Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit infection


  • This topic is locked This topic is locked
29 replies to this topic

#1 xpalidocious

xpalidocious

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 08 July 2012 - 05:42 PM

Hi

My computer was recently infected withthe UK police UKash scam. I was unable to control alt delete nor start the machine in safe mode. I took the hard disc out and ran it in a USB caddy on another machine and performed an AVG 2012 free scan which found and removed three infections. Now my computer is usable but I have two problems:
1) still can't boot in safe mode. (it starts but then goes to an apology screen that there was a problem and offers the boot choice again)
2) when using Google search results when I click on a link it takes me back to Google home page with a search word in the box. Other webpages seem to hyperlink OK.
There is also a lot of hard disc activity when not doing anything.
I am running Windows XP Professional Version 2002 SP3 and Firefox 12.
I downloaded emisoft emergency kit scanner and this detected about 30 infections and removed 11. I now have C:\WINDOWS\system32\svchost.exe and C:\WINDOWS\system32\winlogon.exe infected with Trojan.Patched!E2. It suggests that these are essential windows files and can't be quarantined or deleted so I should go on this forum for advice.

I posted on the 'am I infected? what should I do?' forum and submitted various logs.

http://www.bleepingcomputer.com/forums/topic459625.html

Broni tells me I am infected with the ZeroAccess rootkit and advised posting on this forum.

Here are the requested logs from step 6 in the guide: thanks in advance for any help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 17:59:40 on 2012-07-08
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.388 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\WINDOWS\TEMP\{85A33339-08B3-4C6B-88A3-D74A6ADCD1DE}\InstallFlashPlayer.exe
C:\WINDOWS\TEMP\ICD53.tmp\FP_AX_CAB_INSTALLER64.exe
C:\WINDOWS\TEMP\{5B1233F5-9480-4749-ACA9-D665EBC4C03E}\InstallFlashPlayer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\ICD54.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\{B2AADAB5-3917-4332-8B45-4A4198E734DB}\InstallFlashPlayer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wallpaper Alterer] c:\program files\wallpaperalterer\WallpaperAlterer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Update] c:\windows\system32\er_00_0_l.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235058759082
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6208CDD8-3A8C-4375-A60E-97878CD43D9A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B4872A2D-F8C7-4CBE-9438-546AEE45848B} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ekmqbklh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-27 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [2004-6-25 19584]
S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [2004-6-25 2944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-4 129976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
.
=============== Created Last 30 ================
.
2012-07-08 16:36:16 910 ----a-w- c:\documents and settings\all users\application data\uguqaaa.tmp
2012-07-08 09:44:19 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-07-08 09:43:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-08 09:43:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 09:43:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 19:56:59 -------- d-----w- C:\EMI
2012-07-06 16:17:33 919 ----a-w- c:\documents and settings\all users\application data\qspqaaa.tmp
2012-07-05 22:36:24 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-07-05 22:36:24 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-07-05 22:36:24 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-07-05 22:36:24 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-07-05 22:36:24 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-07-05 22:36:24 6144 ------w- c:\windows\system32\kbd101c.dll
2012-07-05 22:36:24 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-07-05 22:36:24 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-07-05 22:36:17 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-07-05 22:36:17 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-07-05 22:36:15 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-07-05 22:36:15 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-07-04 21:08:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-15 21:36:08 16824 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-06-14 07:19:16 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 16:47:55 -------- d-----w- c:\windows\system32\MpEngineStore
.
==================== Find3M ====================
.
2012-06-27 21:52:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 21:52:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:02:21.18 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-08 23:26:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_6L040J2 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgacqfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEE035F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEE035FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEE036080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEE03611C]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B44834
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00634834
.text C:\Program Files\Mozilla Firefox\firefox.exe[4504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011DC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4504] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0140E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4504] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0140E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4504] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0140E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 09 July 2012 - 02:37 AM

Hello xpalidocious and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    svchost.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 July 2012 - 05:02 AM

Hello ST

Thanks for taking the time to look into my computer problems.

No questions yet!

