Inactive Ping.exe google redirect

[bgrich2003]

I've recently caught a virus that takes up all my computers resources, making it really slow.
I opened up task manager, it seems to be ping.exe thats causing it.
It also creates other viruses that cause google to get redirected every time I search, popups and installs a coupon searcher as well.
I've removed viuses 3 times with malwarebytes and spybot but it does not get to the root of the problem.
I've also disabled Terminal Sever Device Redirector in my device manager which seems to help with my search getting redirected.

Any help would be greatly appreciated.
Thank you,

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[bgrich2003]

Here is my avira scan the Mbam scan came up clean

Avira Free Antivirus
Report file date: Wednesday, November 23, 2011 11:59

Scanning for 3587539 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode
Username : Administrator
Computer name : GX270

Version information:
BUILD.DAT : 12.0.0.861 41826 Bytes 10/19/2011 19:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 10/19/2011 21:56:25
AVSCAN.DLL : 12.1.0.17 54224 Bytes 10/19/2011 21:56:46
LUKE.DLL : 12.1.0.17 68304 Bytes 10/19/2011 21:56:34
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 10/19/2011 21:56:25
AVREG.DLL : 12.1.0.22 226512 Bytes 10/19/2011 21:56:24
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 22:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 17:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 17:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 19:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 14:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 21:56:40
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 21:56:40
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 21:56:40
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 21:56:40
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 21:56:40
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 21:56:40
VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 21:56:40
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 21:56:41
VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 21:56:41
VBASE016.VDF : 7.11.16.1 163328 Bytes 10/14/2011 21:56:41
VBASE017.VDF : 7.11.16.34 187904 Bytes 10/18/2011 21:56:41
VBASE018.VDF : 7.11.16.77 139264 Bytes 10/20/2011 23:56:25
VBASE019.VDF : 7.11.16.112 162816 Bytes 10/24/2011 23:56:25
VBASE020.VDF : 7.11.16.150 167424 Bytes 10/26/2011 23:56:26
VBASE021.VDF : 7.11.16.187 171520 Bytes 10/28/2011 23:56:26
VBASE022.VDF : 7.11.16.209 190976 Bytes 10/31/2011 23:56:27
VBASE023.VDF : 7.11.16.243 158208 Bytes 11/2/2011 23:56:27
VBASE024.VDF : 7.11.17.21 194560 Bytes 11/6/2011 23:56:28
VBASE025.VDF : 7.11.17.101 202752 Bytes 11/9/2011 23:56:28
VBASE026.VDF : 7.11.17.137 214528 Bytes 11/11/2011 23:56:29
VBASE027.VDF : 7.11.17.154 278528 Bytes 11/14/2011 23:56:30
VBASE028.VDF : 7.11.17.197 175616 Bytes 11/16/2011 23:56:30
VBASE029.VDF : 7.11.17.233 281088 Bytes 11/20/2011 23:56:31
VBASE030.VDF : 7.11.18.10 221696 Bytes 11/22/2011 23:56:32
VBASE031.VDF : 7.11.18.11 2048 Bytes 11/22/2011 23:56:32
Engineversion : 8.2.6.116
AEVDF.DLL : 8.1.2.2 106868 Bytes 11/22/2011 23:56:40
AESCRIPT.DLL : 8.1.3.86 471420 Bytes 11/22/2011 23:56:40
AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 04:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 9/2/2011 04:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 04:16:06
AEPACK.DLL : 8.2.13.4 684406 Bytes 11/22/2011 23:56:39
AEOFFICE.DLL : 8.1.2.20 201083 Bytes 11/22/2011 23:56:38
AEHEUR.DLL : 8.1.2.192 3838328 Bytes 11/22/2011 23:56:38
AEHELP.DLL : 8.1.18.0 254327 Bytes 11/22/2011 23:56:34
AEGEN.DLL : 8.1.5.14 405877 Bytes 11/22/2011 23:56:34
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 04:46:01
AECORE.DLL : 8.1.24.0 196983 Bytes 11/22/2011 23:56:33
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 04:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 10/19/2011 21:56:27
AVPREF.DLL : 12.1.0.17 51920 Bytes 10/19/2011 21:56:24
AVREP.DLL : 12.1.0.17 179408 Bytes 10/19/2011 21:56:24
AVARKT.DLL : 12.1.0.17 223184 Bytes 10/19/2011 21:56:22
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 10/19/2011 21:56:23
SQLITE3.DLL : 3.7.0.0 398288 Bytes 10/19/2011 21:56:38
AVSMTP.DLL : 12.1.0.17 62928 Bytes 10/19/2011 21:56:25
NETNT.DLL : 12.1.0.17 17104 Bytes 10/19/2011 21:56:34
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 10/19/2011 21:56:49
RCTEXT.DLL : 12.1.0.16 96208 Bytes 10/19/2011 21:56:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Wednesday, November 23, 2011 11:59

