4pmH5sQJdKgZhX
2011-11-09 03:52 . 2011-11-09 03:52 -------- d-----w- C:\uG4aQH6sW7E9TqY
2011-11-09 03:51 . 2011-11-09 03:51 -------- d-----w- C:\jjUCelIBrPyAuSo
2011-11-09 03:50 . 2011-11-09 03:50 -------- d-----w- C:\IqhYXwkUV
2011-11-09 03:49 . 2011-11-09 03:49 -------- d-----w- C:\DQQQJ66dEK8fZ9T
2011-11-09 03:48 . 2011-11-09 03:48 -------- d-----w- C:\w2ibD3pnGaHsKfL
2011-11-09 03:47 . 2011-11-09 03:47 -------- d-----w- C:\XQJJ7dEK8RZ9YwU
2011-11-09 03:46 . 2011-11-09 03:46 -------- d-----w- C:\ktxPP0uc1ibDoG
2011-11-09 03:45 . 2011-11-09 03:45 -------- d-----w- C:\I1iivD2oF
2011-11-09 03:44 . 2011-11-09 03:44 -------- d-----w- C:\WZZZqjYCwkIrlNt
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\gFFF3pmmG5aJ6WK
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\eGGG55aQJ6dW8fL
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\KvDD2oobFpmGsQ6
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\NdEK88gRZhX
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\xffEEL8gTZqYCkV
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\eiibD33pn4aQ6sK
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\h222ibbF3
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\mjYYCekIVz
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\cyyxxA00uv2iFpn
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\F66ddWKK8RL9Tqj
2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- C:\zllIIBtzPNyAuDo
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\OLLLggTXqj
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\uyyyccA1uvD2bFp
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\YttzzPNyyc
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\PIIIBttzPNyc1uD
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\GeellIBBrzNyx1v
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\ZUUCeelIBrzP
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\CEEKK8ffRZ9TXjU
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\jdddEKK8fRZ9T
2011-11-09 03:26 . 2011-11-09 03:26 -------- d-----w- C:\RppmmG5ssQ6dE8R
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\vRRRL99gTXqjCeI
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\sKK77fRRL9g
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\PHHH6ssWK7fE9gZ
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\f3ppnnG4aQH6s
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\IDD33pnGG
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\Z4aaQQH6s
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\fCCeekIIVrzNtA0
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\hKK77fRRL9TX
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\qKK77fEE9
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\SbbDD3ppnGaQH
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\G9ggTTXqjY
2011-11-09 03:24 . 2011-11-09 03:24 -------- d-----w- C:\qrzzOONxxAuvSib
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\lhhhTXXqj
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\oppmmG5aaJ6
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\ZNNNyxxA1S2o3mG
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\nKK88fRLL9TXqUe
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\LWWWKK8fRL9
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\PvvvSS2obF3pG5
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 13:56 . 2011-10-12 18:38 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 08:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 08:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2010-01-23 14:54 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_05.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 00:04 . 2011-11-27 19:14 331366 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}"= "c:\program files (x86)\The_G.E.T.Team\prxtbThe_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 68856]
"Gbridge"="c:\program files (x86)\Gbridge LLC\Gbridge\pstartw.exe" [2010-06-10 90912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-17 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"iWinArcade Update"="c:\windows\system32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeup.dll" [2011-11-10 139264]
"Macromedia Update"="c:\windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempup.dll" [2011-11-10 139264]
"Yahoo Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleup.dll" [2011-11-10 139264]
"Hewlett-Packard Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.dll" [2011-11-10 139264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-06-24 240288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 22:11]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2731364&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"=hex:51,66,7a,6c,4c,1d,38,12,28,b9,b1,
5e,21,d7,a9,08,e9,36,2a,eb,0a,ff,3e,f3
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A}"=hex:51,66,7a,6c,4c,1d,38,12,84,f1,42,
30,f0,9a,24,0c,e2,1f,9f,5d,7e,e2,82,1e
"{008C7F63-D813-4907-B7A1-0221F73F24EC}"=hex:51,66,7a,6c,4c,1d,38,12,0d,7c,9f,
04,21,96,69,0c,c8,b7,41,61,f2,61,60,f8
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}"=hex:51,66,7a,6c,4c,1d,38,12,91,e9,dd,
10,ef,d8,6f,04,d1,21,96,ac,d9,7d,87,e2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0085D7F3-FF84-497E-A1E3-A654FB06123F}"=hex:51,66,7a,6c,4c,1d,38,12,9d,d4,96,
04,b6,b1,10,0c,de,f5,e5,14,fe,58,56,2b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,7f,1d,52,16,9b,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,47,2b,e6,d4,e7,40,8d,b4,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,47,2b,e6,d4,e7,40,8d,b4,38,\
.
[HKEY_USERS\S-1-5-21-1165403192-2655675231-1011383692-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,ed,c0,4f,20,d2,09,84,e6,77,78,bb,cb,34,0d,22,16,29,f9,b2,12,
e5,66,18,57,47,86,8a,81,bf,c2,74,3b,84,a3,0f,23,7a,28,e3,bc,c8,f2,ab,e2,3d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-11-27 13:58:47
ComboFix-quarantined-files.txt 2011-11-27 19:58
ComboFix2.txt 2011-11-26 13:33
.
Pre-Run: 522,892,124,160 bytes free
Post-Run: 515,441,856,512 bytes free
.
- - End Of File - - 36596ABCD24D92CDF037CB65D8CCB11E