2. TDSSKiller log.

09:39:44.0453 3932 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
09:39:44.0656 3932 ============================================================
09:39:44.0656 3932 Current date / time: 2012/07/09 09:39:44.0656
09:39:44.0656 3932 SystemInfo:
09:39:44.0656 3932
09:39:44.0656 3932 OS Version: 5.1.2600 ServicePack: 3.0
09:39:44.0656 3932 Product type: Workstation
09:39:44.0656 3932 ComputerName: 2CDD64BFB566405
09:39:44.0656 3932 UserName: Administrator
09:39:44.0656 3932 Windows directory: C:\WINDOWS
09:39:44.0656 3932 System windows directory: C:\WINDOWS
09:39:44.0656 3932 Processor architecture: Intel x86
09:39:44.0656 3932 Number of processors: 1
09:39:44.0656 3932 Page size: 0x1000
09:39:44.0656 3932 Boot type: Normal boot
09:39:44.0656 3932 ============================================================
09:39:49.0796 3932 Drive \Device\Harddisk0\DR0 - Size: 0x951CC0000 (37.28 Gb), SectorSize: 0x200, Cylinders: 0x1302, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:39:49.0796 3932 ============================================================
09:39:49.0796 3932 \Device\Harddisk0\DR0:
09:39:49.0796 3932 MBR partitions:
09:39:49.0796 3932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A8D043
09:39:49.0796 3932 ============================================================
09:39:49.0828 3932 C: <-> \Device\Harddisk0\DR0\Partition0
09:39:49.0843 3932 ============================================================
09:39:49.0843 3932 Initialize success
09:39:49.0843 3932 ============================================================
09:41:11.0234 2640 ============================================================
09:41:11.0234 2640 Scan started
09:41:11.0234 2640 Mode: Manual; SigCheck; TDLFS;
09:41:11.0234 2640 ============================================================
09:41:12.0171 2640 Abiosdsk - ok
09:41:12.0203 2640 abp480n5 - ok
09:41:12.0312 2640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:41:14.0703 2640 ACPI - ok
09:41:14.0734 2640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:41:15.0000 2640 ACPIEC - ok
09:41:15.0109 2640 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:41:15.0156 2640 AdobeFlashPlayerUpdateSvc - ok
09:41:15.0171 2640 adpu160m - ok
09:41:15.0562 2640 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:41:15.0656 2640 aeaudio - ok
09:41:15.0687 2640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:41:16.0046 2640 aec - ok
09:41:16.0125 2640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:41:16.0328 2640 AFD - ok
09:41:16.0343 2640 Aha154x - ok
09:41:16.0375 2640 aic78u2 - ok
09:41:16.0406 2640 aic78xx - ok
09:41:16.0453 2640 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:41:16.0718 2640 Alerter - ok
09:41:16.0750 2640 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:41:16.0921 2640 ALG - ok
09:41:16.0937 2640 AliIde - ok
09:41:16.0968 2640 amsint - ok
09:41:17.0062 2640 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:41:17.0093 2640 Apple Mobile Device - ok
09:41:17.0156 2640 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:41:17.0328 2640 AppMgmt - ok
09:41:17.0343 2640 asc - ok
09:41:17.0359 2640 asc3350p - ok
09:41:17.0390 2640 asc3550 - ok
09:41:17.0421 2640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:41:17.0671 2640 AsyncMac - ok
09:41:17.0765 2640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:41:18.0234 2640 atapi - ok
09:41:18.0265 2640 Atdisk - ok
09:41:18.0312 2640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:41:18.0625 2640 Atmarpc - ok
09:41:18.0671 2640 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:41:18.0984 2640 AudioSrv - ok
09:41:19.0031 2640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:41:19.0296 2640 audstub - ok
09:41:19.0843 2640 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:41:20.0515 2640 AVGIDSAgent - ok
09:41:20.0625 2640 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:41:20.0765 2640 AVGIDSDriver - ok
09:41:20.0812 2640 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:41:20.0843 2640 AVGIDSEH - ok
09:41:20.0875 2640 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:41:20.0906 2640 AVGIDSFilter - ok
09:41:20.0921 2640 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:41:20.0968 2640 AVGIDSShim - ok
09:41:21.0000 2640 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:41:21.0093 2640 Avgldx86 - ok
09:41:21.0125 2640 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:41:21.0156 2640 Avgmfx86 - ok
09:41:21.0203 2640 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:41:21.0250 2640 Avgrkx86 - ok
09:41:21.0312 2640 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:41:21.0359 2640 Avgtdix - ok
09:41:21.0546 2640 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:41:21.0609 2640 avgwd - ok
09:41:21.0671 2640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:41:22.0140 2640 Beep - ok
09:41:22.0343 2640 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:41:22.0718 2640 BITS - ok
09:41:22.0828 2640 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:41:22.0875 2640 Bonjour Service - ok
09:41:22.0921 2640 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:41:23.0171 2640 Browser - ok
09:41:23.0218 2640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:41:23.0531 2640 cbidf2k - ok
09:41:23.0546 2640 cd20xrnt - ok
09:41:23.0593 2640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:41:23.0937 2640 Cdaudio - ok
09:41:23.0968 2640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:41:24.0546 2640 Cdfs - ok
09:41:24.0625 2640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:41:25.0031 2640 Cdrom - ok
09:41:25.0109 2640 Changer - ok
09:41:25.0156 2640 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:41:25.0484 2640 CiSvc - ok
09:41:25.0531 2640 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:41:26.0421 2640 ClipSrv - ok
09:41:26.0468 2640 CmdIde - ok
09:41:26.0515 2640 COMSysApp - ok
09:41:26.0609 2640 Cpqarray - ok
09:41:26.0671 2640 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:41:27.0203 2640 CryptSvc - ok
09:41:27.0218 2640 dac2w2k - ok
09:41:27.0234 2640 dac960nt - ok
09:41:27.0359 2640 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:41:27.0546 2640 DcomLaunch - ok
09:41:27.0609 2640 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:41:27.0921 2640 Dhcp - ok
09:41:27.0968 2640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:41:28.0593 2640 Disk - ok
09:41:28.0625 2640 dmadmin - ok
09:41:28.0828 2640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:41:29.0234 2640 dmboot - ok
09:41:29.0343 2640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:41:29.0687 2640 dmio - ok
09:41:29.0734 2640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:41:30.0296 2640 dmload - ok
09:41:30.0390 2640 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:41:30.0875 2640 dmserver - ok
09:41:30.0953 2640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:41:31.0234 2640 DMusic - ok
09:41:31.0281 2640 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:41:31.0390 2640 Dnscache - ok
09:41:31.0437 2640 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:41:31.0718 2640 Dot3svc - ok
09:41:31.0734 2640 dpti2o - ok
09:41:31.0765 2640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:41:32.0500 2640 drmkaud - ok
09:41:32.0578 2640 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
09:41:32.0718 2640 E1000 - ok
09:41:32.0781 2640 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:41:33.0171 2640 EapHost - ok
09:41:33.0187 2640 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:41:33.0515 2640 ERSvc - ok
09:41:33.0578 2640 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:41:33.0656 2640 Eventlog - ok
09:41:33.0703 2640 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:41:33.0906 2640 EventSystem - ok
09:41:33.0984 2640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:41:34.0703 2640 Fastfat - ok
09:41:34.0796 2640 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:41:35.0000 2640 FastUserSwitchingCompatibility - ok
09:41:35.0093 2640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:41:35.0593 2640 Fdc - ok
09:41:35.0640 2640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:41:35.0984 2640 Fips - ok
09:41:36.0015 2640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:41:36.0546 2640 Flpydisk - ok
09:41:36.0734 2640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:41:37.0437 2640 FltMgr - ok
09:41:37.0484 2640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:41:38.0031 2640 Fs_Rec - ok
09:41:38.0125 2640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:41:38.0703 2640 Ftdisk - ok
09:41:38.0734 2640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:41:38.0812 2640 GEARAspiWDM - ok
09:41:38.0859 2640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:41:39.0359 2640 Gpc - ok
09:41:39.0421 2640 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
09:41:39.0953 2640 grmnusb - ok
09:41:40.0078 2640 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:40.0187 2640 gupdate - ok
09:41:40.0234 2640 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:41:40.0296 2640 gupdatem - ok
09:41:40.0437 2640 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:41:41.0265 2640 helpsvc - ok
09:41:41.0281 2640 HidServ - ok
09:41:41.0343 2640 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:41:41.0718 2640 hkmsvc - ok
09:41:41.0734 2640 hpn - ok
09:41:41.0875 2640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:41:42.0093 2640 HTTP - ok
09:41:42.0125 2640 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:41:42.0828 2640 HTTPFilter - ok
09:41:42.0875 2640 humaxfl (9de82cb89d5dc2fa881a5a5826143cfd) C:\WINDOWS\system32\DRIVERS\humaxfl.sys
09:41:42.0984 2640 humaxfl ( UnsignedFile.Multi.Generic ) - warning
09:41:42.0984 2640 humaxfl - detected UnsignedFile.Multi.Generic (1)
09:41:43.0000 2640 humaxst (833d30d3e4d4acf19af9b10db6ad9a10) C:\WINDOWS\system32\DRIVERS\humaxst.sys
09:41:43.0109 2640 humaxst ( UnsignedFile.Multi.Generic ) - warning
09:41:43.0109 2640 humaxst - detected UnsignedFile.Multi.Generic (1)
09:41:43.0125 2640 i2omgmt - ok
09:41:43.0140 2640 i2omp - ok
09:41:43.0250 2640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:41:43.0625 2640 i8042prt - ok
09:41:43.0828 2640 ialm (3ca41cdb9c912aed354b0c7abe4a4654) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:41:44.0046 2640 ialm ( UnsignedFile.Multi.Generic ) - warning
09:41:44.0046 2640 ialm - detected UnsignedFile.Multi.Generic (1)
09:41:44.0109 2640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:41:44.0703 2640 Imapi - ok
09:41:44.0828 2640 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:41:45.0546 2640 ImapiService - ok
09:41:45.0578 2640 ini910u - ok
09:41:45.0671 2640 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:41:46.0046 2640 IntelIde - ok
09:41:46.0140 2640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:41:46.0765 2640 intelppm - ok
09:41:46.0812 2640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:41:47.0328 2640 Ip6Fw - ok
09:41:47.0390 2640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:41:48.0109 2640 IpFilterDriver - ok
09:41:48.0125 2640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:41:48.0515 2640 IpInIp - ok
09:41:48.0593 2640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:41:49.0687 2640 IpNat - ok
09:41:49.0968 2640 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
09:41:50.0078 2640 iPod Service - ok
09:41:50.0171 2640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:41:51.0640 2640 IPSec - ok
09:41:51.0703 2640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:41:51.0843 2640 IRENUM - ok
09:41:51.0937 2640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:41:52.0343 2640 isapnp - ok
09:41:52.0625 2640 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
09:41:52.0734 2640 JavaQuickStarterService - ok
09:41:52.0828 2640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:41:53.0812 2640 Kbdclass - ok
09:41:54.0000 2640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:41:54.0671 2640 kmixer - ok
09:41:54.0750 2640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:41:55.0015 2640 KSecDD - ok
09:41:55.0109 2640 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:41:55.0375 2640 LanmanServer - ok
09:41:55.0515 2640 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:41:55.0734 2640 lanmanworkstation - ok
09:41:55.0765 2640 lbrtfdc - ok
09:41:55.0843 2640 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:41:56.0343 2640 LmHosts - ok
09:41:56.0406 2640 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:41:56.0859 2640 Messenger - ok
09:41:56.0921 2640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:41:57.0734 2640 mnmdd - ok
09:41:57.0843 2640 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:41:58.0640 2640 mnmsrvc - ok
09:41:58.0718 2640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:41:59.0125 2640 Modem - ok
09:41:59.0187 2640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:41:59.0593 2640 Mouclass - ok
09:41:59.0625 2640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:42:00.0093 2640 MountMgr - ok
09:42:00.0171 2640 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:42:00.0281 2640 MozillaMaintenance - ok
09:42:00.0312 2640 mraid35x - ok
09:42:00.0437 2640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:42:01.0031 2640 MRxDAV - ok
09:42:01.0234 2640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:42:01.0500 2640 MRxSmb - ok
09:42:01.0562 2640 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:42:01.0906 2640 MSDTC - ok
09:42:01.0953 2640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:42:02.0312 2640 Msfs - ok
09:42:02.0328 2640 MSIServer - ok
09:42:02.0390 2640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:42:02.0937 2640 MSKSSRV - ok
09:42:02.0968 2640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:42:03.0390 2640 MSPCLOCK - ok
09:42:03.0421 2640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:42:03.0718 2640 MSPQM - ok
09:42:03.0781 2640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:42:04.0187 2640 mssmbios - ok
09:42:04.0281 2640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:42:04.0421 2640 Mup - ok
09:42:04.0484 2640 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:42:04.0984 2640 napagent - ok
09:42:05.0171 2640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:42:05.0609 2640 NDIS - ok
09:42:05.0671 2640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:42:05.0812 2640 NdisTapi - ok
09:42:05.0843 2640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:42:06.0140 2640 Ndisuio - ok
09:42:06.0218 2640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:42:06.0718 2640 NdisWan - ok
09:42:06.0796 2640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:42:07.0140 2640 NDProxy - ok
09:42:07.0187 2640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:42:07.0546 2640 NetBIOS - ok
09:42:07.0578 2640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:42:07.0937 2640 NetBT - ok
09:42:08.0000 2640 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:42:08.0468 2640 NetDDE - ok
09:42:08.0484 2640 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:42:08.0796 2640 NetDDEdsdm - ok
09:42:08.0843 2640 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:42:09.0421 2640 Netlogon - ok
09:42:09.0531 2640 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:42:09.0875 2640 Netman - ok
09:42:09.0953 2640 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:42:10.0109 2640 Nla - ok
09:42:10.0187 2640 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
09:42:10.0703 2640 nm - ok
09:42:10.0765 2640 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
09:42:10.0859 2640 NPF - ok
09:42:10.0890 2640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:42:11.0250 2640 Npfs - ok
09:42:11.0437 2640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:42:11.0843 2640 Ntfs - ok
09:42:11.0875 2640 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:42:12.0562 2640 NtLmSsp - ok
09:42:12.0781 2640 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:42:13.0390 2640 NtmsSvc - ok
09:42:13.0437 2640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:42:14.0031 2640 Null - ok
09:42:14.0062 2640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:42:14.0500 2640 NwlnkFlt - ok
09:42:14.0515 2640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:42:15.0062 2640 NwlnkFwd - ok
09:42:15.0125 2640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:42:15.0750 2640 Parport - ok
09:42:15.0812 2640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:42:16.0328 2640 PartMgr - ok
09:42:16.0375 2640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:42:16.0796 2640 ParVdm - ok
09:42:16.0843 2640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:42:17.0406 2640 PCI - ok
09:42:17.0437 2640 PCIDump - ok
09:42:17.0468 2640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
09:42:17.0812 2640 PCIIde - ok
09:42:17.0890 2640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:42:18.0250 2640 Pcmcia - ok
09:42:18.0250 2640 PDCOMP - ok
09:42:18.0281 2640 PDFRAME - ok
09:42:18.0328 2640 PDRELI - ok
09:42:18.0343 2640 PDRFRAME - ok
09:42:18.0359 2640 perc2 - ok
09:42:18.0390 2640 perc2hib - ok
09:42:18.0468 2640 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:42:18.0703 2640 PlugPlay - ok
09:42:18.0734 2640 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:42:19.0062 2640 PolicyAgent - ok
09:42:19.0671 2640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:42:20.0015 2640 PptpMiniport - ok
09:42:20.0031 2640 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:42:20.0296 2640 ProtectedStorage - ok
09:42:20.0328 2640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:42:20.0671 2640 PSched - ok
09:42:20.0718 2640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:42:21.0031 2640 Ptilink - ok
09:42:21.0078 2640 ql1080 - ok
09:42:21.0171 2640 Ql10wnt - ok
09:42:21.0281 2640 ql12160 - ok
09:42:21.0328 2640 ql1240 - ok
09:42:21.0375 2640 ql1280 - ok
09:42:21.0421 2640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:42:21.0843 2640 RasAcd - ok
09:42:21.0906 2640 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:42:22.0359 2640 RasAuto - ok
09:42:22.0406 2640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:42:23.0015 2640 Rasl2tp - ok
09:42:23.0109 2640 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:42:23.0562 2640 RasMan - ok
09:42:23.0609 2640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:42:23.0984 2640 RasPppoe - ok
09:42:24.0031 2640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:42:24.0453 2640 Raspti - ok
09:42:24.0546 2640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:42:25.0093 2640 Rdbss - ok
09:42:25.0125 2640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:42:25.0609 2640 RDPCDD - ok
09:42:25.0718 2640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:42:26.0015 2640 rdpdr - ok
09:42:26.0062 2640 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:42:26.0234 2640 RDPWD - ok
09:42:26.0281 2640 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:42:26.0640 2640 RDSessMgr - ok
09:42:26.0734 2640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:42:27.0156 2640 redbook - ok
09:42:27.0234 2640 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:42:27.0531 2640 RemoteAccess - ok
09:42:27.0609 2640 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:42:27.0875 2640 RemoteRegistry - ok
09:42:27.0968 2640 rpcapd (5380f54faa2d980c9c9a65e87a3cd7f1) C:\Program Files\WinPcap\rpcapd.exe
09:42:28.0046 2640 rpcapd - ok
09:42:28.0125 2640 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:42:28.0531 2640 RpcLocator - ok
09:42:28.0640 2640 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:42:29.0359 2640 RpcSs - ok
09:42:29.0453 2640 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:42:29.0953 2640 RSVP - ok
09:42:30.0078 2640 rtl8185 (4a6e7cd1aafdd88a6df6348e277951c2) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
09:42:30.0171 2640 rtl8185 ( UnsignedFile.Multi.Generic ) - warning
09:42:30.0171 2640 rtl8185 - detected UnsignedFile.Multi.Generic (1)
09:42:30.0203 2640 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:42:30.0562 2640 SamSs - ok
09:42:30.0625 2640 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:42:31.0218 2640 SCardSvr - ok
09:42:31.0343 2640 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:42:31.0671 2640 Schedule - ok
09:42:31.0750 2640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:42:32.0078 2640 Secdrv - ok
09:42:32.0156 2640 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:42:32.0671 2640 seclogon - ok
09:42:32.0703 2640 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:42:33.0062 2640 SENS - ok
09:42:33.0093 2640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:42:33.0500 2640 serenum - ok
09:42:33.0625 2640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:42:34.0062 2640 Serial - ok
09:42:34.0125 2640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:42:34.0437 2640 Sfloppy - ok
09:42:34.0531 2640 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:42:35.0031 2640 SharedAccess - ok
09:42:35.0078 2640 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:42:35.0203 2640 ShellHWDetection - ok
09:42:35.0234 2640 Simbad - ok
09:42:35.0312 2640 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
09:42:35.0406 2640 smwdm - ok
09:42:35.0421 2640 Sparrow - ok
09:42:35.0453 2640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:42:35.0703 2640 splitter - ok
09:42:36.0046 2640 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:42:36.0171 2640 Spooler - ok
09:42:36.0281 2640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:42:36.0437 2640 sr - ok
09:42:36.0515 2640 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:42:36.0718 2640 srservice - ok
09:42:36.0781 2640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:42:36.0984 2640 Srv - ok
09:42:37.0062 2640 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:42:37.0234 2640 SSDPSRV - ok
09:42:37.0343 2640 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:42:38.0125 2640 stisvc - ok
09:42:38.0187 2640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:42:38.0734 2640 swenum - ok
09:42:38.0828 2640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:42:39.0421 2640 swmidi - ok
09:42:39.0453 2640 SwPrv - ok
09:42:39.0468 2640 symc810 - ok
09:42:39.0500 2640 symc8xx - ok
09:42:39.0515 2640 sym_hi - ok
09:42:39.0546 2640 sym_u3 - ok
09:42:39.0609 2640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:42:40.0000 2640 sysaudio - ok
09:42:40.0046 2640 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:42:40.0468 2640 SysmonLog - ok
09:42:40.0546 2640 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:42:40.0984 2640 TapiSrv - ok
09:42:41.0109 2640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:42:41.0671 2640 Tcpip - ok
09:42:41.0781 2640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:42:42.0375 2640 TDPIPE - ok
09:42:42.0437 2640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:42:43.0281 2640 TDTCP - ok
09:42:43.0328 2640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:42:43.0828 2640 TermDD - ok
09:42:43.0906 2640 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:42:44.0375 2640 TermService - ok
09:42:44.0468 2640 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:42:44.0875 2640 Themes - ok
09:42:44.0953 2640 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:42:45.0984 2640 TlntSvr - ok
09:42:46.0000 2640 TosIde - ok
09:42:46.0093 2640 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:42:46.0593 2640 TrkWks - ok
09:42:46.0734 2640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:42:47.0421 2640 Udfs - ok
09:42:47.0437 2640 ultra - ok
09:42:47.0781 2640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:42:48.0218 2640 Update - ok
09:42:48.0281 2640 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:42:48.0656 2640 upnphost - ok
09:42:48.0734 2640 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:42:49.0343 2640 UPS - ok
09:42:49.0390 2640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:42:50.0140 2640 usbehci - ok
09:42:50.0250 2640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:42:50.0921 2640 usbhub - ok
09:42:51.0000 2640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:42:52.0234 2640 usbscan - ok
09:42:52.0281 2640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:42:52.0781 2640 USBSTOR - ok
09:42:52.0828 2640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:42:53.0125 2640 usbuhci - ok
09:42:53.0203 2640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:42:53.0718 2640 VgaSave - ok
09:42:53.0750 2640 ViaIde - ok
09:42:53.0843 2640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:42:54.0218 2640 VolSnap - ok
09:42:54.0312 2640 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:42:54.0515 2640 VSS - ok
09:42:54.0562 2640 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:42:54.0937 2640 W32Time - ok
09:42:55.0000 2640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:42:55.0484 2640 Wanarp - ok
09:42:55.0500 2640 WDICA - ok
09:42:55.0531 2640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:42:55.0890 2640 wdmaud - ok
09:42:55.0968 2640 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:42:56.0453 2640 WebClient - ok
09:42:56.0562 2640 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:42:57.0125 2640 winmgmt - ok
09:42:57.0234 2640 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:42:57.0500 2640 WmdmPmSN - ok
09:42:57.0718 2640 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:42:58.0031 2640 Wmi - ok
09:42:58.0140 2640 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:42:58.0578 2640 WmiApSrv - ok
09:42:58.0968 2640 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:42:59.0437 2640 WMPNetworkSvc - ok
09:42:59.0484 2640 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:42:59.0968 2640 wscsvc - ok
09:43:00.0000 2640 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:43:00.0437 2640 wuauserv - ok
09:43:00.0515 2640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:43:00.0625 2640 WudfPf - ok
09:43:00.0671 2640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:43:01.0078 2640 WudfRd - ok
09:43:01.0140 2640 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:43:01.0406 2640 WudfSvc - ok
09:43:01.0859 2640 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:43:02.0609 2640 WZCSVC - ok
09:43:02.0765 2640 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:43:03.0625 2640 xmlprov - ok
09:43:03.0812 2640 ZD1211U(ZyDAS) (2a1274b9e7d71216b0fb5e998498d2e4) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
09:43:04.0046 2640 ZD1211U(ZyDAS) - ok
09:43:04.0078 2640 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
09:43:04.0281 2640 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - warning
09:43:04.0343 2640 ZDPNDIS5 - detected UnsignedFile.Multi.Generic (1)
09:43:04.0468 2640 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:43:06.0375 2640 \Device\Harddisk0\DR0 - ok
09:43:06.0437 2640 Boot (0x1200) (a885fe20808d7dda2203056d87adb45a) \Device\Harddisk0\DR0\Partition0
09:43:06.0437 2640 \Device\Harddisk0\DR0\Partition0 - ok
09:43:06.0453 2640 ============================================================
09:43:06.0453 2640 Scan finished
09:43:06.0500 2640 ============================================================
09:43:06.0671 1480 Detected object count: 5
09:43:06.0671 1480 Actual detected object count: 5
09:43:48.0671 1480 humaxfl ( UnsignedFile.Multi.Generic ) - skipped by user
09:43:48.0671 1480 humaxfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:43:48.0671 1480 humaxst ( UnsignedFile.Multi.Generic ) - skipped by user
09:43:48.0671 1480 humaxst ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:43:48.0671 1480 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
09:43:48.0671 1480 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:43:48.0703 1480 rtl8185 ( UnsignedFile.Multi.Generic ) - skipped by user
09:43:48.0703 1480 rtl8185 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:43:48.0703 1480 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:43:48.0703 1480 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:50.0546 3132 Deinitialize success