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '63' Module(s) have been scanned
Scan process 'avcenter.exe' - '66' Module(s) have been scanned
Scan process 'mbam.exe' - '49' Module(s) have been scanned
Scan process 'Explorer.EXE' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '59' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1384' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Administrator\My Documents\Downloads\PicMorph.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\setup.exe
[0] Archive type: Inno Setup
--> {tmp}\kls.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.Zugo.274
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\blinded by sun instrumental.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Chris Tomlin - Jesus Messiah .mp3
[DETECTION] Is the TR/Dldr.WMA.Wima.24 Trojan
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\joise blink 182.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\klaxons its not over yet live.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\lost in stereo suave suarez.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\matt kearney closer to love.mp3
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\news boys strong.wma
[DETECTION] Contains recognition pattern of the EXP/MediaPlaye.3186 exploit
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\superheroes alex y fido.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SY2ZULMJ\guestplaym21m[1].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[1].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[2].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\WINDOWS\system32\drivers\serial.sys
[DETECTION] Is the TR/Rootkit.Gen2 Trojan

Beginning disinfection:
C:\WINDOWS\system32\drivers\serial.sys
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d6ffea8.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[2].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '55f5d0f8.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[1].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '07aa8a10.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SY2ZULMJ\guestplaym21m[1].php
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '619dc5d2.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\superheroes alex y fido.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '2416e8ec.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\news boys strong.wma
[DETECTION] Contains recognition pattern of the EXP/MediaPlaye.3186 exploit
[NOTE] The file was moved to the quarantine directory under the name '5b74db7c.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\matt kearney closer to love.mp3
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to the quarantine directory under the name '17c9f732.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\lost in stereo suave suarez.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to the quarantine directory under the name '6bd0b691.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\klaxons its not over yet live.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to the quarantine directory under the name '46e499df.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\joise blink 182.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f94a242.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Chris Tomlin - Jesus Messiah .mp3
[DETECTION] Is the TR/Dldr.WMA.Wima.24 Trojan
[NOTE] The file was moved to the quarantine directory under the name '33c18e76.qua'.
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\blinded by sun instrumental.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to the quarantine directory under the name '4271b7e7.qua'.
C:\Documents and Settings\Administrator\My Documents\Downloads\setup.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Searchbar.a.57
[NOTE] The file was moved to the quarantine directory under the name '4c1c8724.qua'.
C:\Documents and Settings\Administrator\My Documents\Downloads\PicMorph.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.Zugo.372
[NOTE] The file was moved to the quarantine directory under the name '0944fe62.qua'.


End of the scan: Wednesday, November 23, 2011 15:42
Used time: 3:07:04 Hour(s)

The scan has been done completely.

19929 Scanned directories
455742 Files were scanned
15 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
14 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
455727 Files not concerned
2779 Archives were scanned
0 Warnings
14 Notes

 

[bgrich2003]

Gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-26 12:48:36
Windows 5.1.2600 Service Pack 3
Running: lgxncqgy.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdqpod.sys


---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB44295$\1431436788 0 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385 0 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\bckfg.tmp 840 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\keywords 19 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\L 0 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\L\bbipsykz 64512 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U 0 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\80000032.@ 97792 bytes

---- EOF - GMER 1.0.15 ----

 

[bgrich2003]