Here is the Malware Bytes log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8253

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/27/2011 2:15:39 PM
mbam-log-2011-11-27 (14-15-39).txt

Scan type: Quick scan
Objects scanned: 181474
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

After Security Essentials ran, it showed one trojan in the system which it removed, called Trojan Downloader:Win32/Tracur.AI. Also the bogus directories are still there. And when I tested the browsers, only Chrome seemed to be working without redirects. With Both Firefox and IE, I opened a browser window and went to google.com. I typed "microsoft" in the search bar. When the results page showed one of the entries as what looked to be www.microsoft.com, I clicked on that, but in both FF and IE I was redirected to other sites. This despite the fact that Malware Bytes did not show any issues in quick scan mode. I just checked the computer again while typing this, and Security Essentials found a few more problems: Exploit:JS/Blacole.W, Exploit:JS/Blacole.A, and Trojan:Win64/Sirefef.F. It removed them all.

So we are making progress, but still have issues.
Don

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 PM

Posted 28 November 2011 - 07:39 PM

Hello,

Is Combofix on your desktop or in a folder?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Don K K

Don K K
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 28 November 2011 - 09:29 PM

Originally on a flash drive, I copied it to the desktop, as well as the CFScript.txt file, and then dragged the CFScript.txt file to the ComboFix.exe file on the desktop.

Don

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 PM

Posted 28 November 2011 - 09:40 PM

Hello,


Please delete the copy of Combofix you have on your desktop now and the one on your flash drive if it is still there.


Please download a new copy directly to your desktop. Then try and run the script again.


Link 1
Link 2

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Don K K

Don K K
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 29 November 2011 - 05:24 PM