3. Farbar Service Scanner log.

Farbar Service Scanner Version: 08-07-2012
Ran by Administrator (administrator) on 09-07-2012 at 09:55:45
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0039424 ____A (Microsoft Corporation) EBE97CBBB0C6A80B6BF1F31EDDFFDE28

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

4. OTL.txt & Extras.txt logs.

OTL logfile created on: 09/07/2012 10:01:34 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.99 Mb Total Physical Memory | 267.13 Mb Available Physical Memory | 26.14% Memory free
1.66 Gb Paging File | 0.80 Gb Available in Paging File | 48.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 5.52 Gb Free Space | 14.80% Space Free | Partition Type: NTFS

Computer Name: 2CDD64BFB566405 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 09:59:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/07/09 09:40:22 | 009,225,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\{CBA7D597-2EEC-4940-808F-938248376E69}\InstallFlashPlayer.exe
PRC - [2012/07/09 09:39:29 | 009,225,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\{921E24F5-064D-402E-A9B6-E11FAECC4F83}\InstallFlashPlayer.exe
PRC - [2012/07/09 09:31:17 | 009,225,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\{9ED7AFD3-9DF7-4F31-BA97-D701570D53E4}\InstallFlashPlayer.exe
PRC - [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/27 12:54:02 | 000,156,320 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\ICD61.tmp\FP_AX_CAB_INSTALLER64.exe
PRC - [2012/04/27 12:54:02 | 000,156,320 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\ICD60.tmp\FP_AX_CAB_INSTALLER64.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/05 18:18:49 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 13:00:00 | 001,058,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/10 12:05:18 | 000,393,216 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/04 22:07:22 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/27 22:52:24 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/03/26 20:47:33 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2004/07/10 12:05:18 | 000,393,216 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
MOD - [2004/07/10 12:05:06 | 000,040,960 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.dll
MOD - [2004/06/29 14:14:00 | 000,196,608 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll
MOD - [2004/03/05 16:00:58 | 000,155,648 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ssleay32.dll
MOD - [2004/03/05 16:00:26 | 000,827,392 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/04 22:07:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/27 22:52:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/12/23 16:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/12/23 16:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/07/05 23:38:06 | 000,233,472 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2004/06/25 01:31:28 | 000,019,584 | ---- | M] (HUMAX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\humaxfl.sys -- (humaxfl)
DRV - [2004/06/25 01:31:28 | 000,002,944 | ---- | M] (HUMAX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\humaxst.sys -- (humaxst)
DRV - [2004/01/14 12:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390067357-1993962763-1644491937-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1390067357-1993962763-1644491937-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1390067357-1993962763-1644491937-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-1993962763-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1993962763-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/08 16:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/08 16:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/04 22:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 22:07:27 | 000,000,000 | ---D | M]

[2009/09/03 17:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/06/15 22:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekmqbklh.default\extensions
[2010/01/08 18:20:24 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekmqbklh.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/01/08 18:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekmqbklh.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2012/07/04 22:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/04 22:07:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/04 22:07:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/07/04 22:07:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/04 22:07:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/04 22:07:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/07/04 22:07:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/07/04 22:07:17 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer for Windows\AutoUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\er_00_0_l.exe File not found
O4 - HKU\S-1-5-21-1390067357-1993962763-1644491937-500..\Run: [Wallpaper Alterer] C:\Program Files\WallpaperAlterer\WallpaperAlterer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1993962763-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235058759082 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6208CDD8-3A8C-4375-A60E-97878CD43D9A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4872A2D-F8C7-4CBE-9438-546AEE45848B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/19 16:22:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)



ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 17:59:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/07/08 10:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/07/08 10:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/08 10:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/08 10:43:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/08 10:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/08 09:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Bleeping logs
[2012/07/06 20:56:59 | 000,000,000 | ---D | C] -- C:\EMI
[2012/07/05 23:36:24 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2012/07/05 23:36:24 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2012/07/05 23:36:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2012/07/05 23:36:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2012/07/05 23:36:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2012/07/05 23:36:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2012/07/05 23:36:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2012/07/05 23:36:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2012/07/05 23:36:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2012/07/05 23:36:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2012/07/05 23:36:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2012/07/05 23:36:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2012/07/04 22:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/04 22:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/14 08:19:16 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/13 17:47:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/06/13 17:25:18 | 072,782,880 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\My Documents\msert.exe
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 10:13:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 09:51:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/09 09:21:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/09 09:21:28 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/09 09:21:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/08 17:57:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/07/08 16:43:49 | 002,220,899 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\pspbrwse.jbf
[2012/07/08 16:43:25 | 000,093,416 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Pic 003.jpg
[2012/07/08 16:42:26 | 000,138,033 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Spring 2012 051.jpg
[2012/07/08 10:43:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 10:55:22 | 001,035,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\emisoft malware.psp
[2012/07/07 08:10:40 | 101,250,975 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/05 22:38:19 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/04 21:05:03 | 000,546,462 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Picture 001.jpg
[2012/07/04 21:05:03 | 000,543,776 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\75. Spring 2012 051.jpg
[2012/07/04 21:05:03 | 000,542,699 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Picture 003.jpg
[2012/07/04 21:05:03 | 000,537,960 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Picture 002.jpg
[2012/06/28 13:10:22 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/06/27 22:52:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/27 22:52:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/15 20:09:15 | 000,243,795 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Inghams Itinerary.pdf
[2012/06/15 16:30:27 | 000,134,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/06/15 11:49:30 | 000,068,270 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FLPC2011.jpg
[2012/06/15 11:44:59 | 000,068,793 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FLPC2010.jpg
[2012/06/15 10:19:57 | 000,245,916 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\boardingDocs.pdf
[2012/06/15 09:53:04 | 000,640,371 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\P1060491.jpg
[2012/06/14 14:19:07 | 000,083,042 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Model Railway.jpg
[2012/06/14 08:34:01 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 08:28:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 20:31:14 | 001,782,235 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\virus4.psp
[2012/06/13 17:55:22 | 001,755,501 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\virus2.psp
[2012/06/13 17:33:44 | 000,412,095 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mss result.psp
[2012/06/13 17:16:24 | 072,782,880 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\My Documents\msert.exe
[2012/06/13 16:16:13 | 000,751,649 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\virii june 12.psp
[2012/06/11 16:29:48 | 001,555,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\P1060533.JPG
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 17:57:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/07/08 16:43:24 | 000,093,416 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Pic 003.jpg
[2012/07/08 16:42:26 | 000,138,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Spring 2012 051.jpg
[2012/07/08 10:43:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 10:55:22 | 001,035,516 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\emisoft malware.psp
[2012/07/04 22:07:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/04 21:05:03 | 000,546,462 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Picture 001.jpg
[2012/07/04 21:05:03 | 000,543,776 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\75. Spring 2012 051.jpg
[2012/07/04 21:05:03 | 000,542,699 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Picture 003.jpg
[2012/07/04 21:05:03 | 000,537,960 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Picture 002.jpg
[2012/06/15 20:09:15 | 000,243,795 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Inghams Itinerary.pdf
[2012/06/15 11:49:30 | 000,068,270 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FLPC2011.jpg
[2012/06/15 11:44:58 | 000,068,793 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FLPC2010.jpg
[2012/06/15 10:19:57 | 000,245,916 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\boardingDocs.pdf
[2012/06/14 14:19:07 | 000,083,042 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Model Railway.jpg
[2012/06/14 14:11:35 | 001,555,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\P1060533.JPG
[2012/06/14 14:11:02 | 000,640,371 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\P1060491.jpg
[2012/06/14 14:09:54 | 001,414,134 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\P1060386.JPG
[2012/06/13 20:31:14 | 001,782,235 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\virus4.psp
[2012/06/13 17:55:22 | 001,755,501 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\virus2.psp
[2012/06/13 17:33:44 | 000,412,095 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mss result.psp
[2012/06/13 16:16:13 | 000,751,649 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\virii june 12.psp
[2012/05/30 23:14:40 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5d0a6a55-5ee5-717c-7afa-62c9a2dcb1a9}\L\00000004.@
[2012/04/16 20:57:57 | 000,018,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 17:57:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/05/30 19:15:37 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/14 13:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5d0a6a55-5ee5-717c-7afa-62c9a2dcb1a9}\@

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/02/19 17:10:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/02/19 17:10:26 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/02/19 17:10:26 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/05/02 14:46:36 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011/02/16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/10/16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 13:00:00 | 001,058,304 | ---- | M] (Microsoft Corporation) MD5=E69F74E7559F7D466415C9524616D5C3 -- C:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,058,304 | ---- | M] (Microsoft Corporation) MD5=E69F74E7559F7D466415C9524616D5C3 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETBT.SYS >
[2008/04/14 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/14 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 13:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=EBE97CBBB0C6A80B6BF1F31EDDFFDE28 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 13:00:00 | 000,544,768 | ---- | M] (Microsoft Corporation) MD5=B9B233C657BD5E2355FA76A3FD98CFA6 -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/04 22:07:17 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/04 22:07:17 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/04 22:07:17 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/04 22:07:17 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/04 22:07:17 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/04 22:07:17 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/04 22:07:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 09/07/2012 10:01:34 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.99 Mb Total Physical Memory | 267.13 Mb Available Physical Memory | 26.14% Memory free
1.66 Gb Paging File | 0.80 Gb Available in Paging File | 48.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 5.52 Gb Free Space | 14.80% Space Free | Partition Type: NTFS

Computer Name: 2CDD64BFB566405 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1390067357-1993962763-1644491937-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops Photo] -- "C:\Program Files\Jessops Photo\Jessops Photo\Jessops Photo.exe" "%1" ()
Directory [Photo Show] -- "C:\Program Files\Jessops Photo\Jessops Photo\Photo Show.exe" -d "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11g Wireless LAN - USB
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1F9422-E734-4AF2-B5B0-F33D3DE50384}" = MapSource - MetroGuide Europe v7
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{D8FF6E29-36B4-474F-A88F-973087650C00}" = CyberView X - SF v1.04
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer for Windows (Full Package)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"FileZilla Client" = FileZilla Client 3.5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{AC1F9422-E734-4AF2-B5B0-F33D3DE50384}" = MapSource - MetroGuide Europe v7
"IrfanView" = IrfanView (remove only)
"Jessops Photo" = Jessops Photo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Media eLinker" = Media eLinker
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteWorthy Composer" = NoteWorthy Composer
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"VLC media player" = VLC media player 1.1.4
"Wallpaper Alterer" = Wallpaper Alterer 1.0
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1 beta5
"Wireshark" = Wireshark 1.2.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-1993962763-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/07/2030 14:53:34 | Computer Name = 2CDD64BFB566405 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 04/07/2012 17:04:28 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x00088fc7.

Error - 07/07/2012 05:50:48 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x00024219.

Error - 07/07/2012 17:33:37 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x000e0c5c.

Error - 07/07/2012 18:00:02 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00036dab.

Error - 08/07/2012 05:14:29 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:20:21 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:33:10 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:37:00 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:39:24 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 04/07/2030 14:53:34 | Computer Name = 2CDD64BFB566405 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 04/07/2012 17:04:28 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x00088fc7.

Error - 07/07/2012 05:50:48 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x00024219.

Error - 07/07/2012 17:33:37 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x000e0c5c.

Error - 07/07/2012 18:00:02 | Computer Name = 2CDD64BFB566405 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00036dab.