DDS.txt file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 6:02:59 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.989 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {09e49ab4-9487-4828-b892-1bec9ed1dde6} - No File
BHO: {0ABC4A49-8AFB-41A9-B85A-477F525B4977} - No File
BHO: {0b876028-b388-4f6d-922f-f52faec8535f} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {29828AD7-9913-4025-94D2-FE9F883AAE47} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4A71593D-D384-4B9C-A141-2F52C12861D7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {6a5cbe2b-23fd-4650-ad47-708c8d1eda4f} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {767CE9B1-669B-426A-9A1C-FE828C34C761} - No File
BHO: {8439ECA6-690E-45B2-B631-D4B24508619A} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {989B7EE8-FA34-4C38-A008-838330F58AC3} - No File
BHO: {9B1D52F0-7CC4-4E08-97F4-CC03751A4ED6} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No File
BHO: {A3E9D252-31FF-4600-AA7F-444897C0C576} - No File
BHO: {a4cdae5a-190a-4f2d-9e9b-bf97da5624a5} - No File
BHO: {bf657654-67f9-4679-86d4-a97016e7cfe5} - No File
BHO: {c15e0d32-7cc8-4f7a-8718-0478add571ec} - No File
BHO: {C3F0CFD6-550C-471A-A41D-5FFDC11A05A9} - No File
BHO: {C7DBC153-9C02-435D-A8A8-E5E33C6D5BA0} - No File
BHO: {d2abbf68-bc72-47f0-a814-7ad168636a6d} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {D8BABF28-8B02-4D21-B61B-3174AE4B582C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE329032-20CB-4523-A1CB-884BCD8C4D86} - No File
BHO: {E2A079A6-04CB-4A1C-BFEB-BB2172FC9639} - No File
BHO: {e7017c0f-b48c-42a0-8c5a-cf7fc4de5fe1} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {eaa5d703-c901-4896-8b19-0f30779526e6} - No File
BHO: {ef3b9c0c-cd48-4cc0-aa60-ba8b2681c260} - No File
BHO: {efc75fe9-e202-4f2d-922e-1c65f3ddd4b5} - No File
BHO: {FAC9B062-4ED7-4D96-BDE9-39949204EB20} - No File
BHO: {FBEA68B9-E472-4F00-AF53-A21F29129893} - No File
BHO: {FCE3AF62-FDAA-4270-8D03-D8924DF20F18} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No File
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
EB: {727b755f-9a4c-287b-0dd0-78b52d2b6829} - Search panel
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209161615513
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209161740763
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{465A2A28-8155-40F8-B13E-4D532274EFC7} : DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnnmNEX
LSA: Notification Packages = scecli c:\windows\system32\kozewepu.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\o4qapmf6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-22 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-22 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-22 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-11-22 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-22 74640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-16 22216]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-16 366152]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-11-23 00:13:38 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-11-23 00:01:07 -------- d-----w- c:\documents and settings\administrator\application data\Avira
2011-11-22 23:59:30 -------- d-----w- c:\documents and settings\administrator\application data\AskToolbar
2011-11-22 23:52:20 -------- d-----w- c:\program files\Ask.com
2011-11-22 23:52:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AskToolbar
2011-11-22 23:50:37 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-22 23:50:37 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-22 23:50:35 -------- d-----w- c:\program files\Avira
2011-11-22 23:50:35 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-21 22:26:52 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-21 22:20:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-21 22:20:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-20 19:11:23 -------- d-----w- c:\documents and settings\administrator\application data\yamH6W7fE9TqYIr
2011-11-20 19:11:22 -------- d-----w- c:\documents and settings\administrator\application data\XZ9hTXwUlBz0c
2011-11-20 15:33:38 -------- d-----w- c:\program files\581AA
2011-11-20 15:32:45 -------- d-----w- c:\documents and settings\administrator\application data\18F58
2011-11-20 15:32:44 -------- d-----w- c:\program files\LP
2011-11-20 15:32:39 -------- d-----w- c:\documents and settings\administrator\application data\ptzP0ycS1v3n4m6
2011-11-20 15:32:39 -------- d-----w- c:\documents and settings\administrator\application data\DJ6dEK8fR9YwUeO
2011-11-20 15:32:18 -------- d-----w- c:\documents and settings\administrator\application data\sqhYCwkIVlNx0c2
2011-11-20 15:32:17 -------- d-----w- c:\documents and settings\administrator\application data\EK8gRZqhYw
2011-11-17 03:24:30 -------- d-----w- c:\program files\iPod
2011-11-17 03:24:25 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-17 03:24:24 -------- d-----w- c:\program files\iTunes
2011-11-17 03:16:22 -------- d-----w- c:\program files\Bonjour
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpE0F9A.FOT
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpD2F9A.FOT
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpC5F9A.FOT
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpB7F9A.FOT
.
==================== Find3M ====================
.
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpC47A7.FOT
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpB77A7.FOT
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpAA7A7.FOT
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpA87A7.FOT
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpD9E08.FOT
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpBEE08.FOT
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpB0F08.FOT
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpA2F08.FOT
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 6:12:32.20 ===============

 

[bgrich2003]