fireman4it,
I deleted ComboFix from the desktop and flashdrive. Connected computer to internet and this webpage. Downloaded ComboFix.exe from page. Dropped CFScript.exe on ComBoFix.exe. Exe began and said that Security Essentials was running and needed to be stopped. I used task manager to end the 3 processes that I thought were related to Security Essentials. Then clicked OK on the ComboFix Window. Another ComboFix window came on the screen and said that Windows Essentials was still running and results may not be accurate. I clicked OK and let ComboFix do it's thing. Here is the log it produced:
ComboFix 11-11-28.02 - Barbara 11/28/2011 21:30:53.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1238 [GMT -6:00]
Running from: c:\users\Barbara\Desktop\ComboFix.exe
Command switches used :: c:\users\Barbara\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CEEKK8ffRZ9TXjU
C:\cyyxxA00uv2iFpn
C:\DQQQJ66dEK8fZ9T
C:\eGGG55aQJ6dW8fL
C:\eiibD33pn4aQ6sK
C:\ETTXXwjUCelIrzN
C:\f3ppnnG4aQH6s
C:\F66ddWKK8RL9Tqj
C:\fCCeekIIVrzNtA0
C:\FmGG55s6dEKfR9T
C:\fPPNNxx1uvS2bFp
C:\G666sWWK7fE9gZq
C:\G9ggTTXqjY
C:\GeellIBBrzNyx1v
C:\gFFF3pmmG5aJ6WK
C:\h222ibbF3
C:\hddEEK8fRZ9hXjI
C:\hGG5aQQH6dKfR9T
C:\hKK77fRRL9TX
C:\I1iivD2oF
C:\I66ddEKK8fZ9hXj
C:\IDD33pnGG
C:\IjjjUCellIrz
C:\IqhYXwkUV
C:\jdddEKK8fRZ9T
C:\jjUCelIBrPyAuSo
C:\ktxPP0uc1ibDoG
C:\KvDD2oobFpmGsQ6
C:\lhhhTXXqj
C:\lvvD33onF4am
C:\LWWWKK8fRL9
C:\mjYYCekIVz
C:\mpppmGG5sQJ6E
C:\ncAA1iivD2oF4pH
C:\NdEK88gRZhX
C:\nKK88fRLL9TXqUe
C:\NqjYCekIVzNx0c2
C:\OLLLggTXqj
C:\oppmmG5aaJ6
C:\owwjjUVeeIBtzNc
C:\PHHH6ssWK7fE9gZ
C:\PIIIBttzPNyc1uD
C:\PvvvSS2obF3pG5
C:\qKK77fEE9
C:\qrzzOONxxAuvSib
C:\QXwwkUVelOBtPy
C:\R99ggTZqjYCwIr
C:\RA11uuvS2obFpm5
C:\RppmmG5ssQ6dE8R
C:\S4pmH5sQJdKgZhX
C:\s999gTTXqjCekVr
C:\SbbDD3ppnGaQH
C:\sKK77fRRL9g
C:\t111ivvD3o
C:\uG4aQH6sW7E9TqY
c:\users\Barbara\AppData\Roaming\aYNiQLCtDJC04Ek
c:\users\Barbara\AppData\Roaming\clvsqlA4dYtvpJf
c:\users\Barbara\AppData\Roaming\cwzD5fBuFaKhCz0
c:\users\Barbara\AppData\Roaming\CYCkVrlBx01nas8
c:\users\Barbara\AppData\Roaming\cYtvpJfXlNv3Q8T
c:\users\Barbara\AppData\Roaming\D7hI1pEex2m6Rq
c:\users\Barbara\AppData\Roaming\GnG5aQH6dKfLgqC
c:\users\Barbara\AppData\Roaming\GQ6dKRL9gXYeIrN
c:\users\Barbara\AppData\Roaming\J4W9YOuDa
c:\users\Barbara\AppData\Roaming\jONtxAucSiDpGaH
c:\users\Barbara\AppData\Roaming\kimLwzDsRVz1bs8
c:\users\Barbara\AppData\Roaming\LnG5aQ6dW79TqYe
c:\users\Barbara\AppData\Roaming\mbD3pnG4aHs7E
c:\users\Barbara\AppData\Roaming\NEl37wyaRO27hI
c:\users\Barbara\AppData\Roaming\phwVOzy1Dnp5JEg
c:\users\Barbara\AppData\Roaming\pUltcu2Fms6K
c:\users\Barbara\AppData\Roaming\qOuFGQKRg
c:\users\Barbara\AppData\Roaming\QwUVelIBtzNcAuD
c:\users\Barbara\AppData\Roaming\SdRhwVOzy1
c:\users\Barbara\AppData\Roaming\SlvsqlA4dYtvpJf
c:\users\Barbara\AppData\Roaming\UGj2ExHki7VngB2
c:\users\Barbara\AppData\Roaming\uuvS2ibF3n5Q6W7
c:\users\Barbara\AppData\Roaming\uuvS2ibFpGaHdKf
c:\users\Barbara\AppData\Roaming\VghwVOzy1Dnp
c:\users\Barbara\AppData\Roaming\VNiQLCtDJC04
c:\users\Barbara\AppData\Roaming\wVelIBtzPyAuD
c:\users\Barbara\AppData\Roaming\x1uvD2obFpGsJdK
c:\users\Barbara\AppData\Roaming\XDpEXtvG8jNoQLe
c:\users\Barbara\AppData\Roaming\zgqjCIVASip4Q
c:\users\Barbara\AppData\Roaming\zGQs7LTjwV
C:\uyyyccA1uvD2bFp
C:\UZZqqhYYXwUVeOB
C:\VDD3ppnG4aH6
C:\VoobbF44pm5sQ6E
C:\vRRRL99gTXqjCeI
C:\w2ibD3pnGaHsKfL
C:\WKKK7ffEL9gTqjC
C:\WZZZqjYCwkIrlNt
C:\x88ffZZ9hTwjUeI
C:\xffEEL8gTZqYCkV
C:\XonnFF4amHsJ7E8
C:\XQJJ7dEK8RZ9YwU
C:\y5ssQQJ7dEK8RZh
C:\yHH5sQQJ7dE
C:\YpnnGG5aQH6dK7R
C:\YttzzPNyyc
C:\YUVrlOOBtPyc1
C:\Z4aaQQH6s
C:\zllIIBtzPNyAuDo
C:\ZNNNyxxA1S2o3mG
C:\ZUUCeelIBrzP
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 04:22 . 2011-11-29 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-29 04:22 . 2011-11-29 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 21:01 . 2011-11-27 21:00 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{583602E2-4D38-4F4F-A949-53887668FEFE}\gapaengine.dll
2011-11-27 21:01 . 2011-11-29 03:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{209232FD-D3C1-4719-85F5-09BC69B6A23E}\offreg.dll
2011-11-27 21:01 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{209232FD-D3C1-4719-85F5-09BC69B6A23E}\mpengine.dll