Error - 08/07/2012 05:14:29 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:20:21 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:33:10 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:37:00 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/07/2012 05:39:24 | Computer Name = 2CDD64BFB566405 | Source = Application Hang | ID = 1002
Description = Hanging application MiniToolBox.exe, version 3.3.8.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 07/07/2012 06:59:52 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00160A18C5F8. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 07/07/2012 17:08:05 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 08/07/2012 02:31:47 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 08/07/2012 03:55:36 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 08/07/2012 06:57:11 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 08/07/2012 11:25:34 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 08/07/2012 13:35:48 | Computer Name = 2CDD64BFB566405 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 09/07/2012 03:06:48 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 09/07/2012 04:21:22 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00160A18C5F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 09/07/2012 04:21:27 | Computer Name = 2CDD64BFB566405 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00160A18C5F8. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >


5. An update on how your computer is currently running.

After running all the scanners I tried Google and was able to correctly link to results pages.
But after I rebooted I cannot get Google results to link properly (it just goes back to Google homepage with words in the search box).
Am unable to start in safe mode still.
Hard disc is still clattering when I'm not doing anything.

Thanks for your help

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 11 July 2012 - 08:18 AM

Hi xpalidocious!

Apologizes on the delay, I've been having some issues with my connection.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\er_00_0_l.exe File not found
    O4 - HKU\S-1-5-21-1390067357-1993962763-1644491937-500..\Run: [Wallpaper Alterer] C:\Program Files\WallpaperAlterer\WallpaperAlterer.exe ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    [2012/05/30 23:14:40 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5d0a6a55-5ee5-717c-7afa-62c9a2dcb1a9}\L\00000004.@
    [2008/04/14 13:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5d0a6a55-5ee5-717c-7afa-62c9a2dcb1a9}\@
    PRC - [2012/07/09 09:40:22 | 009,225,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\{CBA7D597-2EEC-4940-808F-938248376E69}\InstallFlashPlayer.exe
    PRC - [2012/07/09 09:39:29 | 009,225,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\{921E24F5-064D-402E-A9B6-E11FAECC4F83}\InstallFlashPlayer.exe
    PRC - [2012/07/09 09:31:17 | 009,225,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\{9ED7AFD3-9DF7-4F31-BA97-D701570D53E4}\InstallFlashPlayer.exe
    PRC - [2012/04/27 12:54:02 | 000,156,320 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\ICD61.tmp\FP_AX_CAB_INSTALLER64.exe
    PRC - [2012/04/27 12:54:02 | 000,156,320 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Temp\ICD60.tmp\FP_AX_CAB_INSTALLER64.exe
    O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer for Windows\AutoUpdate.exe ()
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 11 July 2012 - 03:33 PM

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

I've got some security updates waiting to be installed - is it OK to install those or should I wait until the cleaning process is finished?

2. OTL Fix log file.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-1993962763-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Run\\Wallpaper Alterer deleted successfully.
C:\Program Files\WallpaperAlterer\WallpaperAlterer.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\{5d0a6a55-5ee5-717c-7afa-62c9a2dcb1a9}\L\00000004.@ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\{5d0a6a55-5ee5-717c-7afa-62c9a2dcb1a9}\@ moved successfully.
No active process named InstallFlashPlayer.exe was found!
No active process named InstallFlashPlayer.exe was found!
No active process named InstallFlashPlayer.exe was found!
No active process named FP_AX_CAB_INSTALLER64.exe was found!
No active process named FP_AX_CAB_INSTALLER64.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MPlayerForWindows_UpdateReminder deleted successfully.
C:\Program Files\MPlayer for Windows\AutoUpdate.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 216356 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 9592068 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 9.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07112012_182214

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

3. ComboFix.txt log file.

Combofix installed the Windows recovery console. Also I disabled AVC anti-virus for 15 minutes while Combofix was running but it took about 25 minutes so the anti-virus may have come on in the middle of its run.

ComboFix 12-07-11.03 - Administrator 11/07/2012 19:01:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.703 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\fuvqaaa.tmp
c:\documents and settings\All Users\Application Data\qspqaaa.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\vguqaaa.tmp
c:\windows\expl.dat
c:\windows\system32\dllc.dat
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 17:22 . 2012-07-11 17:22 -------- d-----w- C:\_OTL
2012-07-08 09:44 . 2012-07-08 09:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-08 09:43 . 2012-07-08 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 09:43 . 2012-07-08 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 09:43 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 06:50 . 2012-07-10 07:11 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer
2012-07-06 19:56 . 2012-07-06 19:57 -------- d-----w- C:\EMI
2012-07-05 22:36 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-07-05 22:36 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-07-05 22:36 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-07-05 22:36 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 ------w- c:\windows\system32\kbd101c.dll
2012-07-05 22:36 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-07-05 22:36 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-07-05 22:36 . 2008-04-14 04:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-07-05 22:36 . 2008-04-14 04:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-07-04 21:08 . 2012-07-04 21:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-15 16:56 . 2012-06-15 16:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-06-14 07:19 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 16:47 . 2012-06-13 19:34 -------- d-----w- c:\windows\system32\MpEngineStore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 21:52 . 2012-05-27 22:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 21:52 . 2011-11-01 08:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 14:19 . 2009-02-19 15:53 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2009-02-19 15:53 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2009-02-19 15:19 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2009-02-19 15:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-02-19 15:19 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-02-19 15:53 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-02-19 15:53 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2009-02-19 15:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2009-02-19 15:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-02-19 15:53 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2009-02-19 15:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2009-02-19 15:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2008-04-14 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-02-19 15:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 21:07 . 2012-07-04 21:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B9B233C657BD5E2355FA76A3FD98CFA6 . 544768 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . EBE97CBBB0C6A80B6BF1F31EDDFFDE28 . 39424 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . E69F74E7559F7D466415C9524616D5C3 . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-2-19 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 02:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 07:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 07:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 02:14 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 07:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 02:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 02:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 07:21 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 23:29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/05/2012 23:00 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 23:29 136176]
S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 01:31 19584]
S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 01:31 2944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [04/07/2012 22:08 129976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 16:35 50704]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:52]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 22:29]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 22:29]
.
2012-04-03 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-27 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekmqbklh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Media eLinker - c:\program files\Humax Digital\Media eLinker\uninstall.exe
AddRemove-Wallpaper Alterer - c:\program files\Wallpaper Alterer\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,00,c6,27,e5,08,81,45,98,12,a3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,00,c6,27,e5,08,81,45,98,12,a3,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,79,de,d2,ec,0e,69,42,98,04,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,79,de,d2,ec,0e,69,42,98,04,f3,\
.
Completion time: 2012-07-11 19:27:11
ComboFix-quarantined-files.txt 2012-07-11 18:27
.
Pre-Run: 6,742,265,856 bytes free
Post-Run: 8,902,467,584 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A8637587AC19B528E47A9F1BD94E4971

4. An update on how your computer is currently running.

I can now boot in safe mode. Good stuff!
Google search results now link correctly.
Still lots of hard disc activity when I'm not doing anything.

Thanks again for your time.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 12 July 2012 - 02:39 AM

Hi xpadlidocious!

Glad to hear that things appear to be improving.

We do still have some work to do, but we are making some excellent progress.

Do you happen to have your Windows XP disc?

I've got some security updates waiting to be installed - is it OK to install those or should I wait until the cleaning process is finished?

Yes, please go ahead and allow those security updates to install.

Combofix installed the Windows recovery console. Also I disabled AVC anti-virus for 15 minutes while Combofix was running but it took about 25 minutes so the anti-virus may have come on in the middle of its run.

Okay, thank you for that information.

I think your installation maybe corrupt. I'm going to ask that you remove AVG for a little bit, and then have you re-install it later.


AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:



VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: c:\windows\explorer.exe
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please copy the URL in the address bar, and paste it back in this thread for me to review.

Please repeat the above process for the following file below:

c:\windows\system32\winlogon.exe
c:\windows\system32\svchost.exe

Please post the results in your next reply


NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Folder::
C:\Program Files\AVG\
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=-
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=-
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=-
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe"=-
"C:\Program Files\AVG\AVG8\avgemc.exe"=-
"C:\Program Files\AVG\AVG8\avgnsx.exe"=-
"C:\Program Files\AVG\AVG2012\avgnsx.exe"=-
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"=-
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"=-
"C:\Program Files\AVG\AVG2012\avgemcx.exe"=-
"C:\WINDOWS\explorer.exe"=-
Driver::
AVGIDSEH
Avgrkx86
Avgldx86
Avgtdix
AVGIDSAgent
avgwd
AVGIDSDriver
AVGIDSFilter
AVGIDSShim
File::
c:\windows\system32\drivers\AVGIDSEH.sys
c:\windows\system32\drivers\avgrkx86.sys
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\drivers\avgtdix.sys
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\windows\system32\drivers\AVGIDSDriver.sys
c:\windows\system32\drivers\AVGIDSFilter.sys
c:\windows\system32\drivers\AVGIDSShim.sys
SRPeek::
c:\windows\system32\winlogon.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 12 July 2012 - 05:48 AM

Hi ST

I didn't get an XP disc when I bought the computer - I have the product key and Windows was already installed.

I installed security updates - one of them was the malicious software remover which ran and said it had found malware - cancelled it partway through.

I ran the AVG removal tool - it seemed to partly remove it but the icon was still bottom right with some components present and some not. I temporarily disabled it and ran Combofix - it saw AVG was still there but seemed to run OK.

VirusTotal File Scan urls:

explorer.exe

https://www.virustotal.com/file/f9734623e09989463c2404730c5fe482ba4aa9fbaa055b40bd952bf3acec69c6/analysis/1342082321/

winlogon.exe

https://www.virustotal.com/file/5cecb291f89895b867de86a932f5cd84246065ef9ad10b5b2fb89ad53ad1fe79/analysis/1342082822/

svchost.exe

https://www.virustotal.com/file/99fec0f21117079a400144ef5ca8a8ff7ceb1b899e80a503af653d4f5527ea21/analysis/1342083090/

Combofix log:

ComboFix 12-07-11.03 - Administrator 12/07/2012 11:16:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.552 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\AVG\AVG2012\AVGIDSAgent.exe"
"c:\program files\AVG\AVG2012\avgwdsvc.exe"
"c:\windows\system32\drivers\AVGIDSDriver.sys"
"c:\windows\system32\drivers\AVGIDSEH.sys"
"c:\windows\system32\drivers\AVGIDSFilter.sys"
"c:\windows\system32\drivers\AVGIDSShim.sys"
"c:\windows\system32\drivers\avgldx86.sys"
"c:\windows\system32\drivers\avgrkx86.sys"
"c:\windows\system32\drivers\avgtdix.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ltsqaaa.tmp
c:\documents and settings\All Users\Application Data\ohxqaaa.tmp
c:\documents and settings\All Users\Application Data\vguqaaa.tmp
c:\program files\AVG
c:\program files\AVG\AVG2012\3rd_party\licenses\ace.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\arabica.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\boost.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\bsdiff.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\bzip.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\carp.html
c:\program files\AVG\AVG2012\3rd_party\licenses\cryptopp.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\curl.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\dazukofs.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\expat.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\imagemagick.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\infozip.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\lua.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\md4_md5_license.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\milter.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\minizip.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\openssl_license.html
c:\program files\AVG\AVG2012\3rd_party\licenses\sasl.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\tinyxml.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\unrar.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\untar.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\xalan_xerces.txt
c:\program files\AVG\AVG2012\3rd_party\licenses\zlib.txt
c:\program files\AVG\AVG2012\3rd_party\readme.txt
c:\program files\AVG\AVG2012\avg.snu
c:\program files\AVG\AVG2012\avg_us.chm
c:\program files\AVG\AVG2012\avg_us.lng
c:\program files\AVG\AVG2012\avgabout.dll
c:\program files\AVG\AVG2012\avgamnot.dll
c:\program files\AVG\AVG2012\avgapix.dll
c:\program files\AVG\AVG2012\avgapps.dll
c:\program files\AVG\AVG2012\avgar_us.chm
c:\program files\AVG\AVG2012\avgatend.stp
c:\program files\AVG\AVG2012\avgatupd.stp
c:\program files\AVG\AVG2012\avgcclix.dll
c:\program files\AVG\AVG2012\avgcertx.dll
c:\program files\AVG\AVG2012\avgcfgex.exe
c:\program files\AVG\AVG2012\avgcfgx.dll
c:\program files\AVG\AVG2012\avgchclx.dll
c:\program files\AVG\AVG2012\avgchjwx.dll
c:\program files\AVG\AVG2012\avgclitx.dll
c:\program files\AVG\AVG2012\avgcmgr.exe
c:\program files\AVG\AVG2012\avgcorex.dll
c:\program files\AVG\AVG2012\avgcremx.exe
c:\program files\AVG\AVG2012\avgcslx.dll
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgdecider.dll
c:\program files\AVG\AVG2012\avgdg_us.chm
c:\program files\AVG\AVG2012\avgdiagex.exe
c:\program files\AVG\AVG2012\avgdumpx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgf_us.chm
c:\program files\AVG\AVG2012\avgf_us.chw
c:\program files\AVG\AVG2012\avgfree_us.mht
c:\program files\AVG\AVG2012\avgidp_us.chm
c:\program files\AVG\AVG2012\avgidpmx.dll
c:\program files\AVG\AVG2012\avgidpsdkx.dll
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\AVG\AVG2012\avglngx.dll
c:\program files\AVG\AVG2012\avglogx.dll
c:\program files\AVG\AVG2012\avgls_us.chm
c:\program files\AVG\AVG2012\avglscanx.exe
c:\program files\AVG\AVG2012\avgmfapx.exe
c:\program files\AVG\AVG2012\avgmfarx.dll
c:\program files\AVG\AVG2012\avgmtrapx.dll
c:\program files\AVG\AVG2012\avgmvflx.dll
c:\program files\AVG\AVG2012\avgmwdef_us.mht
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgntdumpx.exe
c:\program files\AVG\AVG2012\avgntopensslx.dll
c:\program files\AVG\AVG2012\avgntsqlitex.dll
c:\program files\AVG\AVG2012\avgopensslx.dll
c:\program files\AVG\AVG2012\avgpostinstx.dll
c:\program files\AVG\AVG2012\avgpp.dll
c:\program files\AVG\AVG2012\avgresf.dll
c:\program files\AVG\AVG2012\avgrktx.dll
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgsals_us.mht
c:\program files\AVG\AVG2012\avgsbfree_us.mht
c:\program files\AVG\AVG2012\avgscanx.dll
c:\program files\AVG\AVG2012\avgscanx.exe
c:\program files\AVG\AVG2012\avgsched.dll
c:\program files\AVG\AVG2012\avgse.dll
c:\program files\AVG\AVG2012\avgsrmax.exe
c:\program files\AVG\AVG2012\avgsrmx.dll
c:\program files\AVG\AVG2012\avgssie.dll
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\AVG\AVG2012\AVGTBInstall.exe
c:\program files\AVG\AVG2012\avgtray.exe
c:\program files\AVG\AVG2012\avgtrial_us.mht
c:\program files\AVG\AVG2012\avgui.exe
c:\program files\AVG\AVG2012\avguiadv.dll
c:\program files\AVG\AVG2012\avguires.dll
c:\program files\AVG\AVG2012\avgupd.sig
c:\program files\AVG\AVG2012\avgupdx.dll
c:\program files\AVG\AVG2012\avgutilx.dll
c:\program files\AVG\AVG2012\avgvvx.dll
c:\program files\AVG\AVG2012\avgwd.dll
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\AVG\AVG2012\avgwdwsc.dll
c:\program files\AVG\AVG2012\avgwebui.dll
c:\program files\AVG\AVG2012\avgwsc.exe
c:\program files\AVG\AVG2012\avgxpl.dll
c:\program files\AVG\AVG2012\awacs\dav\component\content.dat
c:\program files\AVG\AVG2012\awacs\dav\component\image.bmp
c:\program files\AVG\AVG2012\awacs\dav\sign.bin
c:\program files\AVG\AVG2012\awacs\fas\component\content.dat
c:\program files\AVG\AVG2012\awacs\fas\component\image.bmp
c:\program files\AVG\AVG2012\awacs\fas\sign.bin
c:\program files\AVG\AVG2012\awacs\mobilation_en\component\content.dat
c:\program files\AVG\AVG2012\awacs\mobilation_en\component\image.bmp
c:\program files\AVG\AVG2012\awacs\mobilation_en\sign.bin
c:\program files\AVG\AVG2012\awacs\mobilation_en_sp1\component\content.dat
c:\program files\AVG\AVG2012\awacs\mobilation_en_sp1\component\image.bmp
c:\program files\AVG\AVG2012\awacs\mobilation_en_sp1\sign.bin
c:\program files\AVG\AVG2012\awacs\obx\component\content.dat
c:\program files\AVG\AVG2012\awacs\obx\component\image.bmp
c:\program files\AVG\AVG2012\awacs\obx\sign.bin
c:\program files\AVG\AVG2012\awacs\pct\component\content.dat
c:\program files\AVG\AVG2012\awacs\pct\component\image.bmp
c:\program files\AVG\AVG2012\awacs\pct\sign.bin
c:\program files\AVG\AVG2012\awacs\rules.cat
c:\program files\AVG\AVG2012\awacs\rules.js
c:\program files\AVG\AVG2012\awacs\speedtest\component\content.dat
c:\program files\AVG\AVG2012\awacs\speedtest\component\speedtest.bmp
c:\program files\AVG\AVG2012\awacs\speedtest\sign.bin
c:\program files\AVG\AVG2012\awacs\speedtest_sp1\component\content.dat
c:\program files\AVG\AVG2012\awacs\speedtest_sp1\component\speedtest2.bmp
c:\program files\AVG\AVG2012\awacs\speedtest_sp1\sign.bin
c:\program files\AVG\AVG2012\awacs\techbuddy\component\content.dat
c:\program files\AVG\AVG2012\awacs\techbuddy\component\techbuddy.mht
c:\program files\AVG\AVG2012\awacs\techbuddy\sign.bin
c:\program files\AVG\AVG2012\axioo.dll
c:\program files\AVG\AVG2012\cf.dat
c:\program files\AVG\AVG2012\Chrome\safesearch.crx
c:\program files\AVG\AVG2012\compat.ini
c:\program files\AVG\AVG2012\contacts_us.html
c:\program files\AVG\AVG2012\dfncfg.dat
c:\program files\AVG\AVG2012\Drivers\avgld.cat
c:\program files\AVG\AVG2012\Drivers\avgld.inf
c:\program files\AVG\AVG2012\Drivers\avgldx64.sys
c:\program files\AVG\AVG2012\Drivers\avgldx86.sys
c:\program files\AVG\AVG2012\Drivers\avgmf.cat
c:\program files\AVG\AVG2012\Drivers\avgmf.inf
c:\program files\AVG\AVG2012\Drivers\avgmfx64.sys
c:\program files\AVG\AVG2012\Drivers\avgmfx86.sys
c:\program files\AVG\AVG2012\Drivers\avgrk.cat
c:\program files\AVG\AVG2012\Drivers\avgrk.inf
c:\program files\AVG\AVG2012\Drivers\avgrkx64.sys
c:\program files\AVG\AVG2012\Drivers\avgrkx86.sys
c:\program files\AVG\AVG2012\Drivers\avgtdi.cat
c:\program files\AVG\AVG2012\Drivers\avgtdi.inf
c:\program files\AVG\AVG2012\Drivers\avgtdia.sys
c:\program files\AVG\AVG2012\Drivers\avgtdix.sys
c:\program files\AVG\AVG2012\Drivers\ErHrXpx86\AVGIDSEH.cat
c:\program files\AVG\AVG2012\Drivers\ErHrXpx86\AVGIDSEH.inf
c:\program files\AVG\AVG2012\Drivers\ErHrXpx86\AVGIDSEH.sys
c:\program files\AVG\AVG2012\Drivers\platform_XP\UniversalDD.sys
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSDriver.cat
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSDriver.inf
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSDriver.sys
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSFilter.cat
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSFilter.inf
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSFilter.sys
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSShim.cat
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSShim.inf
c:\program files\AVG\AVG2012\Drivers\XP\AVGIDSShim.sys
c:\program files\AVG\AVG2012\Firefox\chrome.manifest
c:\program files\AVG\AVG2012\Firefox\Chrome\searchshield.jar
c:\program files\AVG\AVG2012\Firefox\Components\avgssff.dll
c:\program files\AVG\AVG2012\Firefox\Components\ISearchShield.xpt
c:\program files\AVG\AVG2012\Firefox\install.rdf
c:\program files\AVG\AVG2012\Firefox4\chrome.manifest
c:\program files\AVG\AVG2012\Firefox4\Chrome\searchshield.jar
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff10.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff4.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff5.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff6.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff7.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff8.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff9.dll
c:\program files\AVG\AVG2012\Firefox4\Components\ISearchShield4.xpt
c:\program files\AVG\AVG2012\Firefox4\install.rdf
c:\program files\AVG\AVG2012\fixcfg.exe
c:\program files\AVG\AVG2012\HtmLayout.dll
c:\program files\AVG\AVG2012\Icons\alert_mask.png
c:\program files\AVG\AVG2012\Icons\background_middle_gray.gif
c:\program files\AVG\AVG2012\Icons\background_middle_green.gif
c:\program files\AVG\AVG2012\Icons\background_middle_orange.gif
c:\program files\AVG\AVG2012\Icons\background_middle_red.gif
c:\program files\AVG\AVG2012\Icons\background_middle_yellow.gif
c:\program files\AVG\AVG2012\Icons\background_top_gray.gif
c:\program files\AVG\AVG2012\Icons\background_top_green.gif
c:\program files\AVG\AVG2012\Icons\background_top_orange.gif
c:\program files\AVG\AVG2012\Icons\background_top_red.gif
c:\program files\AVG\AVG2012\Icons\background_top_yellow.gif
c:\program files\AVG\AVG2012\Icons\block-doc.gif
c:\program files\AVG\AVG2012\Icons\blocked.gif
c:\program files\AVG\AVG2012\Icons\blocked12.png
c:\program files\AVG\AVG2012\Icons\border_bottom_gray.gif
c:\program files\AVG\AVG2012\Icons\border_bottom_green.gif
c:\program files\AVG\AVG2012\Icons\border_bottom_orange.gif
c:\program files\AVG\AVG2012\Icons\border_bottom_red.gif
c:\program files\AVG\AVG2012\Icons\border_bottom_yellow.gif
c:\program files\AVG\AVG2012\Icons\border_top_gray.gif
c:\program files\AVG\AVG2012\Icons\border_top_green.gif
c:\program files\AVG\AVG2012\Icons\border_top_orange.gif
c:\program files\AVG\AVG2012\Icons\border_top_red.gif
c:\program files\AVG\AVG2012\Icons\border_top_yellow.gif
c:\program files\AVG\AVG2012\Icons\box_bottom_red.gif
c:\program files\AVG\AVG2012\Icons\box_top_red.gif
c:\program files\AVG\AVG2012\Icons\caution.gif
c:\program files\AVG\AVG2012\Icons\caution12.png
c:\program files\AVG\AVG2012\Icons\click_here_gray.gif
c:\program files\AVG\AVG2012\Icons\click_here_green.gif
c:\program files\AVG\AVG2012\Icons\click_here_orange.gif
c:\program files\AVG\AVG2012\Icons\click_here_red.gif
c:\program files\AVG\AVG2012\Icons\click_here_yellow.gif
c:\program files\AVG\AVG2012\Icons\clock.gif
c:\program files\AVG\AVG2012\Icons\clock12.png
c:\program files\AVG\AVG2012\Icons\close.gif
c:\program files\AVG\AVG2012\Icons\green_inline_border_bl.png
c:\program files\AVG\AVG2012\Icons\green_inline_border_br.png
c:\program files\AVG\AVG2012\Icons\green_inline_border_r.png
c:\program files\AVG\AVG2012\Icons\green_inline_border_tl.png
c:\program files\AVG\AVG2012\Icons\green_inline_border_tr.png
c:\program files\AVG\AVG2012\Icons\icons_blocked.gif
c:\program files\AVG\AVG2012\Icons\icons_caution.gif
c:\program files\AVG\AVG2012\Icons\icons_close.gif
c:\program files\AVG\AVG2012\Icons\icons_safe.gif
c:\program files\AVG\AVG2012\Icons\icons_unknown.gif
c:\program files\AVG\AVG2012\Icons\icons_warning.gif
c:\program files\AVG\AVG2012\Icons\LS_Logo_Results.gif
c:\program files\AVG\AVG2012\Icons\orange_inline_border_bl.png
c:\program files\AVG\AVG2012\Icons\orange_inline_border_br.png
c:\program files\AVG\AVG2012\Icons\orange_inline_border_r.png
c:\program files\AVG\AVG2012\Icons\orange_inline_border_tl.png
c:\program files\AVG\AVG2012\Icons\orange_inline_border_tr.png
c:\program files\AVG\AVG2012\Icons\product_logo.png
c:\program files\AVG\AVG2012\Icons\red_inline_border_bl.png
c:\program files\AVG\AVG2012\Icons\red_inline_border_br.png
c:\program files\AVG\AVG2012\Icons\red_inline_border_r.png
c:\program files\AVG\AVG2012\Icons\red_inline_border_tl.png
c:\program files\AVG\AVG2012\Icons\red_inline_border_tr.png
c:\program files\AVG\AVG2012\Icons\safe.gif
c:\program files\AVG\AVG2012\Icons\safe12.png
c:\program files\AVG\AVG2012\Icons\toolbar_en.bmp
c:\program files\AVG\AVG2012\Icons\unknown.gif
c:\program files\AVG\AVG2012\Icons\vrsn-secured-lsfo.gif
c:\program files\AVG\AVG2012\Icons\warning.gif
c:\program files\AVG\AVG2012\Icons\warning12.png
c:\program files\AVG\AVG2012\Icons\yellow_inline_border_bl.png
c:\program files\AVG\AVG2012\Icons\yellow_inline_border_br.png
c:\program files\AVG\AVG2012\Icons\yellow_inline_border_r.png
c:\program files\AVG\AVG2012\Icons\yellow_inline_border_tl.png
c:\program files\AVG\AVG2012\Icons\yellow_inline_border_tr.png
c:\program files\AVG\AVG2012\idpfixx.exe
c:\program files\AVG\AVG2012\js.dat
c:\program files\AVG\AVG2012\license_us.htm
c:\program files\AVG\AVG2012\mfaus.lns
c:\program files\AVG\AVG2012\mfaverx.txt
c:\program files\AVG\AVG2012\mwbsr_e_free_us.mht
c:\program files\AVG\AVG2012\mwbsr_f_free_us.mht
c:\program files\AVG\AVG2012\PCTuneup\AxBrowsers.dll
c:\program files\AVG\AVG2012\PCTuneup\DiskCleanerHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\DiskDefragHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\helper.dll
c:\program files\AVG\AVG2012\PCTuneup\localizer.dll
c:\program files\AVG\AVG2012\PCTuneup\MicroScanner.exe
c:\program files\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll
c:\program files\AVG\AVG2012\PCTuneup\PerlRegExp.bpl
c:\program files\AVG\AVG2012\PCTuneup\RegistryCleanerHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\RescueCenterHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\rtl120.bpl
c:\program files\AVG\AVG2012\PCTuneup\vcl120.bpl
c:\program files\AVG\AVG2012\ph.dat
c:\program files\AVG\AVG2012\sb.dat
c:\program files\AVG\AVG2012\sb.dat.xcd
c:\program files\AVG\AVG2012\sb2.dat
c:\program files\AVG\AVG2012\sc.dat
c:\program files\AVG\AVG2012\sc.dat.xcd
c:\program files\AVG\AVG2012\sounds\scan_finish_threat_found.wav
c:\program files\AVG\AVG2012\sounds\scan_os_alert.wav
c:\program files\AVG\AVG2012\sounds\scan_rs_alert.wav
c:\program files\AVG\AVG2012\sounds\update_end_fail.wav
c:\program files\AVG\AVG2012\updatecomps.bak
c:\program files\AVG\AVG9\avgtray.exe.old
c:\program files\AVG\AVG9\avgupd.exe.old
c:\program files\AVG\AVG9\force_restart.txt
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSAGENT
-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_AVGWD
-------\Service_AVGIDSDriver
-------\Service_AVGIDSEH
-------\Service_AVGIDSFilter
-------\Service_AVGIDSShim
-------\Service_avgwd
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-11 17:22 . 2012-07-11 17:22 -------- d-----w- C:\_OTL
2012-07-08 09:44 . 2012-07-08 09:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-08 09:43 . 2012-07-08 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 09:43 . 2012-07-08 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 09:43 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 06:50 . 2012-07-10 07:11 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer
2012-07-06 19:56 . 2012-07-06 19:57 -------- d-----w- C:\EMI
2012-07-05 22:36 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-07-05 22:36 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-07-05 22:36 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-07-05 22:36 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 ------w- c:\windows\system32\kbd101c.dll
2012-07-05 22:36 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-07-05 22:36 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-07-05 22:36 . 2008-04-14 04:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-07-05 22:36 . 2008-04-14 04:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-07-04 21:08 . 2012-07-04 21:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-15 16:56 . 2012-06-15 16:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-06-14 07:19 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 16:47 . 2012-06-13 19:34 -------- d-----w- c:\windows\system32\MpEngineStore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:51 . 2012-05-27 22:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 18:51 . 2011-11-01 08:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-02-19 15:53 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2009-02-19 15:53 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2009-02-19 15:19 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2009-02-19 15:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-02-19 15:19 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-02-19 15:53 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-02-19 15:53 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2009-02-19 15:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2009-02-19 15:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-02-19 15:53 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2009-02-19 15:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2009-02-19 15:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2008-04-14 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-02-19 15:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 21:07 . 2012-07-04 21:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B9B233C657BD5E2355FA76A3FD98CFA6 . 544768 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . EBE97CBBB0C6A80B6BF1F31EDDFFDE28 . 39424 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . E69F74E7559F7D466415C9524616D5C3 . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_18.22.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 10:27 . 2012-07-12 10:27 16384 c:\windows\temp\Perflib_Perfdata_cc.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C1251D-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 22016 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C1251B-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 53248 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C12519-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C12513-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C1250B-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 09:07 . 2012-07-12 09:11 90112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F650364C-CC00-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:38 . 2012-07-12 08:40 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F601EC07-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:38 . 2012-07-12 08:40 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F601EC06-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:57 . 2012-07-11 21:00 26112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F48F2710-CB9A-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F430572A-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 09:21 . 2012-07-12 09:21 37376 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F058F26C-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:14 . 2012-07-12 09:14 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED64A93A-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:20 . 2012-07-11 20:26 49664 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E9A98B56-CB95-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:52 . 2012-07-12 08:52 25088 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4C5CAC8-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 18:47 . 2012-07-11 18:52 27136 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E2ABAFA2-CB88-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 08:23 . 2012-07-12 08:29 47616 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E26898D6-CBFA-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:20 . 2012-07-12 09:21 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DF0B2139-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:20 . 2012-07-12 09:21 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DF0B2138-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:13 . 2012-07-12 09:14 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DEDAF277-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:37 . 2012-07-12 08:40 34304 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DD47E8AE-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:56 . 2012-07-12 09:59 28160 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DA789B00-CC07-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:13 . 2012-07-12 09:14 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D8DDEA69-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:13 . 2012-07-12 09:14 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CB5CD89E-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:44 . 2012-07-12 08:45 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C972178C-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:25 . 2012-07-12 07:32 67584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C53955C4-CBF2-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:25 . 2012-07-12 07:26 20992 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C53955C2-CBF2-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:19 . 2012-07-12 09:21 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BE49F2C6-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:48 . 2012-07-11 20:48 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBF1302A-CB99-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:29 . 2012-07-12 08:33 27648 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B893555E-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:51 . 2012-07-12 08:52 26624 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B658A03E-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:36 . 2012-07-12 08:40 22528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B1908A67-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:36 . 2012-07-12 08:40 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B1908A66-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:36 . 2012-07-12 08:40 22016 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B1908A64-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:26 . 2012-07-11 20:33 65024 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B13EA559-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 20:26 . 2012-07-11 20:27 20992 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA2847CC-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:29 . 2012-07-12 08:32 31232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A72DACAA-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:04 . 2012-07-11 20:11 74240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6B23925-CB93-11E1-A737-00160A18C5F8}.dat
+ 2012-07-11 20:04 . 2012-07-11 20:05 20480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6B23923-CB93-11E1-A737-00160A18C5F8}.dat
+ 2012-07-12 09:19 . 2012-07-12 09:21 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A4173BD6-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:19 . 2012-07-12 09:21 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A4173BD4-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 18:52 . 2012-07-11 18:59 58368 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A044F0BE-CB89-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 08:28 . 2012-07-12 08:29 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{954E6C00-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:32 . 2012-07-12 07:32 25088 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{943D0447-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:31 . 2012-07-12 07:32 38912 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{943D0446-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:35 . 2012-07-12 08:40 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8FCDDDFA-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:18 . 2012-07-12 09:21 25088 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8EDB4A4B-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:46 . 2012-07-11 20:50 40448 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8E393858-CB99-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:11 . 2012-07-12 09:14 61440 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A8AE9C4-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:11 . 2012-07-12 09:14 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A8AE9C2-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:18 . 2012-07-12 09:21 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{866410B2-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:49 . 2012-07-12 08:49 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84A8FEA8-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:25 . 2012-07-11 20:26 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{839E8504-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 07:30 . 2012-07-12 07:31 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{801A6839-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:27 . 2012-07-12 08:29 39424 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7855384A-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:27 . 2012-07-12 08:29 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{71A09B2A-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:17 . 2012-07-12 09:21 62976 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{708F88A2-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:34 . 2012-07-12 08:40 86528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{683913DC-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:30 . 2012-07-12 07:32 77312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6705CB70-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:10 . 2012-07-12 09:11 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66D85434-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:24 . 2012-07-11 20:26 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{667804A1-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:41 . 2012-07-12 08:45 27136 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{663DBEB4-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:31 . 2012-07-11 20:31 47616 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{63550BE6-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:27 . 2012-07-12 08:29 24576 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{623464FA-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:48 . 2012-07-12 08:51 36352 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{60DC2F40-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:59 . 2012-07-11 21:00 24064 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5B1DCE78-CB9B-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 07:29 . 2012-07-12 07:29 24064 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4F43BC9A-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:09 . 2012-07-11 20:09 74752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4A24AF0B-CB94-11E1-A737-00160A18C5F8}.dat