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2007 2:35:48 PM
System Uptime: 11/25/2011 3:25:30 PM (39 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N6016
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 302 GiB total, 212.902 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0501\1
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0501\1
Service:
.
==== System Restore Points ===================
.
RP424: 8/29/2011 3:00:17 PM - Software Distribution Service 3.0
RP425: 8/30/2011 3:00:17 PM - Software Distribution Service 3.0
RP426: 8/30/2011 7:52:08 PM - Installed Safari
RP427: 8/30/2011 8:08:08 PM - Removed Safari
RP428: 8/30/2011 8:19:01 PM - Installed Windows Internet Explorer 8.
RP429: 8/30/2011 8:20:14 PM - Software Distribution Service 3.0
RP430: 8/31/2011 7:08:03 AM - Software Distribution Service 3.0
RP431: 9/1/2011 7:13:23 AM - System Checkpoint
RP432: 9/2/2011 11:31:08 AM - System Checkpoint
RP433: 9/3/2011 12:25:39 PM - System Checkpoint
RP434: 9/4/2011 1:29:58 PM - System Checkpoint
RP435: 9/5/2011 1:34:46 PM - System Checkpoint
RP436: 9/6/2011 4:20:19 PM - System Checkpoint
RP437: 9/7/2011 2:59:32 AM - Software Distribution Service 3.0
RP438: 9/8/2011 4:55:33 AM - System Checkpoint
RP439: 9/9/2011 5:20:22 AM - System Checkpoint
RP440: 9/10/2011 10:03:34 AM - System Checkpoint
RP441: 9/11/2011 11:58:46 AM - System Checkpoint
RP442: 9/12/2011 1:04:40 PM - System Checkpoint
RP443: 9/13/2011 5:52:14 PM - System Checkpoint
RP444: 9/14/2011 5:56:57 PM - System Checkpoint
RP445: 9/15/2011 3:00:17 PM - Software Distribution Service 3.0
RP446: 9/16/2011 3:32:57 PM - System Checkpoint
RP447: 9/17/2011 4:56:00 PM - System Checkpoint
RP448: 9/18/2011 11:49:37 PM - System Checkpoint
RP449: 9/20/2011 2:31:07 AM - System Checkpoint
RP450: 9/21/2011 2:57:09 AM - System Checkpoint
RP451: 9/22/2011 3:48:29 AM - System Checkpoint
RP452: 9/23/2011 11:09:12 AM - System Checkpoint
RP453: 9/24/2011 11:35:49 AM - System Checkpoint
RP454: 9/25/2011 2:03:50 PM - System Checkpoint
RP455: 9/26/2011 2:14:15 PM - System Checkpoint
RP456: 9/27/2011 4:36:32 PM - System Checkpoint
RP457: 9/28/2011 8:05:18 PM - System Checkpoint
RP458: 9/28/2011 9:01:11 PM - Software Distribution Service 3.0
RP459: 9/29/2011 9:08:05 PM - System Checkpoint
RP460: 9/30/2011 9:34:27 PM - System Checkpoint
RP461: 10/1/2011 11:47:50 PM - System Checkpoint
RP462: 10/3/2011 12:42:08 AM - System Checkpoint
RP463: 10/4/2011 1:41:23 AM - System Checkpoint
RP464: 10/5/2011 2:25:30 AM - System Checkpoint
RP465: 10/6/2011 3:25:30 AM - System Checkpoint
RP466: 10/7/2011 3:26:35 AM - System Checkpoint
RP467: 10/8/2011 3:28:35 AM - System Checkpoint
RP468: 10/9/2011 4:42:19 AM - System Checkpoint
RP469: 10/10/2011 5:28:35 AM - System Checkpoint
RP470: 10/11/2011 5:56:55 AM - System Checkpoint
RP471: 10/12/2011 3:00:18 PM - Software Distribution Service 3.0
RP472: 10/13/2011 5:32:08 PM - System Checkpoint
RP473: 10/14/2011 6:10:21 PM - System Checkpoint
RP474: 10/15/2011 6:27:33 PM - System Checkpoint
RP475: 10/16/2011 6:51:58 PM - System Checkpoint
RP476: 10/17/2011 9:11:11 PM - System Checkpoint
RP477: 10/18/2011 9:51:58 PM - System Checkpoint
RP478: 10/19/2011 10:18:53 PM - System Checkpoint
RP479: 10/20/2011 11:18:53 PM - System Checkpoint
RP480: 10/21/2011 11:35:15 PM - System Checkpoint
RP481: 10/23/2011 10:41:09 AM - System Checkpoint
RP482: 10/24/2011 4:31:00 PM - System Checkpoint
RP483: 10/25/2011 4:39:14 PM - System Checkpoint
RP484: 10/26/2011 4:58:19 PM - System Checkpoint
RP485: 10/27/2011 5:37:33 PM - System Checkpoint
RP486: 10/28/2011 6:17:02 PM - System Checkpoint
RP487: 10/29/2011 7:33:45 PM - System Checkpoint
RP488: 10/31/2011 12:21:02 AM - System Checkpoint
RP489: 11/1/2011 12:41:21 AM - System Checkpoint
RP490: 11/2/2011 1:41:21 AM - System Checkpoint
RP491: 11/3/2011 10:53:39 AM - System Checkpoint
RP492: 11/4/2011 10:58:43 AM - System Checkpoint
RP493: 11/5/2011 11:21:51 AM - System Checkpoint
RP494: 11/6/2011 12:01:06 PM - System Checkpoint
RP495: 11/7/2011 12:01:44 PM - System Checkpoint
RP496: 11/7/2011 3:00:21 PM - Software Distribution Service 3.0
RP497: 11/8/2011 3:48:07 PM - System Checkpoint
RP498: 11/9/2011 3:00:20 PM - Software Distribution Service 3.0
RP499: 11/10/2011 3:17:43 PM - System Checkpoint
RP500: 11/11/2011 3:00:17 PM - Software Distribution Service 3.0
RP501: 11/12/2011 5:00:00 PM - System Checkpoint
RP502: 11/13/2011 6:48:54 PM - System Checkpoint
RP503: 11/15/2011 12:16:18 AM - System Checkpoint
RP504: 11/16/2011 12:25:30 AM - System Checkpoint
RP505: 11/17/2011 1:18:44 AM - System Checkpoint
RP506: 11/18/2011 3:39:31 AM - System Checkpoint
RP507: 11/19/2011 8:32:48 AM - System Checkpoint
RP508: 11/20/2011 9:05:37 AM - System Checkpoint
RP509: 11/21/2011 12:17:15 PM - System Checkpoint
RP510: 11/21/2011 5:19:59 PM - Restore Operation
RP511: 11/22/2011 4:19:04 PM - Software Distribution Service 3.0
RP512: 11/23/2011 3:48:13 PM - Software Distribution Service 3.0
RP513: 11/24/2011 4:05:38 PM - System Checkpoint
RP514: 11/25/2011 4:06:41 PM - System Checkpoint
RP515: 11/26/2011 4:45:48 PM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ASIO4ALL
Ask Toolbar
Avira Free Antivirus
Bing Bar Platform
BitTorrent
Bonjour
CameraHelperMsi
CCScore
Critical Update for Windows Media Player 11 (KB959772)
DivX Setup
DNA
eMedia Guitar Basics
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
EZface ActiveX 210
Facebook Plug-In
fflink
GIMP 2.6.6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 3840
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 4
Lexmark 5400 Series
Lexmark Toolbar
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
magicJack
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Move Media Player
Mozilla Firefox (3.6.23)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero Suite
netbrdg
NewzToolz v2.0.2
OfotoXMI
OpenOffice.org 2.4
Paint.NET v3.5.8
PartitionMagic
PowerDVD
PowerQuest PartitionMagic 8.0
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Foundry ACID 4.0
Sony USB Driver
SoundMAX
Spybot - Search & Destroy
staticcr
TinyWord 2.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Midisport Uno 1.0.1.0
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VLC media player 0.9.6
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Mobile Device Updater Component
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Service Pack 3
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 9:23:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
11/26/2011 9:23:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
11/26/2011 8:23:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
11/26/2011 8:23:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
11/26/2011 7:23:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
11/26/2011 7:23:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
11/26/2011 3:23:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
11/26/2011 3:23:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
11/26/2011 2:23:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
11/26/2011 2:23:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
11/26/2011 12:23:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
11/26/2011 12:23:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
11/26/2011 11:23:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
11/26/2011 11:23:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
11/26/2011 1:23:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
11/26/2011 1:23:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
11/25/2011 9:23:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
11/25/2011 8:23:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
11/25/2011 8:23:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
11/25/2011 7:23:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
11/25/2011 7:23:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
11/25/2011 6:23:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
11/25/2011 6:23:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
11/25/2011 5:23:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
11/25/2011 4:23:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
11/25/2011 4:23:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
11/25/2011 3:23:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/25/2011 12:55:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv
11/25/2011 10:23:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
11/25/2011 10:23:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
11/24/2011 6:23:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
11/24/2011 6:23:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
11/24/2011 5:23:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
11/24/2011 5:23:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
11/24/2011 4:23:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
11/24/2011 4:23:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
11/24/2011 3:23:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
11/24/2011 3:23:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
11/24/2011 2:23:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
11/24/2011 2:23:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
11/24/2011 12:23:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
11/24/2011 12:23:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
11/24/2011 1:23:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
11/24/2011 1:23:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
11/23/2011 11:23:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
11/23/2011 11:23:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
11/23/2011 10:23:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
11/23/2011 10:23:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
11/22/2011 7:23:02 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error
11/22/2011 7:23:02 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error
11/21/2011 9:23:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
11/21/2011 7:14:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
11/21/2011 6:56:35 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/21/2011 5:47:40 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/21/2011 5:47:32 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 5:23:01 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
11/21/2011 5:22:46 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
11/21/2011 5:22:46 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
11/21/2011 5:22:21 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'serial.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/21/2011 5:20:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel USB3 Device Service service to connect.
11/21/2011 5:20:11 PM, error: Service Control Manager [7000] - The Intel USB3 Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 5:20:00 PM, error: Service Control Manager [7023] - The Intel USB3 Device Service service terminated with the following error: The specified module could not be found.
11/21/2011 5:14:50 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 5:14:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/21/2011 5:14:50 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
11/21/2011 5:12:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/21/2011 4:11:17 PM, error: Dhcp [1002] - The IP address lease 64.121.151.176 for the Network Card with network address 000D56C21679 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
11/21/2011 3:46:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
11/21/2011 3:16:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 3:03:27 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 11:27:39 PM, error: Service Control Manager [7022] - The DNS Client service hung on starting.
11/20/2011 2:27:19 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
11/20/2011 2:13:46 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