2011-11-27 20:59 . 2011-11-27 20:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-27 20:16 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97078D44-BA5B-4689-B226-650997E8F4C6}\mpengine.dll
2011-11-27 19:59 . 2011-11-29 05:13 -------- d-----w- c:\users\Barbara\AppData\Local\temp
2011-11-22 22:30 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-17 18:42 . 2011-11-23 00:15 -------- d-----w- c:\users\Barbara\AppData\Roaming\Gbridge
2011-11-17 18:40 . 2011-11-17 18:40 -------- d-----w- c:\program files (x86)\Gbridge LLC
2011-11-17 16:31 . 2011-11-17 16:31 111408 ----a-w- c:\windows\system32\drivers\88671586.sys
2011-11-15 19:49 . 2011-11-15 19:49 -------- d-----w- C:\$AVG
2011-11-10 21:13 . 2011-11-10 22:07 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-09 21:11 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:11 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 21:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:11 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:11 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 21:11 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 17:49 . 2011-11-09 17:49 -------- d-----w- C:\Windows Desktop Search
2011-11-09 13:38 . 2011-11-09 13:38 -------- d-----w- c:\users\Barbara\AppData\Roaming\UZr1m8k0o7hIyDp
2011-11-09 12:58 . 2011-11-09 13:11 -------- d-----w- c:\programdata\WindowsSearch
2011-11-09 04:20 . 2011-11-09 04:20 -------- d-----w- C:\jlOtycc1vDn4m
2011-11-09 04:19 . 2011-11-09 04:19 -------- d-----w- C:\hDD33onF4amH5J7
2011-11-09 04:18 . 2011-11-09 04:18 -------- d-----w- C:\pCCCkIIBr
2011-11-09 04:17 . 2011-11-09 04:17 -------- d-----w- C:\RxxxP00ycSiv3oF
2011-11-09 04:16 . 2011-11-09 04:16 -------- d-----w- C:\aYYYCwkIVrONxPu
2011-11-09 04:15 . 2011-11-09 04:15 -------- d-----w- C:\nJ66ddWK8fRLhTq
2011-11-09 04:14 . 2011-11-09 04:14 -------- d-----w- C:\x55ssQJ7dEK
2011-11-09 04:13 . 2011-11-09 04:13 -------- d-----w- C:\euuvvD2obF4pm5
2011-11-09 04:12 . 2011-11-09 04:12 -------- d-----w- C:\BHH5ssWJ7dELgRq
2011-11-09 04:11 . 2011-11-09 04:11 -------- d-----w- C:\RWWJJffEL8TZqYw
2011-11-09 04:10 . 2011-11-09 04:10 -------- d-----w- C:\JpmmGG5sQJ6dK8R
2011-11-09 04:09 . 2011-11-09 04:09 -------- d-----w- C:\ZCwwkIIVrlOtx0u
2011-11-09 04:08 . 2011-11-09 04:08 -------- d-----w- C:\sFF4ammH5sW7dE
2011-11-09 04:07 . 2011-11-09 04:07 -------- d-----w- C:\TjYYCCwkIVrlOtP
2011-11-09 04:06 . 2011-11-09 04:06 -------- d-----w- C:\dbbbF4ppmGsQ6dK
2011-11-09 04:05 . 2011-11-09 04:05 -------- d-----w- C:\auccS1ibD3on4aH
2011-11-09 04:04 . 2011-11-09 04:04 -------- d-----w- C:\wDD33pnG4a
2011-11-09 04:03 . 2011-11-09 04:03 -------- d-----w- C:\pffEEL9gTZqjYwI
2011-11-09 04:02 . 2011-11-09 04:02 -------- d-----w- C:\cKKK7ffEL9gZqjC
2011-11-09 04:01 . 2011-11-09 04:01 -------- d-----w- C:\W33oonF4amH5sJd
2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- C:\eQQQJJ6dEK8fZhT
2011-11-09 03:59 . 2011-11-09 03:59 -------- d-----w- C:\ooobbF4pmG5
2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- C:\EDD22onF4pmHsQ7
2011-11-09 03:57 . 2011-11-09 03:57 -------- d-----w- C:\XYXXwwjUVelBt
2011-11-09 03:56 . 2011-11-09 03:56 -------- d-----w- C:\GiFpGG5aH6W7R9X
2011-11-09 03:55 . 2011-11-09 03:55 -------- d-----w- C:\WfRZ9hTXwUeIrPy
2011-11-09 03:54 . 2011-11-09 03:54 -------- d-----w- C:\OcAA1D2obF
2011-11-09 03:53 . 2011-11-09 03:53 -------- d-----w- C:\KRZqhYXwkVlBz0c
2011-11-09 03:52 . 2011-11-09 03:52 -------- d-----w- C:\FPNycA1uv
2011-11-09 03:51 . 2011-11-09 03:51 -------- d-----w- C:\sNycA1uvDoF
2011-11-09 03:50 . 2011-11-09 03:50 -------- d-----w- C:\FbD3onG4aHsJfLg
2011-11-09 03:49 . 2011-11-09 03:49 -------- d-----w- C:\wBttzPPNyc
2011-11-09 03:48 . 2011-11-09 03:48 -------- d-----w- C:\KdWK7fRL9TqYeIr
2011-11-09 03:47 . 2011-11-09 03:47 -------- d-----w- C:\dammH5sWJdELgZh
2011-11-09 03:46 . 2011-11-09 03:46 -------- d-----w- C:\ZcAA1ivD2nF4m5Q
2011-11-09 03:45 . 2011-11-09 03:45 -------- d-----w- C:\yammH6ssWJ7ELgZ
2011-11-09 03:44 . 2011-11-09 03:44 -------- d-----w- C:\V4aQ67fLg
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\gpppmGG5sQJdEKf
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\CAA11uvvD2bF4mG