+ 2012-07-12 08:26 . 2012-07-12 08:29 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{492951A0-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:23 . 2012-07-11 20:26 40960 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4629471C-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:59 . 2012-07-12 09:59 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{460EB840-CC08-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:33 . 2012-07-12 08:33 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{43DAD4FC-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:09 . 2012-07-12 09:11 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{430B84CC-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 18:57 . 2012-07-11 18:58 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4138706E-CB8A-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 20:51 . 2012-07-11 20:52 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40E8356C-CB9A-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 20:59 . 2012-07-11 21:00 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3C940FB2-CB9B-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:09 . 2012-07-12 09:11 36864 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{39658094-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 19:04 . 2012-07-11 19:09 23552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{343FC474-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 08:25 . 2012-07-12 08:29 24064 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2BAA9A41-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:25 . 2012-07-12 08:29 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{259F4410-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:39 . 2012-07-12 08:40 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{20370D4E-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:29 . 2012-07-11 20:32 24576 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1F076D8A-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:15 . 2012-07-12 09:21 51712 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1B1A3EB2-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:32 . 2012-07-12 08:34 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1ACFB9A6-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:46 . 2012-07-12 08:49 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{191C6AD0-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:53 . 2012-07-12 08:55 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{13AEEF9A-CBFF-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:27 . 2012-07-12 07:32 62464 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E959101-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:27 . 2012-07-12 07:27 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E959100-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:39 . 2012-07-12 08:40 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E792D9B-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 10:12 . 2012-07-12 10:12 27136 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0A28A284-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-11 20:07 . 2012-07-11 20:11 39936 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09610E47-CB94-11E1-A737-00160A18C5F8}.dat
+ 2012-07-12 08:39 . 2012-07-12 08:40 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07521F94-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:31 . 2012-07-12 08:33 32256 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{006167EA-CBFC-11E1-A739-00160A18C5F8}.dat
- 2012-06-15 17:37 . 2012-07-10 08:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-15 17:37 . 2012-07-12 10:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-15 16:55 . 2012-07-12 10:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2012-06-15 16:55 . 2012-07-11 17:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C1251E-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C1251C-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C1251A-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C12518-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C12516-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C12514-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C12512-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C12510-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C1250E-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C1250C-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E2C1250A-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C1251F-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C12517-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C12515-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C12511-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C1250F-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E2C1250D-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 08:45 . 2012-07-12 08:52 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FCE45597-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:52 . 2012-07-12 08:56 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FA100A76-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E50E09E3-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-11 20:20 . 2012-07-11 20:26 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CA6CFC35-CB95-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 07:25 . 2012-07-12 07:32 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C53955C1-CBF2-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:55 . 2012-07-12 09:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BF46C873-CC07-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:26 . 2012-07-11 20:32 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AA2847CB-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:29 . 2012-07-12 08:34 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A72DACA9-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:04 . 2012-07-11 20:11 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A6B23922-CB93-11E1-A737-00160A18C5F8}.dat
+ 2012-07-11 18:52 . 2012-07-11 18:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A044F0BC-CB89-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 10:15 . 2012-07-12 10:15 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6F8FA653-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-11 20:45 . 2012-07-11 20:51 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5FF495CB-CB99-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 19:03 . 2012-07-11 19:08 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1976D95F-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 21:12 . 2012-07-11 21:14 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1581040D-CB9D-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 10:12 . 2012-07-12 10:14 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0A28A283-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 09:57 . 2012-07-12 09:57 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE6206A0-CC07-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:45 . 2012-07-12 08:46 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FCE45598-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:07 . 2012-07-11 20:07 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FB3DDC9B-CB93-11E1-A737-00160A18C5F8}.dat
+ 2012-07-11 20:28 . 2012-07-11 20:28 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FAF0B53C-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:53 . 2012-07-12 08:53 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FA100A78-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:07 . 2012-07-12 09:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F650364A-CC00-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:45 . 2012-07-12 08:45 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F60BF52E-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:14 . 2012-07-12 09:14 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F361B14F-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:52 . 2012-07-12 08:52 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F1A4BCA4-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:21 . 2012-07-12 09:21 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F058F26D-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 07:26 . 2012-07-12 07:26 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC6073B6-CBF2-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 10:11 . 2012-07-12 10:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E50E09E4-CC09-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 08:30 . 2012-07-12 08:30 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DDFC9B98-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:56 . 2012-07-11 21:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DBD78608-CB9A-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:37 . 2012-07-12 08:40 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D7487E39-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:37 . 2012-07-12 08:40 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D7487E38-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:27 . 2012-07-11 20:27 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D723E5D4-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:44 . 2012-07-12 08:45 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D2B3F900-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:13 . 2012-07-12 09:14 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D296F96E-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:30 . 2012-07-12 08:30 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CDE259BE-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:23 . 2012-07-12 08:29 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD231DE2-CBFA-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:20 . 2012-07-12 09:21 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CCD14737-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:20 . 2012-07-12 09:21 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CCD14736-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:51 . 2012-07-12 08:51 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CC2F8AA8-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 19:08 . 2012-07-11 19:08 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CB26BAD2-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 20:05 . 2012-07-11 20:05 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CA731CC5-CB93-11E1-A737-00160A18C5F8}.dat
+ 2012-07-11 20:20 . 2012-07-11 20:26 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CA6CFC36-CB95-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:55 . 2012-07-12 09:56 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BF46C874-CC07-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:48 . 2012-07-11 20:48 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBF1302B-CB99-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 07:32 . 2012-07-12 07:32 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AF739B8A-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:12 . 2012-07-12 09:14 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AE5EE034-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:43 . 2012-07-12 08:45 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AE31F6E0-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:19 . 2012-07-12 09:21 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AE0728F2-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:50 . 2012-07-12 08:50 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A7EB85AC-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 19:07 . 2012-07-11 19:07 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A7BE0E2E-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 18:53 . 2012-07-11 18:59 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A69308C3-CB89-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 20:26 . 2012-07-11 20:26 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A3DA2FDB-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 19:07 . 2012-07-11 19:08 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9F931FDC-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 08:50 . 2012-07-12 08:50 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9679F132-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 19:06 . 2012-07-11 19:06 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90C444E0-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 20:25 . 2012-07-11 20:26 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8FEE69C8-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 20:32 . 2012-07-11 20:32 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A34A352-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:42 . 2012-07-12 08:45 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A298CAE-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:18 . 2012-07-12 09:21 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{866410B3-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 18:59 . 2012-07-11 18:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{83582887-CB8A-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 18:59 . 2012-07-11 18:59 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{83582886-CB8A-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 20:10 . 2012-07-11 20:10 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E44F8BD-CB94-11E1-A737-00160A18C5F8}.dat
+ 2012-07-11 19:06 . 2012-07-11 19:06 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A6A3927-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 07:30 . 2012-07-12 07:30 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A1AFDCA-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 21:14 . 2012-07-11 21:15 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{77F43E68-CB9D-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 19:06 . 2012-07-11 19:06 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{74660A04-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 08:56 . 2012-07-12 08:56 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{728C409E-CBFF-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:10 . 2012-07-12 09:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6FA30014-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 10:15 . 2012-07-12 10:15 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6F8FA654-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 08:34 . 2012-07-12 08:40 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{683913DA-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:10 . 2012-07-12 09:11 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66D85435-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:17 . 2012-07-12 09:21 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66914D68-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:24 . 2012-07-11 20:26 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{667804A0-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 20:31 . 2012-07-11 20:31 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{63550BE8-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:48 . 2012-07-12 08:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{60DC2F41-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:45 . 2012-07-11 20:46 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5FF495CC-CB99-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 10:14 . 2012-07-12 10:14 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5FBF4D5C-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-11 18:58 . 2012-07-11 18:59 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5DA034B2-CB8A-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 20:59 . 2012-07-11 21:00 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5B1DCE7A-CB9B-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 21:14 . 2012-07-11 21:14 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5AD7476C-CB9D-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 20:09 . 2012-07-11 20:09 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5AAEFF6B-CB94-11E1-A737-00160A18C5F8}.dat
+ 2012-07-12 08:55 . 2012-07-12 08:55 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{581DEEE9-CBFF-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:34 . 2012-07-12 08:34 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{581A0D48-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:29 . 2012-07-12 07:30 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{55884B3B-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:30 . 2012-07-11 20:31 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{52289B9E-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:55 . 2012-07-12 08:55 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{520DD404-CBFF-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:41 . 2012-07-12 08:45 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4EC3366E-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:26 . 2012-07-12 08:29 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{492951A1-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:59 . 2012-07-12 09:59 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{460EB842-CC08-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:30 . 2012-07-11 20:30 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4576F670-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 08:33 . 2012-07-12 08:34 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{43DAD4FD-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:40 . 2012-07-12 08:40 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{42E824E0-CBFD-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:23 . 2012-07-11 20:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3FE71AD0-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 20:23 . 2012-07-11 20:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3FE71ACE-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 10:13 . 2012-07-12 10:13 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E3F62CA-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-12 09:16 . 2012-07-12 09:21 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3DC42F36-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:47 . 2012-07-12 08:47 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3D75E4F6-CBFE-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 07:28 . 2012-07-12 07:29 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3D1830B4-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:54 . 2012-07-12 08:54 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{36BAA089-CBFF-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:54 . 2012-07-12 08:54 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{36BAA088-CBFF-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:08 . 2012-07-11 20:08 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{363B4B67-CB94-11E1-A737-00160A18C5F8}.dat
+ 2012-07-11 20:30 . 2012-07-11 20:30 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3287E9B6-CB97-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 07:28 . 2012-07-12 07:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{327EFCA0-CBF3-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:22 . 2012-07-11 20:26 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{25F725B4-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:58 . 2012-07-12 09:58 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{224B7240-CC08-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:32 . 2012-07-12 08:32 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{20D1866F-CBFC-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 09:08 . 2012-07-12 09:11 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1F247B86-CC01-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-11 20:51 . 2012-07-11 20:52 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1D1DC85E-CB9A-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 19:03 . 2012-07-11 19:03 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1976D960-CB8B-11E1-A735-00160A18C5F8}.dat
+ 2012-07-12 10:12 . 2012-07-12 10:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{183FE86A-CC0A-11E1-A73B-00160A18C5F8}.dat
+ 2012-07-11 20:57 . 2012-07-11 21:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{16D9B984-CB9B-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 18:56 . 2012-07-11 18:56 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{16174658-CB8A-11E1-A735-00160A18C5F8}.dat
+ 2012-07-11 21:12 . 2012-07-11 21:12 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1581040E-CB9D-11E1-A738-00160A18C5F8}.dat
+ 2012-07-12 09:14 . 2012-07-12 09:21 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0C0B043C-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 09:14 . 2012-07-12 09:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07E14912-CC02-11E1-A73A-00160A18C5F8}.dat
+ 2012-07-12 08:24 . 2012-07-12 08:29 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{05DD313D-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-12 08:24 . 2012-07-12 08:29 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{05DD313C-CBFB-11E1-A739-00160A18C5F8}.dat
+ 2012-07-11 20:21 . 2012-07-11 20:26 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{03971E16-CB96-11E1-A738-00160A18C5F8}.dat
+ 2012-07-11 18:51 . 2012-07-11 18:51 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
- 2012-05-27 22:00 . 2012-06-27 21:52 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-27 22:00 . 2012-07-11 18:51 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-02-19 16:11 . 2012-06-14 07:34 118152 c:\windows\system32\FNTCACHE.DAT
+ 2009-02-19 16:11 . 2012-07-12 08:57 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 12:00 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2009-02-19 15:19 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
- 2009-02-19 15:19 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-07-12 07:24 . 2012-07-12 10:15 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012071220120713\index.dat
+ 2012-07-11 17:19 . 2012-07-11 21:14 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012071120120712\index.dat
+ 2011-05-30 13:47 . 2012-07-12 10:12 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-05-30 13:47 . 2012-07-11 17:35 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-07-11 18:46 . 2012-07-12 10:15 131072 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 12:00 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2012-07-11 18:51 . 2012-07-11 18:51 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2008-04-14 12:00 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 12:00 . 2009-07-31 10:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 12:00 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-14 12:00 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2012-06-15 16:56 . 2012-07-12 10:12 2703360 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2011-05-30 13:47 . 2012-07-12 10:15 3440640 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-19 16:07 . 2012-07-12 08:33 57442464 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-2-19 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 23:29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/05/2012 23:00 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 23:29 136176]
S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 01:31 19584]
S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 01:31 2944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [04/07/2012 22:08 129976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 16:35 50704]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 18:51]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 22:29]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 22:29]
.
2012-04-03 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-27 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekmqbklh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 11:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,00,c6,27,e5,08,81,45,98,12,a3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,00,c6,27,e5,08,81,45,98,12,a3,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,79,de,d2,ec,0e,69,42,98,04,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,79,de,d2,ec,0e,69,42,98,04,f3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-07-12 11:33:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 10:33
.
Pre-Run: 8,651,780,096 bytes free
Post-Run: 8,605,904,896 bytes free
.
- - End Of File - - A418DD19060A1329D41D36D2F611DAC3