 

[bgrich2003]

I posted all the things asked of me

everything is posted. I'm still having a problem with popups that come up on internet explorer and consumes a lot of resources under iexplore.exe under the processes. any help would be greatly appreciated.

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[bgrich2003]

I attempted to do what was asked

I downloaded ansmbr it does not run even on safemode

 

[bgrich2003]

I downloaded combofix as well and it started okay but after a while it just freezes my computer I waited over an hour and a half to see if it would finish but it never did.

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[bgrich2003]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
301 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[bgrich2003]

okay I downloaded tdsskiller but it didn't give me the option to save to desktop. Then I tried opening it and it didn't start.

 

[bgrich2003]

should I try it on safemode?

 

[bgrich2003]

I tried it on safe mode it didn't work. Then I tried it as soon as I started windows and it looked like it was about to go then turned off. I did this a couple of times and it gave me a message that a device had been disabled that I needed to run the program.

 

[bgrich2003]

Okay I updated all my virus, malware, and spyware programs and ran them again.
I ran spybot and immediately after the iexplore.exe popup was eliminated.
Then I was able to run combofix.exe but it did not finish.
So I will do it again and post the results.
As far as my computer status the popups are gone, ping.exe is gone, and the google redirect problem is gone.
Thank you for your help and I will post the combofix results as soon as it is finished.
Just to make sure it's all gone cause I'd hate for it to come back its a real pain.

 

[Broni]

We may be dealing here with the newest TDL rootkit.

Let's see....

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

• Double click on downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log (FRST.txt) on your desktop.
• Please copy and paste it to your reply.

 

[bgrich2003]

