redirect virus and malware please help me!!!

Status
Not open for further replies.
M

mrclark

New member
Hi I have a nasty one on my pc, it started about 2 weeks ago and I beleive I got it from an email via a family member. On top of redirecting me and giving me constant Internet Explorer crashes beleive it or not I am hearing what appears to be music and advertisments playing in the background sometimes?

I produced a log via one of the downloads provided if that is ok.

I could really use some help here before I give up and reinstal.

Thank you.

18:44:02.0046 8452 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
18:44:03.0062 8452 ============================================================
18:44:03.0062 8452 Current date / time: 2012/04/19 18:44:03.0062
18:44:03.0062 8452 SystemInfo:
18:44:03.0062 8452
18:44:03.0062 8452 OS Version: 5.1.2600 ServicePack: 3.0
18:44:03.0062 8452 Product type: Workstation
18:44:03.0062 8452 ComputerName: ADMIN-FDC77CCCA
18:44:03.0062 8452 UserName: Administrator
18:44:03.0062 8452 Windows directory: C:\WINDOWS
18:44:03.0062 8452 System windows directory: C:\WINDOWS
18:44:03.0062 8452 Processor architecture: Intel x86
18:44:03.0062 8452 Number of processors: 2
18:44:03.0062 8452 Page size: 0x1000
18:44:03.0062 8452 Boot type: Normal boot
18:44:03.0062 8452 ============================================================
18:44:14.0453 8452 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:44:14.0468 8452 \Device\Harddisk0\DR0:
18:44:14.0468 8452 MBR partitions:
18:44:14.0468 8452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
18:44:14.0515 8452 C: <-> \Device\Harddisk0\DR0\Partition0
18:44:14.0515 8452 Initialize success
18:44:14.0515 8452 ============================================================
18:44:51.0609 9752 ============================================================
18:44:51.0609 9752 Scan started
18:44:51.0609 9752 Mode: Manual; TDLFS;
18:44:51.0609 9752 ============================================================
18:45:00.0562 9752 Abiosdsk - ok
18:45:00.0593 9752 abp480n5 - ok
18:45:00.0656 9752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:45:00.0656 9752 ACPI - ok
18:45:00.0687 9752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:45:00.0687 9752 ACPIEC - ok
18:45:00.0781 9752 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
18:45:00.0796 9752 Adobe Version Cue CS3 - ok
18:45:00.0906 9752 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:00.0953 9752 AdobeFlashPlayerUpdateSvc - ok
18:45:00.0968 9752 adpu160m - ok
18:45:01.0046 9752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:45:01.0046 9752 aec - ok
18:45:01.0093 9752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:45:01.0125 9752 AFD - ok
18:45:01.0140 9752 Aha154x - ok
18:45:01.0140 9752 aic78u2 - ok
18:45:01.0156 9752 aic78xx - ok
18:45:01.0171 9752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:45:01.0171 9752 Alerter - ok
18:45:01.0203 9752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:45:01.0203 9752 ALG - ok
18:45:01.0203 9752 AliIde - ok
18:45:01.0281 9752 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
18:45:01.0296 9752 Ambfilt - ok
18:45:01.0375 9752 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
18:45:01.0406 9752 AmdLLD - ok
18:45:01.0437 9752 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
18:45:01.0468 9752 AmdPPM - ok
18:45:01.0468 9752 amsint - ok
18:45:01.0609 9752 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:45:01.0640 9752 Apple Mobile Device - ok
18:45:01.0687 9752 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
18:45:01.0687 9752 AppleCharger - ok
18:45:01.0718 9752 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\WINDOWS\system32\AppleChargerSrv.exe
18:45:01.0718 9752 AppleChargerSrv - ok
18:45:01.0750 9752 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:45:01.0750 9752 AppMgmt - ok
18:45:01.0781 9752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:45:01.0781 9752 Arp1394 - ok
18:45:02.0250 9752 asc - ok
18:45:02.0359 9752 asc3350p - ok
18:45:03.0453 9752 asc3550 - ok
18:45:04.0375 9752 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:45:04.0406 9752 aspnet_state - ok
18:45:04.0500 9752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:45:04.0500 9752 AsyncMac - ok
18:45:04.0531 9752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:45:04.0531 9752 atapi - ok
18:45:05.0484 9752 Atdisk - ok
18:45:05.0890 9752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:45:05.0906 9752 Atmarpc - ok
18:45:05.0984 9752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:45:05.0984 9752 AudioSrv - ok
18:45:06.0156 9752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:45:06.0156 9752 audstub - ok
18:45:07.0375 9752 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:45:07.0734 9752 AVGIDSAgent - ok
18:45:07.0859 9752 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:45:07.0875 9752 AVGIDSDriver - ok
18:45:07.0921 9752 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:45:07.0937 9752 AVGIDSEH - ok
18:45:07.0937 9752 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:45:07.0953 9752 AVGIDSFilter - ok
18:45:08.0015 9752 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:45:08.0078 9752 AVGIDSShim - ok
18:45:08.0187 9752 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:45:08.0187 9752 Avgldx86 - ok
18:45:08.0234 9752 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:45:08.0234 9752 Avgmfx86 - ok
18:45:08.0265 9752 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:45:08.0281 9752 Avgrkx86 - ok
18:45:08.0343 9752 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:45:08.0343 9752 Avgtdix - ok
18:45:08.0500 9752 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:45:08.0515 9752 avgwd - ok
18:45:08.0687 9752 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
18:45:08.0718 9752 BCUService - ok
18:45:08.0828 9752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:45:08.0828 9752 Beep - ok
18:45:08.0953 9752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:45:09.0046 9752 BITS - ok
18:45:09.0187 9752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:45:09.0281 9752 Bonjour Service - ok
18:45:09.0421 9752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:45:09.0437 9752 Browser - ok
18:45:09.0453 9752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:45:09.0453 9752 cbidf2k - ok
18:45:09.0468 9752 cd20xrnt - ok
18:45:09.0500 9752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:45:09.0515 9752 Cdaudio - ok
18:45:09.0890 9752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:45:09.0890 9752 Cdfs - ok
18:45:10.0078 9752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:45:10.0093 9752 Cdrom - ok
18:45:10.0140 9752 Changer - ok
18:45:10.0203 9752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:45:10.0218 9752 CiSvc - ok
18:45:10.0265 9752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:45:10.0265 9752 ClipSrv - ok
18:45:10.0375 9752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:10.0453 9752 clr_optimization_v2.0.50727_32 - ok
18:45:10.0515 9752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:10.0750 9752 clr_optimization_v4.0.30319_32 - ok
18:45:10.0875 9752 CmdIde - ok
18:45:10.0953 9752 COMSysApp - ok
18:45:11.0031 9752 Cpqarray - ok
18:45:11.0125 9752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:45:11.0125 9752 CryptSvc - ok
18:45:11.0156 9752 dac2w2k - ok
18:45:11.0171 9752 dac960nt - ok
18:45:11.0296 9752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:45:11.0359 9752 DcomLaunch - ok
18:45:11.0453 9752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:45:11.0453 9752 Dhcp - ok
18:45:11.0484 9752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:45:11.0484 9752 Disk - ok
18:45:11.0500 9752 dmadmin - ok
18:45:11.0718 9752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:45:11.0765 9752 dmboot - ok
18:45:11.0843 9752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:45:11.0890 9752 dmio - ok
18:45:11.0984 9752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:45:11.0984 9752 dmload - ok
18:45:12.0062 9752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:45:12.0062 9752 dmserver - ok
18:45:12.0156 9752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:45:12.0171 9752 DMusic - ok
18:45:12.0234 9752 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:45:12.0234 9752 Dnscache - ok
18:45:12.0281 9752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:45:12.0281 9752 Dot3svc - ok
18:45:12.0281 9752 dpti2o - ok
18:45:12.0328 9752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:45:12.0328 9752 drmkaud - ok
18:45:12.0359 9752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:45:12.0359 9752 EapHost - ok
18:45:12.0390 9752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:45:12.0390 9752 ERSvc - ok
18:45:12.0484 9752 ES lite Service (b8fa96995726d1fa58476e352c02ad82) C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
18:45:12.0484 9752 ES lite Service - ok
18:45:12.0515 9752 etdrv (3af0ae042afe486b22644cd3fbebf2e2) C:\WINDOWS\etdrv.sys
18:45:13.0109 9752 etdrv - ok
18:45:13.0203 9752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:45:13.0218 9752 Eventlog - ok
18:45:13.0328 9752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:45:13.0328 9752 EventSystem - ok
18:45:13.0390 9752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:45:13.0406 9752 Fastfat - ok
18:45:13.0453 9752 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:45:13.0468 9752 FastUserSwitchingCompatibility - ok
18:45:13.0484 9752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:45:13.0484 9752 Fdc - ok
18:45:13.0500 9752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:45:13.0500 9752 Fips - ok
18:45:13.0750 9752 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:45:13.0875 9752 FLEXnet Licensing Service - ok
18:45:13.0921 9752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:45:13.0921 9752 Flpydisk - ok
18:45:13.0984 9752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:45:14.0000 9752 FltMgr - ok
18:45:14.0078 9752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:45:14.0078 9752 FontCache3.0.0.0 - ok
18:45:14.0093 9752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:45:14.0093 9752 Fs_Rec - ok
18:45:14.0109 9752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:45:14.0109 9752 Ftdisk - ok
18:45:14.0187 9752 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
18:45:14.0187 9752 gdrv - ok
18:45:14.0265 9752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:45:14.0296 9752 GEARAspiWDM - ok
18:45:14.0328 9752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:45:14.0343 9752 Gpc - ok
18:45:14.0406 9752 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:45:14.0406 9752 gupdate - ok
18:45:14.0421 9752 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:45:14.0421 9752 gupdatem - ok
18:45:14.0437 9752 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\WINDOWS\system32\Drivers\GVTDrv.sys
18:45:14.0437 9752 GVTDrv - ok
18:45:14.0500 9752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:45:14.0500 9752 HDAudBus - ok
18:45:14.0500 9752 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:45:14.0515 9752 helpsvc - ok
18:45:14.0546 9752 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:45:14.0546 9752 HidServ - ok
18:45:14.0640 9752 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:45:14.0640 9752 hidusb - ok
18:45:14.0718 9752 HitmanProScheduler (6ae9f23151a8f4835c6197dea77a63fb) C:\Program Files\HitmanPro\hmpsched.exe
18:45:14.0734 9752 HitmanProScheduler - ok
18:45:14.0796 9752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:45:14.0796 9752 hkmsvc - ok
18:45:14.0812 9752 hpn - ok
18:45:14.0875 9752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:45:14.0875 9752 HTTP - ok
18:45:14.0906 9752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:45:14.0921 9752 HTTPFilter - ok
18:45:14.0921 9752 i2omgmt - ok
18:45:14.0937 9752 i2omp - ok
18:45:14.0984 9752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:45:15.0000 9752 i8042prt - ok
18:45:15.0046 9752 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:45:15.0046 9752 IDriverT - ok
18:45:15.0109 9752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:45:15.0140 9752 idsvc - ok
18:45:15.0187 9752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:45:15.0187 9752 Imapi - ok
18:45:15.0265 9752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:45:15.0265 9752 ImapiService - ok
18:45:15.0281 9752 ini910u - ok
18:45:15.0546 9752 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:45:15.0890 9752 IntcAzAudAddService - ok
18:45:15.0906 9752 IntelIde - ok
18:45:15.0953 9752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:45:15.0953 9752 Ip6Fw - ok
18:45:15.0984 9752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:45:15.0984 9752 IpFilterDriver - ok
18:45:16.0000 9752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:45:16.0000 9752 IpInIp - ok
18:45:16.0046 9752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:45:16.0046 9752 IpNat - ok
18:45:16.0125 9752 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:45:16.0140 9752 iPod Service - ok
18:45:16.0187 9752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:45:16.0187 9752 IPSec - ok
18:45:16.0203 9752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:45:16.0203 9752 IRENUM - ok
18:45:16.0250 9752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:45:16.0250 9752 isapnp - ok
18:45:16.0359 9752 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:45:16.0375 9752 JavaQuickStarterService - ok
18:45:16.0406 9752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:45:16.0406 9752 Kbdclass - ok
18:45:16.0421 9752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:45:16.0421 9752 kbdhid - ok
18:45:16.0484 9752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:45:16.0500 9752 kmixer - ok
18:45:16.0531 9752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:45:16.0531 9752 KSecDD - ok
18:45:16.0578 9752 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:45:16.0593 9752 LanmanServer - ok
18:45:16.0656 9752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:45:16.0671 9752 lanmanworkstation - ok
18:45:16.0671 9752 lbrtfdc - ok
18:45:16.0781 9752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:45:16.0796 9752 LmHosts - ok
18:45:16.0828 9752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:45:16.0828 9752 Messenger - ok
18:45:16.0921 9752 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:45:16.0937 9752 Microsoft Office Groove Audit Service - ok
18:45:16.0937 9752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:45:16.0937 9752 mnmdd - ok
18:45:16.0984 9752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:45:17.0000 9752 mnmsrvc - ok
18:45:17.0031 9752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:45:17.0031 9752 Modem - ok
18:45:17.0109 9752 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
18:45:17.0140 9752 Monfilt - ok
18:45:17.0156 9752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:45:17.0156 9752 Mouclass - ok
18:45:17.0203 9752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:45:17.0203 9752 mouhid - ok
18:45:17.0218 9752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:45:17.0218 9752 MountMgr - ok
18:45:17.0234 9752 mraid35x - ok
18:45:17.0265 9752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:45:17.0281 9752 MRxDAV - ok
18:45:17.0312 9752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:45:17.0328 9752 MRxSmb - ok
18:45:17.0359 9752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:45:17.0359 9752 MSDTC - ok