Thanks again for your efforts!

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 12 July 2012 - 06:32 AM

Hi!

Let me fill you in on what's going on right now.

Your logs were indicating a potential issue with 3 critical files. I asked you to upload them to VirusTotal so that I'd be able to get a better look at them to see what maybe going on with them. It turns out there is in fact an issue with them. They have been patched/infected by malware.

We need to try and see if we can find a valid replacement somewhere else on your computer. The problem is, I'm not really having much luck finding any other valid copies anywhere on your computer which is why I asked you if you had your Windows XP disc, because we could try grabbing a copy from their.

Could you try and see if any friends or family have a Windows XP Professional disc that you maybe able to borrow?

I'd like to see if you could try and borrow a Windows XP Professional disc before start exploring other avenues.

In this post, I'll be asking you to download a tool called AppRemover, which I hope will help remove the rest of AVG from your computer.

I'll also be asking you to run a scan to check for corrupt/missing system files. I'm hoping that maybe this will be able to find a clean copy of those 3 patched files somewhere else on your computer, but I'm not sure how successfully it will be.

Then the last thing I'm going to ask you to do is run a new scan with ComboFix, so I can take a look at things, and get a better idea of where we stand.

================
Please try this utility to see if it can finish removing AVG:

Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. (you want the failed uninstall)
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed programs, choose the one you want to remove (AVG) and click on the Next button.
  • Follow the last step and reboot if asked to do so.

Then do the following:

Run System File Checker

Make sure you have your XP Disc handy


The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.

To use System File Checker, follow these steps:
  • Click Start, click Run, type cmd.exe, and then click OK.
  • At the command prompt, type sfc /purgecache, and then press ENTER.
    Note You may be prompted to provide Windows installation source files when you run the sfc /purgecache command. If the command is completed successfully, you will receive the following message:
  • Windows File Protection successfully made the requested change.
  • At the command prompt, type sfc /scannow, and then press ENTER.
    Note
    This command may take several minutes to finish. You may also be
    prompted to provide Windows installation source files when you run the sfc /scannow command.
  • At the command prompt, type exit, and then press ENTER to close the command prompt.


Finally run a new scan with ComboFix for me and post that log file for me to review.


-ST.

Edited by SweetTech, 12 July 2012 - 06:46 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 13 July 2012 - 05:35 AM

Hi ST

I ran Appremover but it didn't find anything to uninstall.

I haven't had any luck locating an XP pro disc in the short term. I have access to another computer with Windows XP pro v2002 on it; can I just take a copy of the three files manually and replace?

If not I will try & get a copy of XP from Ebay (I really ought to have a disc if anything like this happens again and if I decide to do a clean install on a new hard disc in the future). But this will take a few days and I am about to go away for a few days with my Mum.

Thanks for your help so far.

Cheers

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 13 July 2012 - 07:18 AM

Hi!

Yes, as long as it's the same version of Windows, you should be able to do that. I'll need some time to compile these instructions for you to complete. I'll be stepping out shortly for most of the day, and won't be getting back home until later this evening. I'll try and have instructions posted to you then, but I can't promise that. If not today, then definitely sometime tomorrow.

Do you have access to a USB drive that we can put those files on?

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 13 July 2012 - 07:51 AM

OK thanks

I've got a USB memory stick and I also have a hard drive caddy for running a hard disc as a USB plugin disc.

Cheers

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 14 July 2012 - 02:13 AM

Hi!

Okay. Perfect!

On your clean-compuer please download and run the following utility:
Running Flash Disinfector
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



----------

This is probably going to be the easiest way for you to accomplish grabbing a copy of those 3 files.

Press the Windows key + R.

This should launch the Run dialog box.

Type in cmd.exe followed by hitting ENTER.

This should launch the Command Prompt window.


From the Command Prompt please type the following lines, one at a time, hit the Enter key after each line.


copy c:\windows\system32\winlogon.exe C:\


The command should then show 1 file(s) copied if the copy command worked successfully.

At the next prompt type the following bolded text, and press Enter:

copy c:\windows\system32\svchost.exe C:\


The command should then show 1 file(s) copied if the copy command worked successfully.

At the next prompt type the following bolded text, and press Enter:

copy c:\windows\explorer.exe C:\


The command should then show 1 file(s) copied if the copy command worked successfully.

At the next prompt type the following bolded text, and press Enter:

exit



If all goes well the above commands should have placed those three files we need in your root drive (C:\ drive).

You'll want to browse to your C:\ drive, and locate explorer.exe and click on it, and then press the Ctrl key while selecting the svchost.exe and winlogon.exe files.

This should allow you to select all 3 files at the same time, so you may copy them.

One all 3 are selected, you'll want to press Ctrl + C on your keyboard.

This will copy them to your clipboard so that you may paste them onto your Flash drive.

You'll need to browse back to My Computer and locate your flash drive, double click on it to open it.

Once it's opened, press Ctrl + V on your keyboard to paste it onto your Flash drive.

Please let me know once you've done that, and then post back for further instructions.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 14 July 2012 - 01:21 PM

Hi ST

I did have a bit of trouble with my AVG 2012 identifying Flashdisinfector as malware but after reading a few posts about this I decided it was OK and downloaded & ran it.

I now have the three files on my USB stick.

Cheers

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 15 July 2012 - 08:21 AM

Hi xpalidocious!

Sometimes anti-virus programs detect some of the tools we use as being malicious. Flash Disinfector is a safe tool to use. :)

You're going to now want to take the USB drive and insert it into the infected computer.

Once your computer detects the flash drive open it up, and copy the 3 files you just put on there.

You can press Ctrl while selecting the 3 files and then press Ctrl + C to copy them.

You'll want to go back to the My Computer screen and click on your C:\ drive.

Please paste those 3 files there (Ctrl+ V).

Now go ahead and re-run a new scan with ComboFix. If it asks to update, please allow it to do so.

Let me know how the above goes.