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by Administrator at 2011-12-02 01:34:24
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-01 17:32 - 2011-12-01 17:34 - 0000000 ___SD C:\ComboFix
2011-12-01 15:26 - 2011-12-01 15:26 - 0000684 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
2011-12-01 06:21 - 2011-12-01 06:21 - 1566512 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller(2).exe
2011-11-29 16:49 - 2011-11-29 16:49 - 0000000 RASHD C:\cmdcons
2011-11-29 16:49 - 2011-11-20 14:25 - 0000328 ____A C:\Boot.bak
2011-11-29 16:49 - 2004-08-03 23:00 - 0260272 _RASH C:\cmldr
2011-11-29 16:43 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2011-11-29 16:43 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2011-11-29 16:43 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-11-29 16:43 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-11-29 16:43 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-11-29 16:43 - 2000-08-30 19:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2011-11-29 16:43 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2011-11-29 16:43 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2011-11-29 16:43 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2011-11-29 16:41 - 2011-11-29 16:41 - 0000000 ____D C:\Windows\ERDNT
2011-11-29 16:34 - 2011-11-29 16:41 - 0000000 ____D C:\Qoobox
2011-11-28 06:32 - 2011-11-28 06:32 - 0000759 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to avira_free_antivirus_en.exe.lnk
2011-11-22 19:50 - 2011-11-22 19:50 - 0000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-22 19:13 - 2008-04-13 14:15 - 0064512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\serial.sys
2011-11-22 19:01 - 2011-11-22 19:01 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Avira
2011-11-22 18:59 - 2011-11-22 18:59 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\AskToolbar
2011-11-22 18:53 - 2011-12-02 00:53 - 0000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2011-11-22 18:52 - 2011-12-01 06:26 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
2011-11-22 18:52 - 2011-11-22 18:53 - 0000000 ____D C:\Program Files\Ask.com
2011-11-22 18:50 - 2011-11-22 18:54 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2011-11-22 18:50 - 2011-11-22 18:50 - 0000000 ____D C:\Program Files\Avira
2011-11-22 18:50 - 2011-10-19 16:56 - 0134344 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2011-11-22 18:50 - 2011-10-19 16:56 - 0074640 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2011-11-22 18:50 - 2011-10-19 16:56 - 0036000 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2011-11-22 18:50 - 2010-06-17 15:14 - 0028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2011-11-21 17:54 - 2011-11-21 17:54 - 0001542 ____A C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
2011-11-21 17:54 - 2011-11-21 17:54 - 0000784 ____A C:\Documents and Settings\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-21 17:45 - 2011-11-21 17:45 - 0000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
2011-11-21 17:42 - 2011-11-21 17:42 - 0001620 ____A C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
2011-11-21 17:26 - 2011-11-21 17:26 - 0004752 ____A C:\Windows\System32\PerfStringBackup.TMP
2011-11-21 15:08 - 2011-11-21 15:08 - 0000000 ____A C:\Windows\System32\cbvyp607.com.b
2011-11-21 15:06 - 2011-12-02 01:23 - 0000352 ____A C:\Windows\Tasks\At4.job
2011-11-21 15:06 - 2011-12-02 01:23 - 0000350 ____A C:\Windows\Tasks\At3.job
2011-11-21 15:06 - 2011-12-02 00:23 - 0000352 ____A C:\Windows\Tasks\At2.job
2011-11-21 15:06 - 2011-12-02 00:23 - 0000350 ____A C:\Windows\Tasks\At1.job
2011-11-21 15:06 - 2011-12-01 23:23 - 0000352 ____A C:\Windows\Tasks\At48.job
2011-11-21 15:06 - 2011-12-01 23:23 - 0000350 ____A C:\Windows\Tasks\At47.job
2011-11-21 15:06 - 2011-12-01 22:23 - 0000352 ____A C:\Windows\Tasks\At46.job
2011-11-21 15:06 - 2011-12-01 22:23 - 0000350 ____A C:\Windows\Tasks\At45.job
2011-11-21 15:06 - 2011-12-01 21:23 - 0000352 ____A C:\Windows\Tasks\At44.job
2011-11-21 15:06 - 2011-12-01 21:23 - 0000350 ____A C:\Windows\Tasks\At43.job
2011-11-21 15:06 - 2011-12-01 20:23 - 0000352 ____A C:\Windows\Tasks\At42.job
2011-11-21 15:06 - 2011-12-01 20:23 - 0000350 ____A C:\Windows\Tasks\At41.job
2011-11-21 15:06 - 2011-12-01 19:23 - 0000352 ____A C:\Windows\Tasks\At40.job
2011-11-21 15:06 - 2011-12-01 19:23 - 0000350 ____A C:\Windows\Tasks\At39.job
2011-11-21 15:06 - 2011-12-01 18:23 - 0000352 ____A C:\Windows\Tasks\At38.job
2011-11-21 15:06 - 2011-12-01 18:23 - 0000350 ____A C:\Windows\Tasks\At37.job
2011-11-21 15:06 - 2011-12-01 17:23 - 0000352 ____A C:\Windows\Tasks\At36.job
2011-11-21 15:06 - 2011-12-01 17:23 - 0000350 ____A C:\Windows\Tasks\At35.job
2011-11-21 15:06 - 2011-12-01 15:23 - 0000352 ____A C:\Windows\Tasks\At32.job