18:45:17.0375 9752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:45:17.0375 9752 Msfs - ok
18:45:17.0390 9752 MSIServer - ok
18:45:17.0406 9752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:45:17.0406 9752 MSKSSRV - ok
18:45:17.0421 9752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:45:17.0437 9752 MSPCLOCK - ok
18:45:17.0515 9752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:45:17.0515 9752 MSPQM - ok
18:45:17.0578 9752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:45:17.0593 9752 mssmbios - ok
18:45:17.0734 9752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:45:17.0734 9752 Mup - ok
18:45:17.0812 9752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:45:17.0828 9752 napagent - ok
18:45:17.0843 9752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:45:17.0843 9752 NDIS - ok
18:45:17.0890 9752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:45:17.0890 9752 NdisTapi - ok
18:45:17.0953 9752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:45:17.0953 9752 Ndisuio - ok
18:45:18.0000 9752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:18.0000 9752 NdisWan - ok
18:45:18.0031 9752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:45:18.0031 9752 NDProxy - ok
18:45:18.0046 9752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:45:18.0046 9752 NetBIOS - ok
18:45:18.0078 9752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:45:18.0093 9752 NetBT - ok
18:45:18.0093 9752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:45:18.0109 9752 NetDDE - ok
18:45:18.0109 9752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:45:18.0125 9752 NetDDEdsdm - ok
18:45:18.0140 9752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:45:18.0156 9752 Netlogon - ok
18:45:18.0187 9752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:45:18.0187 9752 Netman - ok
18:45:18.0281 9752 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:18.0296 9752 NetTcpPortSharing - ok
18:45:18.0328 9752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:45:18.0328 9752 NIC1394 - ok
18:45:18.0390 9752 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:45:18.0406 9752 Nla - ok
18:45:18.0406 9752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:45:18.0406 9752 Npfs - ok
18:45:18.0468 9752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:45:18.0484 9752 Ntfs - ok
18:45:18.0500 9752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:45:18.0500 9752 NtLmSsp - ok
18:45:18.0578 9752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:45:18.0593 9752 NtmsSvc - ok
18:45:18.0625 9752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:45:18.0625 9752 Null - ok
18:45:19.0031 9752 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:45:19.0265 9752 nv - ok
18:45:19.0328 9752 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
18:45:19.0328 9752 NVSvc - ok
18:45:19.0453 9752 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:45:19.0500 9752 nvUpdatusService - ok
18:45:19.0562 9752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:45:19.0562 9752 NwlnkFlt - ok
18:45:19.0578 9752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:45:19.0578 9752 NwlnkFwd - ok
18:45:19.0734 9752 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:45:19.0750 9752 odserv - ok
18:45:19.0765 9752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:45:19.0781 9752 ohci1394 - ok
18:45:19.0812 9752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:19.0812 9752 ose - ok
18:45:19.0843 9752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:45:19.0859 9752 Parport - ok
18:45:19.0859 9752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:45:19.0859 9752 PartMgr - ok
18:45:19.0890 9752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:45:19.0890 9752 ParVdm - ok
18:45:19.0906 9752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:45:19.0906 9752 PCI - ok
18:45:19.0906 9752 PCIDump - ok
18:45:19.0921 9752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:45:19.0921 9752 PCIIde - ok
18:45:19.0937 9752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:45:19.0937 9752 Pcmcia - ok
18:45:19.0968 9752 PDCOMP - ok
18:45:19.0984 9752 PDFRAME - ok
18:45:20.0000 9752 PDRELI - ok
18:45:20.0031 9752 PDRFRAME - ok
18:45:20.0046 9752 perc2 - ok
18:45:20.0062 9752 perc2hib - ok
18:45:20.0093 9752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:45:20.0093 9752 PlugPlay - ok
18:45:20.0140 9752 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
18:45:20.0187 9752 PnkBstrA - ok
18:45:20.0203 9752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:45:20.0203 9752 PolicyAgent - ok
18:45:20.0218 9752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:45:20.0234 9752 PptpMiniport - ok
18:45:20.0281 9752 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:45:20.0281 9752 Processor - ok
18:45:20.0296 9752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:45:20.0296 9752 ProtectedStorage - ok
18:45:20.0312 9752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:45:20.0312 9752 PSched - ok
18:45:20.0328 9752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:45:20.0328 9752 Ptilink - ok
18:45:20.0328 9752 ql1080 - ok
18:45:20.0343 9752 Ql10wnt - ok
18:45:20.0343 9752 ql12160 - ok
18:45:20.0375 9752 ql1240 - ok
18:45:20.0390 9752 ql1280 - ok
18:45:20.0421 9752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:45:20.0421 9752 RasAcd - ok
18:45:20.0453 9752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:45:20.0453 9752 RasAuto - ok
18:45:20.0500 9752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:45:20.0500 9752 Rasl2tp - ok
18:45:20.0531 9752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:45:20.0546 9752 RasMan - ok
18:45:20.0609 9752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:45:20.0609 9752 RasPppoe - ok
18:45:20.0625 9752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:45:20.0625 9752 Raspti - ok
18:45:20.0640 9752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:45:20.0656 9752 Rdbss - ok
18:45:20.0671 9752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:45:20.0671 9752 RDPCDD - ok
18:45:20.0734 9752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:45:20.0734 9752 rdpdr - ok
18:45:20.0781 9752 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:45:20.0796 9752 RDPWD - ok
18:45:20.0828 9752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:45:20.0843 9752 RDSessMgr - ok
18:45:20.0859 9752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:45:20.0875 9752 redbook - ok
18:45:20.0906 9752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:45:20.0906 9752 RemoteAccess - ok
18:45:20.0937 9752 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:45:20.0953 9752 RemoteRegistry - ok
18:45:21.0000 9752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:45:21.0000 9752 RpcLocator - ok
18:45:21.0062 9752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:45:21.0062 9752 RpcSs - ok
18:45:21.0109 9752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:45:21.0125 9752 RSVP - ok
18:45:21.0203 9752 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
18:45:21.0218 9752 RTCore32 - ok
18:45:21.0265 9752 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:45:21.0281 9752 RTLE8023xp - ok
18:45:21.0281 9752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:45:21.0296 9752 SamSs - ok
18:45:21.0328 9752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:45:21.0343 9752 SCardSvr - ok
18:45:21.0406 9752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:45:21.0421 9752 Schedule - ok
18:45:21.0578 9752 SDScannerService (8dcd2c2aa1debe7edaac90e398765976) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
18:45:21.0656 9752 SDScannerService - ok
18:45:21.0734 9752 SDUpdateService (5de1be0423c8cc00e8c47dbf4f987dd4) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:45:21.0765 9752 SDUpdateService - ok
18:45:21.0812 9752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:45:21.0812 9752 Secdrv - ok
18:45:21.0828 9752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:45:21.0828 9752 seclogon - ok
18:45:21.0843 9752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:45:21.0843 9752 SENS - ok
18:45:21.0875 9752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:45:21.0875 9752 serenum - ok
18:45:21.0890 9752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:45:21.0890 9752 Serial - ok
18:45:22.0031 9752 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\WINDOWS\system32\drivers\sfdrv01.sys
18:45:22.0031 9752 sfdrv01 - ok
18:45:22.0078 9752 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
18:45:22.0078 9752 sfhlp02 - ok
18:45:22.0125 9752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:45:22.0125 9752 Sfloppy - ok
18:45:22.0171 9752 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
18:45:22.0171 9752 sfsync02 - ok
18:45:22.0218 9752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:45:22.0218 9752 SharedAccess - ok
18:45:22.0281 9752 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:45:22.0281 9752 ShellHWDetection - ok
18:45:22.0296 9752 Simbad - ok
18:45:22.0312 9752 Sparrow - ok
18:45:22.0390 9752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:45:22.0390 9752 splitter - ok
18:45:22.0421 9752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:45:22.0421 9752 Spooler - ok
18:45:22.0453 9752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:45:22.0453 9752 sr - ok
18:45:22.0468 9752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:45:22.0484 9752 srservice - ok
18:45:22.0531 9752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:45:22.0546 9752 Srv - ok
18:45:22.0609 9752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:45:22.0609 9752 SSDPSRV - ok
18:45:22.0703 9752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:45:22.0718 9752 stisvc - ok
18:45:22.0750 9752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:45:22.0750 9752 swenum - ok
18:45:22.0796 9752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:45:22.0812 9752 swmidi - ok
18:45:22.0812 9752 SwPrv - ok
18:45:22.0828 9752 symc810 - ok
18:45:22.0843 9752 symc8xx - ok
18:45:22.0859 9752 sym_hi - ok
18:45:22.0859 9752 sym_u3 - ok
18:45:22.0953 9752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:45:22.0953 9752 sysaudio - ok
18:45:23.0031 9752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:45:23.0046 9752 SysmonLog - ok
18:45:23.0093 9752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:45:23.0093 9752 TapiSrv - ok
18:45:23.0125 9752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:45:23.0140 9752 Tcpip - ok
18:45:23.0171 9752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:45:23.0171 9752 TDPIPE - ok
18:45:23.0234 9752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:45:23.0250 9752 TDTCP - ok
18:45:23.0281 9752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:45:23.0296 9752 TermDD - ok
18:45:23.0328 9752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:45:23.0343 9752 TermService - ok
18:45:23.0359 9752 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:45:23.0359 9752 Themes - ok
18:45:23.0375 9752 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:45:23.0375 9752 TlntSvr - ok
18:45:23.0390 9752 TosIde - ok
18:45:23.0437 9752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:45:23.0437 9752 TrkWks - ok
18:45:23.0484 9752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:45:23.0500 9752 Udfs - ok
18:45:23.0531 9752 ultra - ok
18:45:23.0640 9752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:45:23.0656 9752 Update - ok
18:45:23.0703 9752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:45:23.0718 9752 upnphost - ok
18:45:23.0750 9752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:45:23.0750 9752 UPS - ok
18:45:23.0796 9752 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:45:23.0812 9752 USBAAPL - ok
18:45:23.0890 9752 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:45:23.0890 9752 usbaudio - ok
18:45:23.0937 9752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:45:23.0937 9752 usbccgp - ok
18:45:23.0968 9752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:45:23.0968 9752 usbehci - ok
18:45:24.0000 9752 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\WINDOWS\system32\DRIVERS\usbfilter.sys
18:45:24.0015 9752 usbfilter - ok
18:45:24.0046 9752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:45:24.0046 9752 usbhub - ok
18:45:24.0078 9752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:45:24.0078 9752 usbohci - ok
18:45:24.0156 9752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:45:24.0156 9752 usbscan - ok
18:45:24.0203 9752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:45:24.0203 9752 USBSTOR - ok
18:45:24.0250 9752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:45:24.0250 9752 VgaSave - ok
18:45:24.0265 9752 ViaIde - ok
18:45:24.0312 9752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:45:24.0328 9752 VolSnap - ok
18:45:24.0343 9752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:45:24.0343 9752 VSS - ok
18:45:24.0406 9752 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:45:24.0421 9752 W32Time - ok
18:45:24.0453 9752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:45:24.0453 9752 Wanarp - ok
18:45:24.0468 9752 WDICA - ok
18:45:24.0484 9752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:45:24.0484 9752 wdmaud - ok
18:45:24.0515 9752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:45:24.0531 9752 WebClient - ok
18:45:24.0578 9752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:45:24.0578 9752 winmgmt - ok
18:45:24.0718 9752 WinRing0_1_2_0 - ok
18:45:24.0890 9752 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:45:24.0937 9752 wlidsvc - ok
18:45:25.0031 9752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:45:25.0031 9752 WmdmPmSN - ok
18:45:25.0140 9752 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:45:25.0156 9752 Wmi - ok
18:45:25.0171 9752 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:45:25.0187 9752 WmiAcpi - ok
18:45:25.0218 9752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:45:25.0218 9752 WmiApSrv - ok
18:45:25.0375 9752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:45:25.0390 9752 WMPNetworkSvc - ok
18:45:25.0578 9752 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:45:25.0625 9752 WPFFontCache_v0400 - ok
18:45:25.0718 9752 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:45:25.0734 9752 wscsvc - ok
18:45:25.0812 9752 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:45:25.0828 9752 wuauserv - ok
18:45:25.0921 9752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:45:25.0921 9752 WudfPf - ok
18:45:25.0984 9752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:45:25.0984 9752 WudfRd - ok
18:45:26.0046 9752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:45:26.0046 9752 WudfSvc - ok
18:45:26.0093 9752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:45:26.0109 9752 WZCSVC - ok
18:45:26.0171 9752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:45:26.0250 9752 xmlprov - ok
18:45:26.0281 9752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:45:26.0593 9752 \Device\Harddisk0\DR0 - ok
18:45:26.0609 9752 Boot (0x1200) (ac10c40af69a59902fe4b1a111b104f1) \Device\Harddisk0\DR0\Partition0
18:45:26.0609 9752 \Device\Harddisk0\DR0\Partition0 - ok
18:45:26.0609 9752 ============================================================
18:45:26.0609 9752 Scan finished
18:45:26.0609 9752 ============================================================
18:45:26.0625 6648 Detected object count: 0
18:45:26.0625 6648 Actual detected object count: 0
 