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\FbFF33pmG
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\HzzPPNyxA1uvSo
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\QzzPPNyyxAu
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\luuuvS22obFp
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\OSSS2oobF3
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\JGG55aQQJ6dK
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\jF33ppnG5aQHdW7
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\PKK77fRRL9g
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\EaaaQHH6dWK7RLg
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\jLLL9ggTXqjYekV
2011-11-09 03:25 . 2011-11-09 03:25 -------- d-----w- C:\RHHH6ddWK7fL9g
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\zZZ99hTXXw
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\XttzzPNNycAuv2o
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\yEKK8ffRZ9hTwjC
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\FPPPNyycA1uv2oF
2011-11-09 03:23 . 2011-11-09 03:23 -------- d-----w- C:\FNNyccA1uvD2bFp
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\NgggRZ9hhYwjUeI
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\f11iivDDonF4pHs
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\jEEEL88gRZqhX
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\RmHHH5sQJ7dE8gZ
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\v2oonnF4pmH5Q
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\rF444pmH5sQJ
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\RlOOBttzP0yA1v
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\VaammH5sWJ7d
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\TSSS1iivD3on4aH
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\VELLL8gRZqYXwUe
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\z3oonnF4amH5WJd
2011-11-09 03:22 . 2011-11-09 03:22 -------- d-----w- C:\T77ffEL88gZh
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\oaaamHH6sWJfELg
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\lOOONNtxP0uc1iD
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\moonnFF4amHsW7d
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\X33oonF4amH5WJd
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\pKKK8ggRZ
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\HRRRZ99hYXwjVeI
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\nAA1iivD2onFpH5
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\QxxPP0ycc1ivDoF
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\RnnnG4aaQWK7E9g
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\B666dWWK7fR9gXq
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\iGGG44aQH6sW7fL
2011-11-09 03:21 . 2011-11-09 03:21 -------- d-----w- C:\jbbbD33pnG
2011-11-09 03:19 . 2011-11-09 03:19 -------- d-----w- C:\FH66ddWK7fRLgTq
2011-11-09 03:18 . 2011-11-09 03:18 -------- d-----w- C:\YIIIVrrlON
2011-11-09 03:17 . 2011-11-09 03:17 -------- d-----w- C:\uS2ibF3pn5Q6
2011-11-09 03:16 . 2011-11-09 03:16 -------- d-----w- C:\JONyxA0uv
2011-11-09 03:15 . 2011-11-09 03:15 -------- d-----w- C:\x9hYXwjUVlB
2011-11-09 03:14 . 2011-11-09 03:14 -------- d-----w- C:\FA1uvD2ob4m5Q6E
2011-11-09 03:13 . 2011-11-09 03:13 -------- d-----w- C:\wPPPNyyxA1uv2
2011-11-09 03:12 . 2011-11-09 03:12 -------- d-----w- C:\ifEL9gTZqYwIrOt
2011-11-09 03:11 . 2011-11-09 03:11 -------- d-----w- C:\lCwkIVrlOtPu
2011-11-09 03:10 . 2011-11-09 03:10 -------- d-----w- C:\Y6ddWK8fR9hTq
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\rPNyyAAuvS2b3mG
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\teekIBrzOyxAuSi
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\pUCeeIIrzONx0vS
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\txA00uvSibFpn5Q
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\RzzONyyA0uS2b3n
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\G5aaQH6dK7
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\PL99hTXqjCkBzNx
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\f66ddWK8fR
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\FAAA1uuvS2ob
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\XQQJJ6dWK8fRLhX
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\qbbFF4pmG5sJ6E8