2011-11-21 15:06 - 2011-12-01 15:23 - 0000350 ____A C:\Windows\Tasks\At31.job
2011-11-21 15:06 - 2011-12-01 14:23 - 0000352 ____A C:\Windows\Tasks\At30.job
2011-11-21 15:06 - 2011-12-01 14:23 - 0000350 ____A C:\Windows\Tasks\At29.job
2011-11-21 15:06 - 2011-12-01 13:23 - 0000352 ____A C:\Windows\Tasks\At28.job
2011-11-21 15:06 - 2011-12-01 13:23 - 0000350 ____A C:\Windows\Tasks\At27.job
2011-11-21 15:06 - 2011-12-01 12:23 - 0000352 ____A C:\Windows\Tasks\At26.job
2011-11-21 15:06 - 2011-12-01 12:23 - 0000350 ____A C:\Windows\Tasks\At25.job
2011-11-21 15:06 - 2011-12-01 11:23 - 0000352 ____A C:\Windows\Tasks\At24.job
2011-11-21 15:06 - 2011-12-01 11:23 - 0000350 ____A C:\Windows\Tasks\At23.job
2011-11-21 15:06 - 2011-12-01 10:23 - 0000352 ____A C:\Windows\Tasks\At22.job
2011-11-21 15:06 - 2011-12-01 10:23 - 0000350 ____A C:\Windows\Tasks\At21.job
2011-11-21 15:06 - 2011-12-01 09:23 - 0000352 ____A C:\Windows\Tasks\At20.job
2011-11-21 15:06 - 2011-12-01 09:23 - 0000350 ____A C:\Windows\Tasks\At19.job
2011-11-21 15:06 - 2011-12-01 08:23 - 0000352 ____A C:\Windows\Tasks\At18.job
2011-11-21 15:06 - 2011-12-01 08:23 - 0000350 ____A C:\Windows\Tasks\At17.job
2011-11-21 15:06 - 2011-12-01 07:23 - 0000352 ____A C:\Windows\Tasks\At16.job
2011-11-21 15:06 - 2011-12-01 07:23 - 0000350 ____A C:\Windows\Tasks\At15.job
2011-11-21 15:06 - 2011-12-01 06:23 - 0000352 ____A C:\Windows\Tasks\At14.job
2011-11-21 15:06 - 2011-12-01 06:23 - 0000350 ____A C:\Windows\Tasks\At13.job
2011-11-21 15:06 - 2011-12-01 05:23 - 0000352 ____A C:\Windows\Tasks\At12.job
2011-11-21 15:06 - 2011-12-01 05:23 - 0000350 ____A C:\Windows\Tasks\At11.job
2011-11-21 15:06 - 2011-12-01 04:23 - 0000352 ____A C:\Windows\Tasks\At10.job
2011-11-21 15:06 - 2011-12-01 04:23 - 0000350 ____A C:\Windows\Tasks\At9.job
2011-11-21 15:06 - 2011-12-01 03:23 - 0000352 ____A C:\Windows\Tasks\At8.job
2011-11-21 15:06 - 2011-12-01 03:23 - 0000350 ____A C:\Windows\Tasks\At7.job
2011-11-21 15:06 - 2011-12-01 02:23 - 0000352 ____A C:\Windows\Tasks\At6.job
2011-11-21 15:06 - 2011-12-01 02:23 - 0000350 ____A C:\Windows\Tasks\At5.job
2011-11-21 15:06 - 2011-11-30 16:23 - 0000352 ____A C:\Windows\Tasks\At34.job
2011-11-21 15:06 - 2011-11-30 16:23 - 0000350 ____A C:\Windows\Tasks\At33.job
2011-11-21 15:06 - 2011-11-21 15:08 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\rmQCmGT.dat
2011-11-21 11:10 - 2011-11-21 11:10 - 0100702 ____A C:\Windows\System32\itusbcore.dat
2011-11-21 11:10 - 2011-11-21 11:10 - 0000196 ____A C:\Windows\System32\itlsvc.dat
2011-11-21 11:10 - 2011-11-21 11:10 - 0000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2011-11-20 16:52 - 2011-11-20 16:55 - 0047592 ____A C:\TDSSKiller.2.6.19.0_20.11.2011_16.52.11_log.txt
2011-11-20 16:05 - 2011-11-20 16:05 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\yamH6W7fE9TqYIr
2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\XZ9hTXwUlBz0c
2011-11-20 10:33 - 2011-11-20 14:09 - 0000000 ____D C:\Program Files\581AA
2011-11-20 10:32 - 2011-11-20 14:09 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\18F58
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\sqhYCwkIVlNx0c2
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\ptzP0ycS1v3n4m6
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\EK8gRZqhYw
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\DJ6dEK8fR9YwUeO
2011-11-17 20:04 - 2011-11-17 20:09 - 0068824 ____A C:\Documents and Settings\Administrator\My Documents\mellow.mp3.sfk
2011-11-17 20:02 - 2011-11-17 20:02 - 0423488 ____A C:\Documents and Settings\Administrator\My Documents\clap track.wav
2011-11-16 22:24 - 2011-11-16 22:26 - 0000000 ____D C:\Program Files\iTunes
2011-11-16 22:24 - 2011-11-16 22:26 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-16 22:24 - 2011-11-16 22:24 - 0000000 ____D C:\Program Files\iPod
2011-11-16 22:17 - 2011-11-16 22:17 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2011-11-16 22:16 - 2011-11-16 22:16 - 0000000 ____D C:\Program Files\Bonjour
2011-11-15 14:26 - 2011-11-16 13:53 - 0012272 ____A C:\Documents and Settings\Administrator\My Documents\artemis.odt
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpE0F9A.FOT
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpD2F9A.FOT
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpC5F9A.FOT
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpB7F9A.FOT
2011-11-11 15:01 - 2011-11-11 15:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
2011-11-11 01:43 - 2011-11-11 15:01 - 0013209 ____A C:\Windows\KB2641690.log
2011-11-09 15:04 - 2011-11-09 15:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2011-11-08 20:28 - 2011-11-08 20:28 - 1411328 ____A C:\Documents and Settings\Administrator\My Documents\120 funky beat japo.wav
2011-11-08 18:40 - 2011-11-09 15:04 - 0012342 ____A C:\Windows\KB2544893-v2.log