Hi mrclark, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.



Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Next

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png


There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
  • both OTL logs
  • aswMBR log
 
hi heres the first part of the OTL log, its been difficult posting it due to its size.



OTL logfile created on: 4/19/2012 8:34:35 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 66.08% Memory free
5.09 Gb Paging File | 4.16 Gb Available in Paging File | 81.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 379.37 Gb Free Space | 40.73% Space Free | Partition Type: NTFS

Computer Name: ADMIN-FDC77CCCA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Administrator\Desktop\CPU Thermometer\CPUThermometer.exe ()
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Administrator\Local Settings\Temp\~10.tmp ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll ()
MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Documents and Settings\Administrator\Desktop\CPU Thermometer\CPUThermometer.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
MOD - C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files\Gigabyte\EasySaver\ycc.dll ()
MOD - C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
MOD - C:\Program Files\EVGA Precision\RTCore.dll ()
MOD - C:\Program Files\EVGA Precision\RTUI.dll ()
MOD - C:\Program Files\EVGA Precision\RTFC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AppleChargerSrv) -- C:\WINDOWS\system32\AppleChargerSrv.exe ()
SRV - (BCUService) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (WinRing0_1_2_0) -- C:\Documents and Settings\Administrator\Local Settings\Temp\tmp9.tmp File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (etdrv) -- C:\WINDOWS\etdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AppleCharger) -- C:\WINDOWS\system32\drivers\AppleCharger.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (usbfilter) -- C:\WINDOWS\system32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RTCore32) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67B304DA-6278-40b3-B8E8-D46F814D6BFB}
IE - HKCU\..\SearchScopes\{0A4D1FD6-14A6-42b7-B9E4-A9A86BA9C833}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A2938615334&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A2938615334&q={searchTerms}
IE - HKCU\..\SearchScopes\{0C0AD665-632E-4818-A02A-A810DEFFC693}: "URL" = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ca
IE - HKCU\..\SearchScopes\{67B304DA-6278-40b3-B8E8-D46F814D6BFB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/04/18 18:26:19 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 21:04:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/15 22:29:42 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [CPUThermometer] C:\Documents and Settings\Administrator\Desktop\CPU Thermometer\CPUThermometer.exe ()
O4 - HKCU..\Run: [dabebdbdaafdct] C:\Documents and Settings\All Users\Application Data\dabebdbdaafdct.exe ()
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB79E8E6-3A4E-4955-9F00-0C1D77D8038C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/06 02:55:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 20:31:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/17 17:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/04/17 17:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/04/16 19:26:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/04/16 19:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/16 19:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/16 19:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2012/04/15 21:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/15 21:48:21 | 007,245,976 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/15 21:46:24 | 008,250,768 | ---- | C] (SurfRight B.V.) -- C:\Program Files\HitmanPro36_x64.exe
[2012/04/15 18:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/04/15 15:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/04/15 15:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/04/15 15:19:47 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/04/15 15:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/04/15 15:17:03 | 000,325,200 | ---- | C] (OpenInstall ) -- C:\Program Files\spybotsd-2.exe
[2012/04/08 21:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/04/08 21:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/07 22:10:02 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/21 21:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/19 22:00:20 | 003,147,344 | ---- | C] (Macroplant, LLC ) -- C:\Program Files\iExplorer_Setup.exe
[2011/12/22 18:43:38 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/11/01 18:16:13 | 063,084,671 | ---- | C] (NovaLogic ) -- C:\Program Files\c4demo.exe
[2011/10/25 18:07:45 | 089,643,496 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\285.58-desktop-winxp-32bit-english-whql.exe
[2011/09/21 17:23:35 | 047,963,312 | ---- | C] (Electronic Arts, Inc.) -- C:\Program Files\OriginSetup.exe
[2011/04/23 13:22:32 | 088,715,952 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\270.61-desktop-winxp-32bit-english-whql.exe
[2011/03/21 17:36:17 | 038,191,344 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSAudioEditor.exe
[2011/03/21 17:36:16 | 150,895,952 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoEditor.exe
[2010/11/06 12:47:43 | 034,226,736 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\nmsetup.exe
[2010/10/19 11:41:31 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1136_upgrade.exe
[2010/10/16 16:10:34 | 002,129,648 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\fraps.exe
[2010/10/10 22:55:19 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u21.exe
[2010/10/07 20:09:26 | 000,589,640 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe
[2010/09/13 12:54:17 | 069,316,464 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2010/09/06 18:52:56 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_115_cnet.exe
[2010/09/06 01:30:18 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 20:32:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/19 20:29:37 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malware redirects Google Search Results - Safer-Networking Forums.url
[2012/04/19 19:56:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 19:56:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 19:56:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/19 19:29:25 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\play in right rear wheel of 08 ren x, is it bearings - can-am ATV Forums - can-amtalk.com.url
[2012/04/19 18:48:13 | 095,645,533 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/19 18:47:14 | 000,225,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/19 18:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\PC Unleashed Registration3.job
[2012/04/19 06:17:33 | 000,000,598 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/04/19 06:17:19 | 000,001,048 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2012/04/19 06:17:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/19 06:16:29 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012/04/19 06:16:16 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/04/19 06:16:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/18 22:02:24 | 000,000,578 | ---- | M] () -- C:\WINDOWS\M3JPEG.INI
[2012/04/18 21:38:32 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 21:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/18 19:18:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/18 18:53:09 | 000,138,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/04/18 18:50:41 | 000,234,536 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/04/18 18:44:09 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/04/17 19:30:40 | 000,054,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\11881200.m792003.jpg
[2012/04/17 17:52:26 | 000,000,172 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/04/17 17:41:59 | 000,000,257 | RHS- | M] () -- C:\boot.ini
[2012/04/16 19:26:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/04/16 19:21:35 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/15 22:29:42 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/15 21:48:31 | 007,245,976 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/15 21:46:37 | 008,250,768 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro36_x64.exe
[2012/04/15 20:34:58 | 000,003,204 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\What is this Russian Weapon Military.com.url
[2012/04/15 20:34:26 | 000,070,302 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pix594976204.jpg
[2012/04/15 18:03:19 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Recommended Upgrades for 08 Renegade 800X - can-am ATV Forums - can-amtalk.com.url
[2012/04/15 15:19:59 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/04/15 15:19:59 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/04/15 15:19:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/04/15 15:17:08 | 000,325,200 | ---- | M] (OpenInstall ) -- C:\Program Files\spybotsd-2.exe
[2012/04/15 14:51:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dabebdbdaafdct.exe
[2012/04/15 13:15:25 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Another Renegade SUBSEA snorkel kit is created! - can-am ATV Forums - can-amtalk.com - Page 2.url
[2012/04/15 13:14:57 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\4 x Cases (Military Boxes) for .22.url
[2012/04/15 12:04:44 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.hitmanpro
[2012/04/15 12:04:44 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120415-183150.backup
[2012/04/13 20:56:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/13 20:56:04 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/11 19:17:09 | 000,234,536 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/04/11 06:55:30 | 000,573,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 06:55:30 | 000,108,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 06:45:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 18:10:12 | 000,000,428 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trance on guitar - YouTube.url
[2012/04/08 21:27:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/08 15:20:06 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EHS Racing Contact Information.url
[2012/04/04 19:16:57 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Extreme Idiots Compilation 2 - YouTube.url
[2012/04/04 17:51:43 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\PC Unleashed.job
[2012/04/03 21:12:24 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Flight.url
[2012/03/26 19:02:46 | 001,563,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/24 17:55:49 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/03/24 17:54:33 | 034,226,736 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\nmsetup.exe
[2012/03/24 17:17:42 | 000,033,745 | ---- | M] () -- C:\WINDOWSHvc_____.pfb
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 19:39:18 | 000,065,625 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\r152055_543356.jpg
[2012/04/17 19:37:01 | 000,222,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\goodhousekeepingqe0.jpg
[2012/04/17 18:58:10 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malware redirects Google Search Results - Safer-Networking Forums.url
[2012/04/17 17:54:55 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/04/16 19:21:35 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/15 18:26:43 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\play in right rear wheel of 08 ren x, is it bearings - can-am ATV Forums - can-amtalk.com.url
[2012/04/15 18:03:19 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Recommended Upgrades for 08 Renegade 800X - can-am ATV Forums - can-amtalk.com.url
[2012/04/15 17:42:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/04/15 15:19:58 | 000,000,594 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/04/15 15:19:58 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/04/15 15:19:57 | 000,000,598 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/04/15 15:19:52 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/04/15 15:19:52 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/04/15 13:31:34 | 000,070,302 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pix594976204.jpg
[2012/04/15 13:04:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dabebdbdaafdct.exe
[2012/04/08 21:27:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/08 15:20:05 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EHS Racing Contact Information.url
[2012/04/07 23:14:26 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trance on guitar - YouTube.url
[2012/04/07 22:10:03 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/04 21:28:35 | 000,409,738 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-308236825-725345543-500-0.dat
[2012/04/03 21:12:23 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Flight.url
[2012/03/24 17:17:42 | 000,033,745 | ---- | C] () -- C:\WINDOWSHvc_____.pfb
[2012/02/14 18:50:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 23:47:35 | 000,345,706 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/11 22:05:39 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/09/28 18:35:17 | 003,815,360 | ---- | C] () -- C:\Program Files\battlelog-web-plugins-0.80.0-retail-ob.exe
[2011/06/13 15:16:33 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/04 20:48:52 | 000,291,539 | ---- | C] () -- C:\Program Files\cputhermometer_setup.exe
[2011/04/23 13:14:57 | 000,203,792 | ---- | C] () -- C:\Program Files\EVGAPrecision.exe
[2011/04/23 13:14:57 | 000,044,048 | ---- | C] () -- C:\Program Files\EVGAPrecisionWrapper.exe
[2010/12/04 01:27:07 | 000,003,217 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2010/12/04 01:27:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\arcsuite.ini
[2010/11/29 02:16:18 | 000,056,844 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/28 18:37:42 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/11/06 12:50:38 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/10/16 18:18:57 | 000,000,578 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2010/10/12 15:18:39 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010/09/13 13:13:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\GeoLan.ini
[2010/09/13 13:11:28 | 000,229,376 | R--- | C] () -- C:\WINDOWS\System32\GXGM20.dll
[2010/09/13 13:11:25 | 000,745,984 | R--- | C] () -- C:\WINDOWS\ir50_32.dll
[2010/09/13 13:11:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\GODDNIF.ini
[2010/09/06 20:32:02 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/06 16:53:10 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/06 16:53:10 | 000,022,328 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/09/06 16:52:28 | 000,234,536 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/09/06 16:52:27 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/09/06 16:52:27 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/09/06 16:06:01 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/09/06 15:38:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/06 14:52:38 | 001,364,522 | ---- | C] () -- C:\Program Files\winrar-x64-393.exe
[2010/09/06 03:39:30 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/09/06 03:33:41 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/09/06 03:33:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/09/06 03:18:17 | 001,588,224 | ---- | C] () -- C:\Program Files\SteamInstall.msi
[2010/09/06 02:56:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/06 02:52:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/06 02:42:09 | 000,194,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/06 00:55:07 | 000,286,760 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/06 00:55:06 | 000,286,760 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/06 00:55:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/06 00:47:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/06 00:47:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/06 00:47:03 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/09/06 00:39:52 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2010/09/06 00:39:52 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2010/09/05 19:41:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/05 19:40:07 | 001,563,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/01/01 22:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2011/10/13 19:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012
[2012/03/11 20:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DarknessIIDemo
[2011/09/14 22:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/01/02 22:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios
[2012/04/19 06:17:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
[2011/03/25 23:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2011/10/23 13:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Origin
[2011/09/14 22:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Unleashed Online
[2011/01/01 20:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/10/13 19:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/19 11:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 11:53:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/12 15:29:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/09/21 17:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/04/16 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/09/07 20:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/04/19 18:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/21 17:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/09/14 22:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/03/26 13:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/09/13 12:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/19 06:17:33 | 000,000,598 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/03/09 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PC Unleashed Defrag.job
[2012/04/19 18:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\PC Unleashed Registration3.job
[2012/03/09 01:50:02 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\PC Unleashed Update Version3.job
[2012/04/04 17:51:43 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\PC Unleashed.job
[2012/04/15 15:19:59 | 000,000,594 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/04/15 15:19:59 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/13 18:26:55 | 000,499,843 | ---- | M] () -- C:\AnalysisLog.sr0
[2010/09/06 02:55:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/04/17 17:41:59 | 000,000,257 | RHS- | M] () -- C:\boot.ini
[2010/09/06 02:55:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/06 00:43:06 | 000,000,156 | ---- | M] () -- C:\csb.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/09/06 03:39:35 | 000,000,197 | ---- | M] () -- C:\Install.log
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/09/06 02:55:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/06 02:55:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/19 06:16:02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/09/06 03:37:52 | 000,002,944 | ---- | M] () -- C:\RHDSetup.log
[2012/04/19 06:17:16 | 000,000,144 | ---- | M] () -- C:\service.log
[2012/04/19 19:00:17 | 000,083,120 | ---- | M] () -- C:\TDSSKiller.2.7.29.0_19.04.2012_18.44.02_log.txt
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012/03/24 17:17:42 | 000,033,745 | ---- | M] () -- C:\WINDOWSHvc_____.pfb