-ST.

Edited by SweetTech, 15 July 2012 - 08:26 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 xpalidocious

xpalidocious
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 July 2012 - 04:21 PM

Hi ST

I copied the files into the C:\ root no problem and then ran combofix. It went through its routine looking promising and I left it. When I came back the machine was rebooting; it gets partway through boot as far as the wallpaper appearing and then comes up with a message 'windows explorer has encountered a problem and has to close'. After this the computer is not very usable although I did discover that control alt delete does bring up the task manager and from there I could run the DOS window. I ran notepad and opened a file and from there was able to access the combofix log which I enclose:

Oh dear it was all going so well!

If it is hopeless I shall have to install windows afresh and I shall put it on a separate disc so i can keep all my data and programmes separate.
I know it's taking up your time; tell me what you think!


ComboFix 12-07-11.03 - Administrator 15/07/2012 17:51:36.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.737 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ovcnaaa.tmp
c:\documents and settings\All Users\Application Data\yienaaa.tmp
C:\explorer.exe
C:\svchost.exe
c:\windows\expl.dat
C:\winlogon.exe
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BBAF576F-E288-4C34-B795-BE721A798850}\RP8\A0005507.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 07:11 . 2012-07-15 07:11 -------- d-----w- C:\Temp
2012-07-13 10:07 . 2008-04-14 12:00 1058304 ----a-w- c:\windows\explorer.exe
2012-07-11 17:22 . 2012-07-11 17:22 -------- d-----w- C:\_OTL
2012-07-08 09:44 . 2012-07-08 09:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-08 09:43 . 2012-07-08 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 09:43 . 2012-07-08 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 09:43 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 06:50 . 2012-07-10 07:11 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer
2012-07-06 19:56 . 2012-07-06 19:57 -------- d-----w- C:\EMI
2012-07-05 22:36 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-07-05 22:36 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-07-05 22:36 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-07-05 22:36 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 ------w- c:\windows\system32\kbd101c.dll
2012-07-05 22:36 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-07-05 22:36 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-07-05 22:36 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-07-05 22:36 . 2008-04-14 04:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-07-05 22:36 . 2008-04-14 04:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-07-04 21:08 . 2012-07-04 21:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:51 . 2012-05-27 22:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 18:51 . 2011-11-01 08:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-02-19 15:53 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2009-02-19 15:53 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2009-02-19 15:19 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2009-02-19 15:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-02-19 15:19 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-02-19 15:53 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-02-19 15:53 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2009-02-19 15:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2009-02-19 15:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-02-19 15:53 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2009-02-19 15:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2009-02-19 15:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2008-04-14 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-02-19 15:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 21:07 . 2012-07-04 21:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B9B233C657BD5E2355FA76A3FD98CFA6 . 544768 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . EBE97CBBB0C6A80B6BF1F31EDDFFDE28 . 39424 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . F3DCB944C274CC800BEC27AD2E98359F . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-07-12_10.27.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-15 18:15 . 2012-07-15 18:15 16384 c:\windows\temp\Perflib_Perfdata_108.dat
- 2010-06-01 20:24 . 2012-07-10 09:26 49152 c:\windows\system32\PIE_DUMP.DAT
+ 2010-06-01 20:24 . 2012-07-13 16:49 49152 c:\windows\system32\PIE_DUMP.DAT
+ 2012-07-15 05:38 . 2012-07-15 07:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012071520120716\index.dat
+ 2012-07-14 06:00 . 2012-07-14 19:19 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012071420120715\index.dat
+ 2012-07-13 10:29 . 2012-07-13 19:26 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012071320120714\index.dat
+ 2012-07-15 07:10 . 2012-07-15 07:10 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{22C39A4A-CE4C-11E1-A753-00160A18C5F8}.dat
+ 2012-07-13 11:07 . 2012-07-13 11:10 58880 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE436BD6-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:32 . 2012-07-12 18:34 25600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F6D23BE2-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:25 . 2012-07-12 18:28 24576 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F58B19F8-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:33 . 2012-07-12 10:35 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F222EEB8-CC0C-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:24 . 2012-07-12 18:28 21504 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DB349FC4-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-13 11:06 . 2012-07-13 11:07 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D5B44AC9-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:06 . 2012-07-13 11:07 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D5B44AC8-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-14 19:19 . 2012-07-14 19:19 37376 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C5E2C84E-CDE8-11E1-A74D-00160A18C5F8}.dat
+ 2012-07-13 11:05 . 2012-07-13 11:10 24064 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B68F9328-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:38 . 2012-07-12 18:42 38912 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B4DDEDE2-CC50-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:38 . 2012-07-12 10:38 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AFB76B20-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-14 18:56 . 2012-07-14 18:56 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1581FDD-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-12 10:37 . 2012-07-12 10:37 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9D3D31A0-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:29 . 2012-07-12 18:32 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8BE7C7F2-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:15 . 2012-07-12 18:15 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{85EE8518-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:36 . 2012-07-12 10:38 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8048C29E-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 10:36 . 2012-07-12 10:36 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{798839BC-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:43 . 2012-07-12 18:43 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{753B4964-CC51-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-13 10:35 . 2012-07-13 10:36 21504 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{72ADA1FC-CCD6-11E1-A743-00160A18C5F8}.dat
+ 2012-07-12 18:14 . 2012-07-12 18:14 37376 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6D453228-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-13 11:03 . 2012-07-13 11:04 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C1EC722-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:10 . 2012-07-13 11:12 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{68D80B24-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:10 . 2012-07-13 11:11 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{68D80B22-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:28 . 2012-07-12 18:32 23552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{60EF25DB-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:36 . 2012-07-12 10:36 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5C700775-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 10:35 . 2012-07-12 10:38 29184 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5C700774-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 10:50 . 2012-07-12 10:50 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{57672EC9-CC0F-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 10:49 . 2012-07-12 10:50 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{51609D50-CC0F-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:42 . 2012-07-12 18:43 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4EF1E61E-CC51-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:20 . 2012-07-12 18:20 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4353527C-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:13 . 2012-07-12 18:13 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3EA1318C-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-14 18:53 . 2012-07-14 18:56 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E321526-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-12 18:41 . 2012-07-12 18:43 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{34FF8EAA-CC51-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-15 06:41 . 2012-07-15 06:42 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27B860B0-CE48-11E1-A752-00160A18C5F8}.dat
+ 2012-07-13 11:08 . 2012-07-13 11:09 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22091430-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:19 . 2012-07-12 18:20 22016 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{21255C3E-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:33 . 2012-07-12 18:34 28672 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{198CDCDD-CC50-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:26 . 2012-07-12 18:28 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{132B3251-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:40 . 2012-07-12 18:43 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{100B1BAA-CC51-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:19 . 2012-07-12 18:19 24064 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E4BC4AC-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:26 . 2012-07-12 18:28 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0C49487C-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-06-15 17:37 . 2012-07-15 06:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-15 17:37 . 2012-07-12 10:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-15 16:55 . 2012-07-12 10:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-06-15 16:55 . 2012-07-15 07:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-07-13 12:57 . 2012-07-15 06:42 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4D6D5550-CCEA-11E1-A746-00160A18C5F8}.dat
+ 2012-07-15 06:42 . 2012-07-15 07:10 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{3BBBFE2F-CE48-11E1-A752-00160A18C5F8}.dat
+ 2012-07-15 06:42 . 2012-07-15 06:42 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{3BBBFE2E-CE48-11E1-A752-00160A18C5F8}.dat
+ 2012-07-12 10:32 . 2012-07-12 10:38 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D1A48221-CC0C-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-14 19:19 . 2012-07-14 19:19 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C5E2C84D-CDE8-11E1-A74D-00160A18C5F8}.dat
+ 2012-07-12 18:38 . 2012-07-12 18:43 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B4DDEDE1-CC50-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-13 10:35 . 2012-07-13 10:35 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{72ADA1FB-CCD6-11E1-A743-00160A18C5F8}.dat
+ 2012-07-13 11:03 . 2012-07-13 11:10 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6C1EC721-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:10 . 2012-07-13 11:12 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{68D80B21-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 13:05 . 2012-07-13 13:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{60FA3D01-CCEB-11E1-A746-00160A18C5F8}.dat
+ 2012-07-14 06:01 . 2012-07-14 06:01 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5DB25734-CD79-11E1-A749-00160A18C5F8}.dat
+ 2012-07-12 10:49 . 2012-07-12 10:50 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{51609D4F-CC0F-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:20 . 2012-07-12 18:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4353527B-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:13 . 2012-07-12 18:19 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3EA1318B-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-14 18:53 . 2012-07-14 18:56 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3E321523-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-15 06:41 . 2012-07-15 06:42 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{27B860AF-CE48-11E1-A752-00160A18C5F8}.dat
+ 2012-07-13 11:08 . 2012-07-13 11:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE436BD8-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:18 . 2012-07-12 18:18 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FC05FEE8-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:17 . 2012-07-12 18:17 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D5F5D412-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-13 11:06 . 2012-07-13 11:07 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D5B44ACA-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-14 19:19 . 2012-07-14 19:19 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D43346A4-CDE8-11E1-A74D-00160A18C5F8}.dat
+ 2012-07-12 10:32 . 2012-07-12 10:32 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D1A48222-CC0C-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 10:38 . 2012-07-12 10:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C7C10082-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:16 . 2012-07-12 18:16 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B49285B8-CC4D-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-13 11:12 . 2012-07-13 11:13 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B0AFA712-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-14 18:56 . 2012-07-14 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA16E002-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-14 18:56 . 2012-07-14 18:57 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA16E001-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-12 10:37 . 2012-07-12 10:38 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A3FB5828-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-14 18:56 . 2012-07-14 18:56 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1581FDC-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-13 11:11 . 2012-07-13 11:12 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CF38820-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:04 . 2012-07-13 11:05 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CDB30DD-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:04 . 2012-07-13 11:04 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CDB30DC-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-14 18:55 . 2012-07-14 18:56 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89B50F98-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-13 10:35 . 2012-07-13 10:36 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{882EB7BA-CCD6-11E1-A743-00160A18C5F8}.dat
+ 2012-07-12 18:43 . 2012-07-12 18:43 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7C8ADF5E-CC51-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-14 18:55 . 2012-07-14 18:55 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{71B765F9-CDE5-11E1-A74C-00160A18C5F8}.dat
+ 2012-07-13 11:10 . 2012-07-13 11:10 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{651272BC-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 13:05 . 2012-07-13 13:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{60FA3D02-CCEB-11E1-A746-00160A18C5F8}.dat
+ 2012-07-14 06:01 . 2012-07-14 06:01 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5DB25735-CD79-11E1-A749-00160A18C5F8}.dat
+ 2012-07-12 18:42 . 2012-07-12 18:43 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{57B0A63C-CC51-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:35 . 2012-07-12 10:35 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4F7BA06E-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-13 11:09 . 2012-07-13 11:10 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{42EE05E9-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-13 11:09 . 2012-07-13 11:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{42EE05E8-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:27 . 2012-07-12 18:28 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{408890C0-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:34 . 2012-07-12 10:35 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3805DCD8-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 18:19 . 2012-07-12 18:20 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B1C7068-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-15 06:41 . 2012-07-15 06:42 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27B860B2-CE48-11E1-A752-00160A18C5F8}.dat
+ 2012-07-13 11:08 . 2012-07-13 11:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22091431-CCDB-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:19 . 2012-07-12 18:20 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{21255C3C-CC4E-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:26 . 2012-07-12 18:28 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1CC08613-CC4F-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:33 . 2012-07-12 18:34 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{198CDCDF-CC50-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 18:33 . 2012-07-12 18:34 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{198CDCDC-CC50-11E1-A73E-00160A18C5F8}.dat
+ 2012-07-12 10:33 . 2012-07-12 10:34 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{151DEF30-CC0D-11E1-A73C-00160A18C5F8}.dat
+ 2012-07-12 07:24 . 2012-07-12 18:49 245760 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012071220120713\index.dat
+ 2012-07-13 11:03 . 2012-07-13 11:10 496128 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6C1EC724-CCDA-11E1-A745-00160A18C5F8}.dat
+ 2012-07-12 18:13 . 2012-07-12 18:20 246784 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44DC36C1-CC4D-11E1-A73E-00160A18C5F8}.dat
- 2011-05-30 13:47 . 2012-07-12 10:12 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-05-30 13:47 . 2012-07-15 06:41 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-07-11 18:46 . 2012-07-15 07:46 180224 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-06-15 16:56 . 2012-07-15 07:09 2850816 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2011-05-30 13:47 . 2012-07-15 07:46 3440640 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-05-30 13:47 . 2012-07-12 10:15 3440640 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-2-19 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 23:29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/05/2012 23:00 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2010 23:29 136176]
S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 01:31 19584]
S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 01:31 2944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [04/07/2012 22:08 129976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 16:35 50704]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 18:51]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 22:29]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 22:29]
.
2012-04-03 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-27 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ekmqbklh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,00,c6,27,e5,08,81,45,98,12,a3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,00,c6,27,e5,08,81,45,98,12,a3,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,79,de,d2,ec,0e,69,42,98,04,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,79,de,d2,ec,0e,69,42,98,04,f3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-07-15 22:00:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 21:00
ComboFix2.txt 2012-07-12 10:33
.
Pre-Run: 8,625,139,712 bytes free
Post-Run: 8,726,913,024 bytes free
.
- - End Of File - - 3609FF36949138ECB5CBD9325197451E




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users