2011-11-09 03:09 . 2011-11-09 03:09 -------- d-----w- C:\zhhYYXwwjUelItP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 07:27 . 2011-06-25 18:28 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-06 13:56 . 2011-10-12 18:38 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 08:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 08:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2010-01-23 14:54 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_05.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-27 21:25 . 2011-04-27 21:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
- 2010-10-25 03:25 . 2010-10-25 03:25 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-04-18 19:18 . 2011-04-18 19:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-11-27 20:12 . 2011-11-27 20:12 9560 c:\windows\system32\networklist\icons\{E2EB7F7D-2561-483F-8793-ED228BC85365}_48.bin
+ 2011-11-27 20:12 . 2011-11-27 20:12 4280 c:\windows\system32\networklist\icons\{E2EB7F7D-2561-483F-8793-ED228BC85365}_32.bin
+ 2011-11-27 20:12 . 2011-11-27 20:12 2456 c:\windows\system32\networklist\icons\{E2EB7F7D-2561-483F-8793-ED228BC85365}_24.bin
+ 2009-07-03 00:04 . 2011-11-27 19:14 331366 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2011-11-27 20:59 618578 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-27 20:59 108982 c:\windows\system32\perfc009.dat
+ 2011-04-18 19:18 . 2011-04-18 19:18 189440 c:\windows\system32\drivers\MpFilter.sys
+ 2011-11-27 20:59 . 2011-11-27 20:59 907776 c:\windows\Installer\8f06d2c.msi
+ 2011-11-27 20:59 . 2011-11-27 20:59 585216 c:\windows\Installer\8f06d26.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}"= "c:\program files (x86)\The_G.E.T.Team\prxtbThe_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3451f2ea-d4c2-494a-9d09-dc1d7bbcc60a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 68856]
"Gbridge"="c:\program files (x86)\Gbridge LLC\Gbridge\pstartw.exe" [2010-06-10 90912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-17 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-06-24 240288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 uvnc_service_gs;uvnc_service_gs;c:\program files (x86)\Gbridge LLC\Gbridge\gbwinvnc.exe [2010-06-12 1587536]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 22:11]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 10.239.255.254
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\k9jw3zmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2731364&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110717&user_guid=8CCA86D2FF474E228D4106C56AC367FF&machine_id=7baf4a46cf682d3766e2b5e0ac5aed8b&browser=FF&os=win&os_version=6.0-x64-SP2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"=hex:51,66,7a,6c,4c,1d,38,12,28,b9,b1,
5e,21,d7,a9,08,e9,36,2a,eb,0a,ff,3e,f3
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{3451F2EA-D4C2-494A-9D09-DC1D7BBCC60A}"=hex:51,66,7a,6c,4c,1d,38,12,84,f1,42,
30,f0,9a,24,0c,e2,1f,9f,5d,7e,e2,82,1e
"{008C7F63-D813-4907-B7A1-0221F73F24EC}"=hex:51,66,7a,6c,4c,1d,38,12,0d,7c,9f,
04,21,96,69,0c,c8,b7,41,61,f2,61,60,f8
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}"=hex:51,66,7a,6c,4c,1d,38,12,91,e9,dd,
10,ef,d8,6f,04,d1,21,96,ac,d9,7d,87,e2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,
a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0085D7F3-FF84-497E-A1E3-A654FB06123F}"=hex:51,66,7a,6c,4c,1d,38,12,9d,d4,96,
04,b6,b1,10,0c,de,f5,e5,14,fe,58,56,2b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,7f,1d,52,16,9b,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,47,2b,e6,d4,e7,40,8d,b4,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,47,2b,e6,d4,e7,40,8d,b4,38,\
.
[HKEY_USERS\S-1-5-21-1165403192-2655675231-1011383692-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,ed,c0,4f,20,d2,09,84,e6,77,78,bb,cb,34,0d,22,16,29,f9,b2,12,
e5,66,18,57,47,86,8a,81,bf,c2,74,3b,84,a3,0f,23,7a,28,e3,bc,c8,f2,ab,e2,3d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-11-28 23:33:35
ComboFix-quarantined-files.txt 2011-11-29 05:33
ComboFix2.txt 2011-11-27 19:59
ComboFix3.txt 2011-11-26 13:33
.
Pre-Run: 511,276,150,784 bytes free
Post-Run: 511,469,027,328 bytes free
.
- - End Of File - - 4333BE7AA47779456AAF6248F2BF693D