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/06 02:54:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/04/23 13:22:43 | 088,715,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\270.61-desktop-winxp-32bit-english-whql.exe
[2011/10/25 18:32:25 | 089,643,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\285.58-desktop-winxp-32bit-english-whql.exe
[2010/10/19 11:41:53 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1136_upgrade.exe
[2010/09/06 18:53:03 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_115_cnet.exe
[2011/03/21 17:57:25 | 038,191,344 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSAudioEditor.exe
[2011/03/21 17:41:09 | 150,895,952 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoEditor.exe
[2011/09/28 18:35:30 | 003,815,360 | ---- | M] () -- C:\Program Files\battlelog-web-plugins-0.80.0-retail-ob.exe
[2011/11/01 18:16:20 | 063,084,671 | ---- | M] (NovaLogic ) -- C:\Program Files\c4demo.exe
[2011/06/04 20:48:56 | 000,291,539 | ---- | M] () -- C:\Program Files\cputhermometer_setup.exe
[2008/06/04 12:27:16 | 000,203,792 | ---- | M] () -- C:\Program Files\EVGAPrecision.exe
[2008/06/04 12:27:16 | 000,044,048 | ---- | M] () -- C:\Program Files\EVGAPrecisionWrapper.exe
[2010/10/16 16:10:39 | 002,129,648 | ---- | M] (Beepa Pty Ltd) -- C:\Program Files\fraps.exe
[2011/06/12 16:48:37 | 000,589,640 | ---- | M] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe
[2012/04/15 21:48:31 | 007,245,976 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro36.exe
[2012/04/15 21:46:37 | 008,250,768 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro36_x64.exe
[2010/09/06 01:30:36 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2012/01/19 22:00:26 | 003,147,344 | ---- | M] (Macroplant, LLC ) -- C:\Program Files\iExplorer_Setup.exe
[2012/02/25 19:41:02 | 069,316,464 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2010/10/10 22:55:28 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u21.exe
[2012/03/24 17:54:33 | 034,226,736 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\nmsetup.exe
[2011/09/21 17:23:44 | 047,963,312 | ---- | M] (Electronic Arts, Inc.) -- C:\Program Files\OriginSetup.exe
[2012/01/07 20:26:28 | 039,401,336 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2012/04/15 15:17:08 | 000,325,200 | ---- | M] (OpenInstall ) -- C:\Program Files\spybotsd-2.exe
[2010/09/06 03:18:21 | 001,588,224 | ---- | M] () -- C:\Program Files\SteamInstall.msi
[2010/09/06 14:53:40 | 001,364,522 | ---- | M] () -- C:\Program Files\winrar-x64-393.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/09/05 19:39:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/09/05 19:39:24 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/09/05 19:39:23 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2010/09/06 02:55:06 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/09/06 15:38:12 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
[2010/09/06 15:38:12 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
[2010/09/06 00:39:52 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Program Updates.lnk
[2011/09/14 22:09:32 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2010/09/06 02:55:06 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2011/09/14 22:09:32 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/19 20:32:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 10:57:16

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2012/02/07 17:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2008/04/14 05:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=86B13BD2DAC4D331B0B6406E632AB086 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=86B13BD2DAC4D331B0B6406E632AB086 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2012/04/19 20:43:49 | 000,062,734 | ---- | M] () MD5=56B6034DAF18ADD6340EC2A13E62339C -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SCF >
[2004/08/04 08:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.ZIP >
[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.CHM >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ie8\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: IEXPLORE.EXE.20120415-005624-00.HDMP >
[2012/04/14 20:56:25 | 005,151,992 | ---- | M] () MD5=7E2233C5A4124E0F11C2DCD7831A140A -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120415-005624-00.hdmp

< MD5 for: IEXPLORE.EXE.20120415-170611-00.HDMP >
[2012/04/15 13:06:14 | 005,760,621 | ---- | M] () MD5=47D27958EC065B4E406D327897FB527F -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120415-170611-00.hdmp

< MD5 for: IEXPLORE.EXE.20120415-190207-00.HDMP >
[2012/04/15 15:02:08 | 004,895,483 | ---- | M] () MD5=31455F4E281B23FBC24F334BCB786868 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120415-190207-00.hdmp

< MD5 for: IEXPLORE.EXE.20120416-221911-00.HDMP >
[2012/04/16 18:19:14 | 066,354,636 | ---- | M] () MD5=A49FEC903CA66EF601AF94C993CD6A25 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120416-221911-00.hdmp

< MD5 for: IEXPLORE.EXE.20120417-195735-00.HDMP >
[2012/04/17 15:57:36 | 003,755,088 | ---- | M] () MD5=D4C47D86116513F01E0DE0F130287FA0 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120417-195735-00.hdmp

< MD5 for: IEXPLORE.EXE.20120417-205807-00.HDMP >
[2012/04/17 16:58:09 | 004,768,148 | ---- | M] () MD5=31BD9C09AB41B641F5E93490622CBD37 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120417-205807-00.hdmp

< MD5 for: IEXPLORE.EXE.20120418-231829-00.HDMP >
[2012/04/18 19:18:31 | 005,158,988 | ---- | M] () MD5=EB1A7F9BB3429B120C52655574F6FC63 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120418-231829-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003217-00.HDMP >
[2012/04/18 20:32:20 | 028,412,148 | ---- | M] () MD5=ABCFC04C679AE52F2C2F883B8ACA2FD4 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003217-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003220-00.HDMP >
[2012/04/18 20:32:22 | 023,110,752 | ---- | M] () MD5=EBF771652E7238F89F980F27A45C4674 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003220-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003222-00.HDMP >
[2012/04/18 20:32:24 | 023,114,748 | ---- | M] () MD5=BFAE73FC417420C71B1215FEB1BBD82D -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003222-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003224-00.HDMP >
[2012/04/18 20:32:26 | 023,118,744 | ---- | M] () MD5=8FB475EB75DFD19025D4F08B780F8163 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003224-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003226-00.HDMP >
[2012/04/18 20:32:27 | 023,122,740 | ---- | M] () MD5=676627949D33DA56784F63DC1C98C4E0 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003226-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003227-00.HDMP >
[2012/04/18 20:32:29 | 023,126,736 | ---- | M] () MD5=4237D2E8314F45E87B5EA49BF88B5780 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003227-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003229-00.HDMP >
[2012/04/18 20:32:32 | 023,130,732 | ---- | M] () MD5=247F37F045B1BCBCA91E5FAA63BFD75F -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003229-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003232-00.HDMP >
[2012/04/18 20:32:36 | 023,134,728 | ---- | M] () MD5=1C3C1C0AC6620410AF27704620474B16 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003232-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003236-00.HDMP >
[2012/04/18 20:32:40 | 023,155,092 | ---- | M] () MD5=8CC9A5D662F7565A6C1D4566B31A889A -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003236-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003240-00.HDMP >
[2012/04/18 20:32:42 | 023,157,796 | ---- | M] () MD5=0C2FAF782D29B6259F224B71039457E2 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003240-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003242-00.HDMP >
[2012/04/18 20:32:44 | 023,161,792 | ---- | M] () MD5=00A73DA855B2129AFFEC49503ED7F2B0 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003242-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003244-00.HDMP >
[2012/04/18 20:32:45 | 023,165,788 | ---- | M] () MD5=F54DA30F7794DD55013820CB335FD2FE -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003244-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003245-00.HDMP >
[2012/04/18 20:32:47 | 023,169,784 | ---- | M] () MD5=D211A582A7100C1F63DED176BF646385 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003245-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003247-00.HDMP >
[2012/04/18 20:32:49 | 023,177,876 | ---- | M] () MD5=68CAF2BE38824D41D1DCCA75FA22542E -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003247-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003249-00.HDMP >
[2012/04/18 20:32:50 | 023,185,968 | ---- | M] () MD5=0344D7AFA41A59C06A7E40DBFBA0BF90 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003249-00.hdmp

< MD5 for: IEXPLORE.EXE.20120419-003250-00.HDMP >
[2012/04/18 20:32:52 | 023,194,060 | ---- | M] () MD5=94AF3D010602231D3A96AE0530FCDB29 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\iexplore.exe.20120419-003250-00.hdmp
 
Hi mrclark,

Please read through these instructions to familarize yourself with what to expect when this tool runs


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
here it is, thanks

ComboFix 12-04-22.01 - Administrator 04/22/2012 14:38:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2579 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Recent\Thumbs.db
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\dabebdbdaafdct.exe
c:\documents and settings\All Users\Application Data\iiaraaa.tmp
C:\install.exe
c:\program files\270.61-desktop-winxp-32bit-english-whql.exe
c:\program files\285.58-desktop-winxp-32bit-english-whql.exe
c:\program files\avg_free_stb_all_2011_1136_upgrade.exe
c:\program files\iexplorer
c:\program files\iexplorer\AxInterop.QTOControlLib.dll
c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files\iexplorer\iExplorer.exe
c:\program files\iexplorer\Interop.QTOControlLib.dll
c:\program files\iexplorer\Interop.QTOLibrary.dll
c:\program files\iexplorer\isxdl.dll
c:\program files\iexplorer\MPCrashReporter.dll
c:\program files\iexplorer\MPUpdater.dll
c:\program files\iexplorer\msvcr71.dll
c:\program files\iexplorer\PodPhone2.dll
c:\program files\iexplorer\unins000.dat
c:\program files\iexplorer\unins000.exe
c:\program files\iexplorer\unins000.msg
c:\windows\expl.dat
c:\windows\system32\dllc.dat
c:\windows\system32\SET5C.tmp
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:46 . 2012-04-18 22:47 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-04-17 21:54 . 2012-04-17 21:54 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-16 23:26 . 2012-04-16 23:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-16 23:21 . 2012-04-16 23:21 -------- d-----w- c:\program files\HitmanPro
2012-04-16 23:20 . 2012-04-16 23:20 -------- d-----w- c:\program files\New Folder
2012-04-16 01:48 . 2012-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-15 19:19 . 2012-04-15 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-15 19:19 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-04-15 19:19 . 2012-04-15 19:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-04-15 19:17 . 2012-04-15 19:17 325200 ----a-w- c:\program files\spybotsd-2.exe
2012-04-15 00:32 . 2012-04-15 00:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-04-15 00:31 . 2012-04-15 00:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-04-09 01:25 . 2012-04-09 01:25 -------- d-----w- c:\program files\iPod
2012-04-08 02:10 . 2012-04-14 00:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-24 22:15 . 2012-03-24 22:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 17:26 . 2010-09-06 04:46 17488 ----a-w- c:\windows\gdrv.sys
2012-04-22 00:11 . 2010-09-06 20:53 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-22 00:10 . 2010-09-06 20:53 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-22 00:10 . 2010-09-06 20:52 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-18 22:50 . 2010-09-06 20:52 234536 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-14 00:56 . 2011-05-14 23:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 21:55 . 2010-11-06 16:50 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2012-03-24 21:54 . 2010-11-06 16:47 34226736 ----a-w- c:\program files\nmsetup.exe
2012-03-01 11:01 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 09:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec
2012-02-25 23:41 . 2010-09-13 16:54 69316464 ----a-w- c:\program files\iTunesSetup.exe
2012-02-15 15:01 . 2010-09-13 16:56 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2010-09-13 16:56 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 02:00 . 2012-01-20 02:00 3147344 ----a-w- c:\program files\iExplorer_Setup.exe
2012-01-08 00:26 . 2011-12-22 22:43 39401336 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-11-01 22:16 . 2011-11-01 22:16 63084671 ----a-w- c:\program files\c4demo.exe
2011-09-28 22:35 . 2011-09-28 22:35 3815360 ----a-w- c:\program files\battlelog-web-plugins-0.80.0-retail-ob.exe
2011-09-21 21:23 . 2011-09-21 21:23 47963312 ----a-w- c:\program files\OriginSetup.exe
2011-06-12 20:48 . 2010-10-08 00:09 589640 ----a-w- c:\program files\GoogleEarthSetup.exe
2011-06-05 00:48 . 2011-06-05 00:48 291539 ----a-w- c:\program files\cputhermometer_setup.exe
2011-03-21 21:57 . 2011-03-21 21:36 38191344 ----a-w- c:\program files\AVSAudioEditor.exe
2011-03-21 21:41 . 2011-03-21 21:36 150895952 ----a-w- c:\program files\AVSVideoEditor.exe
2010-10-16 20:10 . 2010-10-16 20:10 2129648 ----a-w- c:\program files\fraps.exe
2010-10-11 02:55 . 2010-10-11 02:55 874272 ----a-w- c:\program files\JavaSetup6u21.exe
2010-09-06 22:53 . 2010-09-06 22:52 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-06 18:53 . 2010-09-06 18:52 1364522 ----a-w- c:\program files\winrar-x64-393.exe
2010-09-06 07:18 . 2010-09-06 07:18 1588224 ----a-w- c:\program files\SteamInstall.msi
2010-09-06 05:30 . 2010-09-06 05:30 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-06-04 16:27 . 2011-04-23 17:14 44048 ----a-w- c:\program files\EVGAPrecisionWrapper.exe
2008-06-04 16:27 . 2011-04-23 17:14 203792 ----a-w- c:\program files\EVGAPrecision.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . E12A7DF6EFB606316DBC801C473F1FE7 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . E5900F36F2BD2335433334B56ECA9FDD . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 86B13BD2DAC4D331B0B6406E632AB086 . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"CPUThermometer"="c:\documents and settings\Administrator\Desktop\CPU Thermometer\CPUThermometer.exe" [2011-01-14 127488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-06-04 203792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-9-6 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\EFLC.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJackLoader.exe"=
"c:\\Program Files\\Steam\\steamapps\\hicks439\\half-life 2 lostcoast\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\LaunchEFLC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medal of honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medal of honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medal of honor\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\battle los angeles\\bin\\BattleLA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hydrophobia\\HydroPC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crysis 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Battlelog Web Plugins\\Sonar\\0.70.0\\SonarHost.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dcs a10c warthog trailer\\smp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\driver san francisco\\Driver.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman2\\RunLauncher.bat"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sniper ghost warrior\\Sniper_x86.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFiles.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\microsoft flight\\Flight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [9/6/2010 12:39 AM 19496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 5:06 PM 223464]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [9/6/2010 3:34 AM 68136]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4/23/2011 1:24 PM 2253120]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/15/2012 3:19 PM 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/15/2012 3:19 PM 1185704]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [9/6/2010 3:39 AM 30392]
R3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\Administrator\Local Settings\Temp\tmp4.tmp --> c:\documents and settings\Administrator\Local Settings\Temp\tmp4.tmp [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2010 8:09 PM 136176]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [4/16/2012 7:21 PM 105288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 10:10 PM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/6/2010 3:37 AM 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [9/6/2010 1:06 AM 17488]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2010 8:09 PM 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [9/6/2010 12:47 AM 24944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - hitmanpro35
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 00:56]
.
2012-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-04-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-04-15 21:19]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 00:09]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 00:09]
.
2012-03-09 c:\windows\Tasks\PC Unleashed Defrag.job
- c:\program files\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]
.
2012-04-21 c:\windows\Tasks\PC Unleashed Registration3.job
- c:\program files\Common Files\PC Unleashed Online\UUS3\UUS3.dll [2011-09-06 18:27]
.
2012-03-09 c:\windows\Tasks\PC Unleashed Update Version3.job
- c:\program files\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27]
.
2012-04-04 c:\windows\Tasks\PC Unleashed.job
- c:\program files\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]
.
2012-04-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-04-15 21:19]
.
2012-04-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-04-15 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-dabebdbdaafdct - c:\documents and settings\All Users\Application Data\dabebdbdaafdct.exe
HKU-Default-Run-dabebdbdaafdct - c:\documents and settings\All Users\Application Data\dabebdbdaafdct.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-BattlEye - c:\program files\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-N.A.W 6..0 MAP Pack 16.0 - c:\program files\EA GAMES\Battlefield 2\mods\naw\Uninstall\MP1\N.A.W
AddRemove-N.A.W 6..0 MAP Pack 26.0 - c:\program files\EA GAMES\Battlefield 2\mods\naw\Uninstall\MP1\N.A.W
AddRemove-N.A.W 6..0 MAP Pack 36.0 - c:\program files\EA GAMES\Battlefield 2\mods\naw\Uninstall\MP1\N.A.W
AddRemove-N.A.W 6..0 MAP Pack 46.0 - c:\program files\EA GAMES\Battlefield 2\mods\naw\Uninstall\MP1\N.A.W
AddRemove-Nations at War6.0 - c:\program files\EA GAMES\Battlefield 2\mods\\naw\\Uninstall\MOD\N.A.W
AddRemove-Precision - c:\program files\EVGA Precision\uninstall.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe
AddRemove-XWW2_BF2_1.0 - 0:\program files\EA GAMES\Battlefield 2\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinRing0_1_2_0]
"ImagePath"="\??\c:\documents and settings\Administrator\Local Settings\Temp\tmp4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,6f,f1,63,32,e5,bc,45,89,bf,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,6f,f1,63,32,e5,bc,45,89,bf,b0,\
.
[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,85,47,9d,ef,52,ba,43,a7,e7,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,45,f0,cc,f9,29,c5,4d,9e,6c,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,45,f0,cc,f9,29,c5,4d,9e,6c,27,\
.
[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:b0,92,5d,7f,74,6f,64,2e,f2,07,94,8b,39,bb,2f,90,78,3b,d3,9a,b3,5d,1c,
d7,63,8c,72,e2,a3,26,59,a8,a9,72,5e,5c,4e,6e,f4,6b,47,95,f8,a3,84,f4,45,d6,\
"??"=hex:c4,eb,46,72,21,b0,9f,a8,fb,ea,d5,9e,97,df,e4,ec
.
[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,7b,fd,ac,4f,c5,c9,f4,5d,c1,a0,60,c9,eb,52,4d,56,24,fb,5a,d1,
17,90,ad,ab,dc,f9,37,74,6f,14,fa,8c,a3,79,44,ab,2c,97,e2,17,7f,81,1f,c8,91,\
"rkeysecu"=hex:4b,4a,a7,ae,b5,00,e9,fc,cc,f3,a7,43,b2,51,a3,50
.
Completion time: 2012-04-22 14:52:06
ComboFix-quarantined-files.txt 2012-04-22 18:51
.
Pre-Run: 365,579,255,808 bytes free
Post-Run: 366,892,163,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
[spybotsd]
timeout.old=30
.
- - End Of File - - 42D9BD6962B227C84464713D20E4B8C1
 
Hi mrclark,


Please go to Virustotal Please submit these files for analysis

copy and paste (or use the choose file button to browse to the files)the following into the choose file box (one at a time if more than one file is listed)

c:\windows\system32\winlogon.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe

click the Scan it button. Wait for the results and post them in your next reply.