Some issues still remain. Windows Explorer still shows a lot of bogus file folders. DDS.exe showed 682 file folders in the C Drive that were bogus. The CFSscript that I believe is used to delete them only had 77 for the C drive. I doublechecked the CFScript.txt text file, and most of the folders are not listed, but there was at least one that was, and it was not deleted after running. I watched Combofix for a while and did watch while it said it was deleting files. But the folder I noticed, c:\A555sQQJ6dE8fR9 is listed in DDS.txt, is not listed in the CFScript.txt, and is still there. If necessary, I will be glad to delete them myself.
IE no longer is redirecting a google search for microsoft, but firefox is. I opened IE, went to google.com, typed "microsoft" in the seach box, and one of the results had the previously visited underline beneath it. I clicked on it, expecting a redirect, but it in fact did go to Microsoft.com. Doing the same thing in FF had me once going to brooderhouse.com, then search.yellowise.com, and the second time tbr.com, followed by search.yellowise.com.
I can handle deleting all those directory entries if necessary, but I need to resolve that last redirect. Windows Security Essentials has not been restarted, and the computer has been disconnected from the Internet. All this was done in regular mode, if that makes a difference. If I need to uninstall Security Essentials and run ComboFix again, just let me know, but I would like to make sure that if we can delete all those directories from the CFScript.txt script, that all the entries are there. I am uploading a png of Windows Explorer showing some of the bogus folders. Thanks again for your help and patience.

Don

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users