If it says the file has all ready been analysed click reanalyse.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
 
hi heres the first one from the list winlogon.exe

SHA256: 24d7e2103df54af70e8a65dced36a4d67e2fa0354a58e1aeda09aa340074c058
SHA1: 640e1a59d0b9688acc52e376a7c441260b1b08c6
MD5: e12a7df6efb606316dbc801c473f1fe7
File size: 532.5 KB ( 545280 bytes )
File name: C:\WINDOWS\system32\winlogon.exe
File type: Win32 EXE
Detection ratio: 9 / 42
Analysis date: 2012-04-23 00:46:27 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120422
AntiVir - 20120422
Antiy-AVL Trojan/Win32.Patched.gen 20120422
Avast - 20120422
AVG - 20120422
BitDefender - 20120423
ByteHero - 20120417
CAT-QuickHeal - 20120420
ClamAV Trojan.Agent-278170 20120422
Commtouch - 20120422
Comodo - 20120422
DrWeb - 20120423
Emsisoft Trojan.Patched!IK 20120423
eSafe - 20120419
eTrust-Vet - 20120421
F-Prot - 20120422
F-Secure - 20120422
Fortinet - 20120422
GData - 20120423
Ikarus Trojan.Patched 20120423
Jiangmin - 20120422
K7AntiVirus - 20120420
Kaspersky - 20120423
McAfee Artemis!E12A7DF6EFB6 20120423
McAfee-GW-Edition Artemis!E12A7DF6EFB6 20120422
Microsoft - 20120422
NOD32 - 20120423
Norman - 20120422
nProtect - 20120422
Panda - 20120422
PCTools - 20120423
Rising Trojan.Win32.Generic.12ADFFB3 20120420
Sophos - 20120422
SUPERAntiSpyware - 20120402
Symantec - 20120423
TheHacker - 20120422
TrendMicro PE_BAMITAL.SME 20120422
TrendMicro-HouseCall PE_BAMITAL.SME 20120423
VBA32 - 20120422
VIPRE - 20120422
ViRobot - 20120422
VirusBuster - 20120422

Comments
Votes
Additional information
No commentsMore comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votesMore votes

An error occurred
ssdeep
6144:ENZlxEdL5RvGlcHF37newMLao6nfnKHOD13XRnCfOVSePfLtisgZYls83Dm:Ddz+lcDKao6nfKHsRqOMgxZgWD
TrID
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)

ExifTool
UninitializedDataSize....: 0
InitializedDataSize......: 57856
ImageVersion.............: 21315.20512
ProductName..............: Microsoft Windows Operating System
FileVersionNumber........: 5.1.2600.5512
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: Windows NT Logon Application
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 5.1.2600.5512 (xpsp.080413-2113)
TimeStamp................: 2008:04:13 14:43:44+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: winlogon
ProductVersion...........: 5.1.2600.5512
SubsystemVersion.........: 4.0
OSVersion................: 5.1
OriginalFilename.........: WINLOGON.EXE
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 461312
FileSubtype..............: 0
ProductVersionNumber.....: 5.1.2600.5512
EntryPoint...............: 0x3e5e1
ObjectFileType...........: Executable application

Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft_ Windows_ Operating System
internal name............: winlogon
copyright................: (c) Microsoft Corporation. All rights reserved.
original name............: WINLOGON.EXE
file version.............: 5.1.2600.5512 (xpsp.080413-2113)
description..............: Windows NT Logon Application

Portable Executable structural information
Compilation timedatestamp.....: 2008-04-13 12:43:44
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0003E5E1

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 461201 461312 6.82 41b65e581e86359983610db8fa403c24
.data 466944 45168 45568 6.25 80d12c8cf6321f352d6fae58fd012c01
.rsrc 516096 36896 37376 3.62 2125d2aebebda4c2fcf377ebf03d5275

PE Imports....................:

NDdeApi.dll
-, -, -, -

AUTHZ.dll
AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle

PROFMAP.dll
InitializeProfileMappingApi, RemapAndMoveUserW

VERSION.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

WINTRUST.dll
CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext

WINSTA.dll
WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon

CRYPT32.dll
CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx

KERNEL32.dll
WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree

msvcrt.dll
wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp

Secur32.dll
LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess

GDI32.dll
RemoveFontResourceW, AddFontResourceW

REGAPI.dll
RegDefaultUserConfigQueryW, RegUserConfigQuery

ntdll.dll
RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject

ADVAPI32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA

RPCRT4.dll
RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate

PSAPI.DLL
EnumProcesses, EnumProcessModules, GetModuleBaseNameW

SETUPAPI.dll
SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW

WS2_32.dll
-, -, getaddrinfo

USER32.dll
SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW

USERENV.dll
-, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW
Symantec Reputation
Suspicious.Insight
F-Secure Deepguard
Suspicious:W32/Malware!Gemini
First seen by VirusTotal
2012-04-21 23:02:00 UTC ( 1 day, 1 hour ago )
Last seen by VirusTotal
2012-04-23 00:46:27 UTC ( 10 minutes ago )
File names (max. 25)
1.C:\WINDOWS\system32\winlogon.exe
2.winlogon.exe
 
then the svchost.exe






SHA256: 698d0d08a9a2b2a817820da920eabdb84c85d18e4d1ca12c2f2f318137ff6c38
SHA1: cd12207c5fdc8aea0fe9273992501e9f94d57955
MD5: e5900f36f2bd2335433334b56eca9fdd
File size: 39.0 KB ( 39936 bytes )
File name: C:\WINDOWS\system32\svchost.exe
File type: Win32 EXE
Detection ratio: 5 / 42
Analysis date: 2012-04-23 01:04:16 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120422
AntiVir TR/Crypt.XPACK.Gen 20120422
Antiy-AVL - 20120422
Avast - 20120423
AVG - 20120422
BitDefender - 20120423
ByteHero - 20120417
CAT-QuickHeal - 20120420
ClamAV - 20120422
Commtouch - 20120422
Comodo - 20120422
DrWeb - 20120423
Emsisoft Trojan.Patched!IK 20120423
eSafe - 20120419
eTrust-Vet - 20120421
F-Prot - 20120422
F-Secure - 20120422
Fortinet - 20120422
GData - 20120423
Ikarus Trojan.Patched 20120423
Jiangmin - 20120422
K7AntiVirus - 20120420
Kaspersky - 20120423
McAfee - 20120423
McAfee-GW-Edition - 20120422
Microsoft - 20120422
NOD32 - 20120423
Norman - 20120422
nProtect - 20120422
Panda - 20120422
PCTools - 20120423
Rising - 20120420
Sophos - 20120422
SUPERAntiSpyware - 20120402
Symantec - 20120423
TheHacker - 20120422
TrendMicro PE_BAMITAL.SME 20120422
TrendMicro-HouseCall PE_BAMITAL.SME 20120423
VBA32 - 20120422
VIPRE - 20120422
ViRobot - 20120422
VirusBuster - 20120422

Comments
Votes
Additional information
No commentsMore comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votesMore votes

An error occurred
ssdeep
768:vNcG6xlCRaJvGOA7SoUWKCPIcv1EcLWiaQm+NFqNeXZUCa16lqsqoBJ:VcG6y+zKSPYAs3Dm+N6eXZe6lWoBJ
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool
UninitializedDataSize....: 0
InitializedDataSize......: 2560
ImageVersion.............: 5.1
ProductName..............: Microsoft Windows Operating System
FileVersionNumber........: 5.1.2600.5512
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: Generic Host Process for Win32 Services
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 5.1.2600.5512 (xpsp.080413-2111)
TimeStamp................: 2008:04:13 14:43:44+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: svchost.exe
ProductVersion...........: 5.1.2600.5512
SubsystemVersion.........: 4.0
OSVersion................: 5.1
OriginalFilename.........: svchost.exe
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 11264
FileSubtype..............: 0
ProductVersionNumber.....: 5.1.2600.5512
EntryPoint...............: 0x2509
ObjectFileType...........: Executable application

Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft_ Windows_ Operating System
internal name............: svchost.exe
copyright................: (c) Microsoft Corporation. All rights reserved.
original name............: svchost.exe
file version.............: 5.1.2600.5512 (xpsp.080413-2111)
description..............: Generic Host Process for Win32 Services

Portable Executable structural information
Compilation timedatestamp.....: 2008-04-13 12:43:44
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00002509

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 11264 11264 6.29 f634bdf114ad9a7ea08d94ae43ccbe3c
.data 16384 25616 26112 7.83 c2d36bf458fb470feadb0a2f4d73fb1b
.rsrc 45056 1032 1536 2.51 0ce411030b6d3ec8e6dd25d861233cc9

PE Imports....................:

ADVAPI32.dll
RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW

ntdll.dll
NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid

KERNEL32.dll
HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook

RPCRT4.dll
RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2012-04-21 22:54:06 UTC ( 1 day, 2 hours ago )
Last seen by VirusTotal
2012-04-23 01:04:16 UTC ( 5 minutes ago )
File names (max. 25)
1.C:\WINDOWS\system32\svchost.exe
2.svchost.exe
 
the the last one explorer.exe


SHA256: 8980a1865acb1dcdc73498674e9cd690a87f43396ef68bd19e481005b1afeaeb
SHA1: fa11ed8508e72405fe37256f09e30f56b003be8d
MD5: 86b13bd2dac4d331b0b6406e632ab086
File size: 1.0 MB ( 1058816 bytes )
File name: C:\WINDOWS\explorer.exe
File type: Win32 EXE
Detection ratio: 5 / 42
Analysis date: 2012-04-23 01:13:23 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120422
AntiVir TR/Crypt.XPACK.Gen 20120422
Antiy-AVL - 20120422
Avast - 20120423
AVG - 20120422
BitDefender - 20120423
ByteHero - 20120417
CAT-QuickHeal - 20120420
ClamAV - 20120422
Commtouch - 20120422
Comodo - 20120422
DrWeb - 20120423
Emsisoft - 20120423
eSafe Win32.TRCrypt.XPACK 20120419
eTrust-Vet - 20120421
F-Prot - 20120422
F-Secure - 20120422
Fortinet - 20120422
GData - 20120423
Ikarus - 20120423
Jiangmin - 20120422
K7AntiVirus - 20120420
Kaspersky - 20120423
McAfee - 20120423
McAfee-GW-Edition - 20120422
Microsoft - 20120422
NOD32 - 20120423
Norman - 20120422
nProtect - 20120422
Panda - 20120422
PCTools - 20120423
Rising Trojan.Win32.Generic.12ADF86E 20120420
Sophos - 20120422
SUPERAntiSpyware - 20120402
Symantec - 20120423
TheHacker - 20120422
TrendMicro PE_BAMITAL.SME 20120422
TrendMicro-HouseCall PE_BAMITAL.SME 20120423
VBA32 - 20120422
VIPRE - 20120422
ViRobot - 20120423
VirusBuster - 20120422

Comments
Votes
Additional information
No commentsMore comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
No votesMore votes

An error occurred
ssdeep
24576:2mftyEwAvN7lrvbkf8w0VnH1/g/J/kD2:2micN7Bbkf8THH2
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool
UninitializedDataSize....: 0
InitializedDataSize......: 752128
ImageVersion.............: 5.1
ProductName..............: Microsoft Windows Operating System
FileVersionNumber........: 6.0.2900.5512
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: Windows Explorer
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 6.00.2900.5512 (xpsp.080413-2105)
TimeStamp................: 2008:04:13 14:43:44+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: explorer
ProductVersion...........: 6.00.2900.5512
SubsystemVersion.........: 4.1
OSVersion................: 5.1
OriginalFilename.........: EXPLORER.EXE
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 282112
FileSubtype..............: 0
ProductVersionNumber.....: 6.0.2900.5512
EntryPoint...............: 0x1a55f
ObjectFileType...........: Executable application

Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft_ Windows_ Operating System
internal name............: explorer
copyright................: (c) Microsoft Corporation. All rights reserved.
original name............: EXPLORER.EXE
file version.............: 6.00.2900.5512 (xpsp.080413-2105)
description..............: Windows Explorer

Portable Executable structural information
Compilation timedatestamp.....: 2008-04-13 12:43:44
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0001A55F

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 281609 282112 6.38 f26eeac76bcf10cad2a0cd98fe3c0cbc
.data 286720 7604 6144 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 294912 754792 755200 6.70 57f6ae51d22a70d52e8a52de88acea30
.reloc 1052672 14156 14336 6.78 8ab3b57351c95c8d78540008b9a707bc

PE Imports....................:

msvcrt.dll
_itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf

SHDOCVW.dll
-, -, -

GDI32.dll
GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode

ADVAPI32.dll
RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW

KERNEL32.dll
GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject

UxTheme.dll
GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

BROWSEUI.dll
-, -, -, -

SHELL32.dll
-, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -

ntdll.dll
RtlNtStatusToDosError, NtQueryInformationProcess

ole32.dll
CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop

SHLWAPI.dll
StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -

USER32.dll
TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW

OLEAUT32.dll
-, -
Symantec Reputation
Suspicious.Insight
F-Secure Deepguard
Suspicious:W32/Malware!Gemini
First seen by VirusTotal
2012-04-12 09:13:50 UTC ( 1 week, 3 days ago )
Last seen by VirusTotal
2012-04-23 01:13:23 UTC ( 3 minutes ago )
File names (max. 25)
1.C:\WINDOWS\explorer.exe
2.explorer.exe
 
Hi mrclark,

Please confirm it is a retail copy of XP. What drive letter does the computer see the CD rom as?

Any of the original symptoms still present.

Let's see if combofix can find us a copy of the files.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
SRPEEK::
c:\windows\system32\winlogon.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post the combofix log.
 
Last edited:
Hi, I am noticing a definete difference the redirect is gone, so were on the right track thats for sure, so thank you very very much.

Heres the log file

ComboFix 12-04-22.01 - Administrator 04/25/2012 18:20:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2347 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:46 . 2012-04-18 22:47 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-04-17 21:54 . 2012-04-17 21:54 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-16 23:26 . 2012-04-16 23:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-16 23:21 . 2012-04-16 23:21 -------- d-----w- c:\program files\HitmanPro
2012-04-16 23:20 . 2012-04-16 23:20 -------- d-----w- c:\program files\New Folder
2012-04-16 01:48 . 2012-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-15 19:19 . 2012-04-15 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-15 19:19 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-04-15 19:19 . 2012-04-15 19:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-04-15 19:17 . 2012-04-15 19:17 325200 ----a-w- c:\program files\spybotsd-2.exe
2012-04-15 00:32 . 2012-04-15 00:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-04-15 00:31 . 2012-04-15 00:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-04-09 01:25 . 2012-04-09 01:25 -------- d-----w- c:\program files\iPod
2012-04-08 02:10 . 2012-04-14 00:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 11:42 . 2010-09-06 04:46 17488 ----a-w- c:\windows\gdrv.sys
2012-04-25 00:13 . 2010-09-06 20:53 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-25 00:11 . 2010-09-06 20:53 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-25 00:11 . 2010-09-06 20:52 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-24 00:46 . 2010-09-06 20:52 234536 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-14 00:56 . 2011-05-14 23:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 21:55 . 2010-11-06 16:50 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2012-03-24 21:54 . 2010-11-06 16:47 34226736 ----a-w- c:\program files\nmsetup.exe
2012-03-01 11:01 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 09:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec
2012-02-25 23:41 . 2010-09-13 16:54 69316464 ----a-w- c:\program files\iTunesSetup.exe
2012-02-15 15:01 . 2010-09-13 16:56 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2010-09-13 16:56 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 02:00 . 2012-01-20 02:00 3147344 ----a-w- c:\program files\iExplorer_Setup.exe
2012-01-08 00:26 . 2011-12-22 22:43 39401336 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-11-01 22:16 . 2011-11-01 22:16 63084671 ----a-w- c:\program files\c4demo.exe
2011-09-28 22:35 . 2011-09-28 22:35 3815360 ----a-w- c:\program files\battlelog-web-plugins-0.80.0-retail-ob.exe
2011-09-21 21:23 . 2011-09-21 21:23 47963312 ----a-w- c:\program files\OriginSetup.exe
2011-06-12 20:48 . 2010-10-08 00:09 589640 ----a-w- c:\program files\GoogleEarthSetup.exe
2011-06-05 00:48 . 2011-06-05 00:48 291539 ----a-w- c:\program files\cputhermometer_setup.exe
2011-03-21 21:57 . 2011-03-21 21:36 38191344 ----a-w- c:\program files\AVSAudioEditor.exe
2011-03-21 21:41 . 2011-03-21 21:36 150895952 ----a-w- c:\program files\AVSVideoEditor.exe
2010-10-16 20:10 . 2010-10-16 20:10 2129648 ----a-w- c:\program files\fraps.exe
2010-10-11 02:55 . 2010-10-11 02:55 874272 ----a-w- c:\program files\JavaSetup6u21.exe
2010-09-06 22:53 . 2010-09-06 22:52 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-06 18:53 . 2010-09-06 18:52 1364522 ----a-w- c:\program files\winrar-x64-393.exe
2010-09-06 07:18 . 2010-09-06 07:18 1588224 ----a-w- c:\program files\SteamInstall.msi
2010-09-06 05:30 . 2010-09-06 05:30 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-06-04 16:27 . 2011-04-23 17:14 44048 ----a-w- c:\program files\EVGAPrecisionWrapper.exe
2008-06-04 16:27 . 2011-04-23 17:14 203792 ----a-w- c:\program files\EVGAPrecision.exe
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . E12A7DF6EFB606316DBC801C473F1FE7 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . E5900F36F2BD2335433334B56ECA9FDD . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 86B13BD2DAC4D331B0B6406E632AB086 . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-22_18.48.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-25 11:42 . 2012-04-25 11:42 16384 c:\windows\Temp\Perflib_Perfdata_d2c.dat
+ 2012-04-25 11:42 . 2012-04-25 11:42 16384 c:\windows\Temp\Perflib_Perfdata_bcc.dat
+ 2012-04-23 00:40 . 2012-04-23 00:45 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F5EDF233-8CDC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 18:57 . 2012-04-22 18:58 86528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F22F6463-8CAC-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-24 19:15 . 2012-04-24 19:15 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E1D8FAA5-8E41-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-24 00:03 . 2012-04-24 00:06 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E060FF46-8DA0-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-24 00:03 . 2012-04-24 00:06 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E060FF45-8DA0-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:40 . 2012-04-23 00:45 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DCB7F485-8CDC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 21:32 . 2012-04-23 21:33 25600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CDA7D74D-8D8B-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 22:02 . 2012-04-22 22:02 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C842D769-8CC6-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 19:23 . 2012-04-22 19:24 22016 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AE8D0C01-8CB0-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 00:38 . 2012-04-23 00:45 31232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9964AD17-8CDC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 21:53 . 2012-04-22 22:00 37888 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{916EA403-8CC5-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 22:05 . 2012-04-23 22:12 67584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E0BEE8B-8D90-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:44 . 2012-04-23 00:45 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7344518D-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 00:43 . 2012-04-23 00:45 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{51BADD8D-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 00:43 . 2012-04-23 00:45 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{51BADD8C-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 21:14 . 2012-04-23 21:20 76800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{50174009-8D89-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 19:35 . 2012-04-22 19:35 29184 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3EF6BB11-8CB2-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 00:05 . 2012-04-24 00:06 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E2C21DA-8DA1-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-24 19:53 . 2012-04-24 19:54 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{385E2D0F-8E47-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-23 00:42 . 2012-04-23 00:45 21504 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3439C3CE-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 21:27 . 2012-04-23 21:27 30208 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27950A39-8D8B-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:42 . 2012-04-23 00:45 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1E37EF11-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 18:58 . 2012-04-22 18:58 37376 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1ACA7133-8CAD-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-23 22:10 . 2012-04-23 22:11 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{136980E3-8D91-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 20:30 . 2012-04-22 20:37 46592 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0C28389B-8CBA-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 00:04 . 2012-04-24 00:06 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07D6CAD6-8DA1-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:41 . 2012-04-23 00:45 27136 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{067D074D-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 10:54 . 2012-04-25 10:54 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{046C1363-8EC5-11E1-91EC-1C6F652BCBB1}.dat
- 2012-04-15 00:59 . 2012-04-18 23:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-15 00:59 . 2012-04-25 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-04-15 00:31 . 2012-04-22 18:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-04-15 00:31 . 2012-04-25 22:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2012-04-15 00:31 . 2012-04-22 18:37 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-15 00:31 . 2012-04-25 22:18 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-22 19:35 . 2012-04-23 22:03 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2012-04-18 22:46 . 2012-04-18 22:46 82740 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\UserCache.bin
+ 2012-04-18 22:46 . 2012-04-24 00:03 82740 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\UserCache.bin
+ 2012-04-24 00:06 . 2012-04-25 22:18 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{5EED504D-8DA1-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-25 22:18 . 2012-04-25 22:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{910D012E-8F24-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-22 18:50 . 2012-04-22 18:50 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FD847280-8CAB-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-24 19:16 . 2012-04-24 19:16 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F4B29230-8E41-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-25 17:12 . 2012-04-25 17:12 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E36D20AE-8EF9-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-25 12:12 . 2012-04-25 12:12 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E355C8D4-8ECF-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-25 10:53 . 2012-04-25 10:53 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E052F8BA-8EC4-11E1-91EC-1C6F652BCBB1}.dat
+ 2012-04-24 19:15 . 2012-04-24 19:15 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DB0C85FC-8E41-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-22 18:49 . 2012-04-22 18:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D4A1DF24-8CAB-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-23 21:32 . 2012-04-23 21:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CDA7D74C-8D8B-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 22:02 . 2012-04-22 22:02 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C842D768-8CC6-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 19:29 . 2012-04-24 19:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C4161E88-8E43-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-22 20:21 . 2012-04-22 20:21 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C0F36BFC-8CB8-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 23:20 . 2012-04-22 23:20 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BC2F45FA-8CD1-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 19:23 . 2012-04-22 19:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AE8D0C00-8CB0-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 22:04 . 2012-04-25 22:04 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9719BA36-8F22-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-22 21:53 . 2012-04-22 21:53 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{916EA402-8CC5-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 18:54 . 2012-04-22 18:58 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8D97CD2C-8CAC-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-23 23:03 . 2012-04-23 23:03 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8A13860E-8D98-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-24 00:00 . 2012-04-24 00:06 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{84E7863C-8DA0-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 22:05 . 2012-04-23 22:12 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7E0BEE8A-8D90-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 21:58 . 2012-04-23 22:05 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7CF2194E-8D8F-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 21:22 . 2012-04-23 21:27 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7B50C162-8D8A-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 19:28 . 2012-04-22 19:35 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{686CA07C-8CB1-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 21:14 . 2012-04-23 21:14 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{50174008-8D89-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-25 12:43 . 2012-04-25 12:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3D28DE4C-8ED4-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-22 19:49 . 2012-04-22 19:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{38FAB286-8CB4-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 19:31 . 2012-04-25 19:31 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{345E07F4-8F0D-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-22 22:19 . 2012-04-22 22:19 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{33E11B36-8CC9-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 16:32 . 2012-04-25 16:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{324C2FEA-8EF4-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-24 19:53 . 2012-04-24 19:53 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{32101508-8E47-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-22 18:51 . 2012-04-22 18:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{20FDCF9A-8CAC-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-22 20:30 . 2012-04-22 20:30 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0C28389A-8CBA-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 20:45 . 2012-04-22 20:45 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{075D5D0C-8CBC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 10:54 . 2012-04-25 10:54 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{046C1362-8EC5-11E1-91EC-1C6F652BCBB1}.dat
+ 2012-04-22 18:50 . 2012-04-22 18:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FD847281-8CAB-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-23 00:41 . 2012-04-23 00:45 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FBE897EE-8CDC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 00:03 . 2012-04-24 00:03 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F506BCAF-8DA0-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-24 19:16 . 2012-04-24 19:16 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F4B29231-8E41-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-25 17:12 . 2012-04-25 17:13 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E36D20AF-8EF9-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-25 12:12 . 2012-04-25 12:12 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E355C8D5-8ECF-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-25 10:53 . 2012-04-25 10:53 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E052F8BB-8EC4-11E1-91EC-1C6F652BCBB1}.dat
+ 2012-04-23 00:40 . 2012-04-23 00:45 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DCB7F486-8CDC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 18:49 . 2012-04-22 18:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D4A1DF25-8CAB-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-24 19:29 . 2012-04-24 19:29 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C4161E89-8E43-11E1-91EB-1C6F652BCBB1}.dat
+ 2012-04-22 23:20 . 2012-04-22 23:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BC2F45FB-8CD1-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 00:01 . 2012-04-24 00:06 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AF8CB607-8DA0-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-25 22:04 . 2012-04-25 22:04 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9719BA37-8F22-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-23 00:45 . 2012-04-23 00:45 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{91167B41-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 23:03 . 2012-04-23 23:03 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90CF4A41-8D98-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:44 . 2012-04-23 00:45 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8B0FE9C5-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 00:44 . 2012-04-23 00:45 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{81C9439C-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 22:12 . 2012-04-23 22:12 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{76886491-8D91-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 22:05 . 2012-04-23 22:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7353BBE2-8D90-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 22:05 . 2012-04-23 22:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7353BBE1-8D90-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:44 . 2012-04-23 00:45 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6D4284C5-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 19:35 . 2012-04-22 19:35 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A2D5254-8CB2-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 00:06 . 2012-04-24 00:06 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5525EB28-8DA1-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-25 12:43 . 2012-04-25 12:43 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3D28DE4D-8ED4-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-22 22:19 . 2012-04-22 22:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3BD2D114-8CC9-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 19:49 . 2012-04-22 19:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{38FAB287-8CB4-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 19:31 . 2012-04-25 19:31 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{345E07F5-8F0D-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-23 00:42 . 2012-04-23 00:45 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3439C3CC-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 16:32 . 2012-04-25 16:32 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{324C2FEB-8EF4-11E1-91ED-1C6F652BCBB1}.dat
+ 2012-04-22 18:51 . 2012-04-22 18:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{20FDCF9B-8CAC-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-23 22:03 . 2012-04-23 22:03 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2039A4E3-8D90-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 00:41 . 2012-04-23 00:45 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1E37EF10-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-23 00:41 . 2012-04-23 00:45 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1E37EF0E-8CDD-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-24 00:04 . 2012-04-24 00:04 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{13B6A116-8DA1-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-24 00:04 . 2012-04-24 00:06 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{13B6A114-8DA1-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 19:33 . 2012-04-22 19:33 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12024413-8CB2-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 20:45 . 2012-04-22 20:45 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{075D5D0D-8CBC-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-25 10:43 . 2012-04-25 22:18 147456 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012042520120426\index.dat
+ 2012-04-24 18:56 . 2012-04-25 01:25 114688 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012042420120425\index.dat
+ 2012-04-23 20:45 . 2012-04-24 01:29 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012042320120424\index.dat
+ 2012-04-23 20:45 . 2012-04-23 20:45 327680 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012041620120423\index.dat
+ 2012-04-22 20:21 . 2012-04-22 20:28 163840 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C0F36BFD-8CB8-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 18:54 . 2012-04-22 18:56 208896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D97CD2D-8CAC-11E1-91E8-1C6F652BCBB1}.dat
+ 2012-04-24 00:00 . 2012-04-24 00:06 303104 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{84E7863D-8DA0-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 21:58 . 2012-04-23 22:05 580096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7CF2194F-8D8F-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-23 21:22 . 2012-04-23 21:29 175616 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B50C163-8D8A-11E1-91EA-1C6F652BCBB1}.dat
+ 2012-04-22 19:29 . 2012-04-22 19:35 143360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{686CA07D-8CB1-11E1-91E9-1C6F652BCBB1}.dat
+ 2012-04-22 18:52 . 2012-04-25 22:18 131072 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-04-15 00:32 . 2012-04-25 22:04 1474560 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2012-04-15 00:31 . 2012-04-25 22:18 1327104 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [BU]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"CPUThermometer"="c:\documents and settings\Administrator\Desktop\CPU Thermometer\CPUThermometer.exe" [2011-01-14 127488]
"dabebdbdaafdct"="c:\documents and settings\All Users\Application Data\dabebdbdaafdct.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-06-04 203792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dabebdbdaafdct"="c:\documents and settings\All Users\Application Data\dabebdbdaafdct.exe" [BU]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-9-6 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\EFLC.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJackLoader.exe"=
"c:\\Program Files\\Steam\\steamapps\\hicks439\\half-life 2 lostcoast\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\forgottenhope2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\LaunchEFLC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medal of honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medal of honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medal of honor\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\battle los angeles\\bin\\BattleLA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hydrophobia\\HydroPC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crysis 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Battlelog Web Plugins\\Sonar\\0.70.0\\SonarHost.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dcs a10c warthog trailer\\smp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\driver san francisco\\Driver.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman2\\RunLauncher.bat"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sniper ghost warrior\\Sniper_x86.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFiles.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\microsoft flight\\Flight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [9/6/2010 12:39 AM 19496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 5:06 PM 223464]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [9/6/2010 3:34 AM 68136]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4/23/2011 1:24 PM 2253120]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/15/2012 3:19 PM 1181104]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [9/6/2010 3:39 AM 30392]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2010 8:09 PM 136176]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [4/16/2012 7:21 PM 105288]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/15/2012 3:19 PM 1185704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 10:10 PM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/6/2010 3:37 AM 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [9/6/2010 1:06 AM 17488]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2010 8:09 PM 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [9/6/2010 12:47 AM 24944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 00:56]
.
2012-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-04-25 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-04-15 21:19]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 00:09]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 00:09]
.
2012-03-09 c:\windows\Tasks\PC Unleashed Defrag.job
- c:\program files\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]
.
2012-04-25 c:\windows\Tasks\PC Unleashed Registration3.job
- c:\program files\Common Files\PC Unleashed Online\UUS3\UUS3.dll [2011-09-06 18:27]
.
2012-03-09 c:\windows\Tasks\PC Unleashed Update Version3.job
- c:\program files\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27]
.
2012-04-04 c:\windows\Tasks\PC Unleashed.job
- c:\program files\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27]
.
2012-04-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-04-15 21:19]
.
2012-04-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-04-15 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,6f,f1,63,32,e5,bc,45,89,bf,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,6f,f1,63,32,e5,bc,45,89,bf,b0,\
.
[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,85,47,9d,ef,52,ba,43,a7,e7,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,45,f0,cc,f9,29,c5,4d,9e,6c,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,45,f0,cc,f9,29,c5,4d,9e,6c,27,\
.
[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:b0,92,5d,7f,74,6f,64,2e,f2,07,94,8b,39,bb,2f,90,78,3b,d3,9a,b3,5d,1c,
d7,63,8c,72,e2,a3,26,59,a8,a9,72,5e,5c,4e,6e,f4,6b,47,95,f8,a3,84,f4,45,d6,\
"??"=hex:c4,eb,46,72,21,b0,9f,a8,fb,ea,d5,9e,97,df,e4,ec
.
[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,7b,fd,ac,4f,c5,c9,f4,5d,c1,a0,60,c9,eb,52,4d,56,24,fb,5a,d1,
17,90,ad,ab,dc,f9,37,74,6f,14,fa,8c,a3,79,44,ab,2c,97,e2,17,7f,81,1f,c8,91,\
"rkeysecu"=hex:4b,4a,a7,ae,b5,00,e9,fc,cc,f3,a7,43,b2,51,a3,50
.
Completion time: 2012-04-25 18:33:47
ComboFix-quarantined-files.txt 2012-04-25 22:33
ComboFix2.txt 2012-04-22 18:52
.
Pre-Run: 366,377,033,728 bytes free
Post-Run: 366,673,752,064 bytes free
.
- - End Of File - - A67EB80948E5CEE5FCF3FB22BCAB1DCA
 
Hi mrclark,

No good copies to be found on the computer. Let's if we can get a good copy from the cd.

Insert your XP cd, make sure it doesn't run, we just want to copy some files.

In the following commands please replace the letter X with the correct drive letter for your CD drive.

Click start > run. In the run box type cmd

Copy and paste the following commands one at a time into the command window and hit enter after each one.

expand x:\i386\explorer.ex_ c:\explorer.exe
expand x:\i386\winlogon.ex_ c:\winlogon.exe
expand x:\i386\svchost.ex_ c:\svchost.exe

You should get a message "1 file expanded" or similar. Let me know how you make out.
 
Hi mrclark,

That worked. Let's see if we can replace them.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
FCopy::
c:\explorer.exe | c:\windows\explorer.exe
c:\winlogon.exe | c:\windows\system32\winlogon.exe
c:\svchost.exe | c:\windows\system32\svchost.exe
c:\explorer.exe | c:\windows\dllcache\explorer.exe
c:\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe
c:\svchost.exe | c:\windows\system32\dllcache\svchost.exe
SkipFix::

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post the combofix log.

How's the computer?
 
Hi, well Houston we have a problem. The pc won't boot up into windows properly anymore. It just keeps cycling before xp starts up. So I set it from the prompt screen to the last known running configuration and it boots up but windows explorer crashes. I am looking at just my desktop image any nothing more.

Any thoughts?
 
Status
Not open for further replies.
Back
Top