 

[bgrich2003]

============ 3 Months Modified Files and Folders ===============

2011-12-02 01:35 - 2011-12-02 01:34 - 0000000 ____D C:\FRST
2011-12-02 01:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At4.job
2011-12-02 01:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At3.job
2011-12-02 00:53 - 2011-11-22 18:53 - 0000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2011-12-02 00:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At2.job
2011-12-02 00:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At1.job
2011-12-01 23:53 - 2007-11-20 14:37 - 0032618 ____A C:\Windows\SchedLgU.Txt
2011-12-01 23:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At48.job
2011-12-01 23:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At47.job
2011-12-01 22:57 - 2008-05-15 16:22 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-12-01 22:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At46.job
2011-12-01 22:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At45.job
2011-12-01 21:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At44.job
2011-12-01 21:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At43.job
2011-12-01 20:44 - 2007-11-20 14:31 - 1104746 ____A C:\Windows\WindowsUpdate.log
2011-12-01 20:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At42.job
2011-12-01 20:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At41.job
2011-12-01 19:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At40.job
2011-12-01 19:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At39.job
2011-12-01 18:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At38.job
2011-12-01 18:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At37.job
2011-12-01 17:34 - 2011-12-01 17:32 - 0000000 ___SD C:\ComboFix
2011-12-01 17:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At36.job
2011-12-01 17:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At35.job
2011-12-01 16:45 - 2004-08-04 05:00 - 0002206 ____A C:\Windows\System32\wpa.dbl
2011-12-01 16:44 - 2010-11-24 09:41 - 0000000 ____D C:\Windows\System32\logishrd
2011-12-01 16:44 - 2007-11-20 14:37 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2011-12-01 16:44 - 2007-11-20 14:37 - 0000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2011-12-01 16:44 - 2007-11-20 14:37 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-01 16:44 - 2007-11-20 14:36 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2011-12-01 16:44 - 2007-11-20 06:27 - 0000159 ____A C:\Windows\wiadebug.log
2011-12-01 16:44 - 2007-11-20 06:27 - 0000049 ____A C:\Windows\wiaservc.log
2011-12-01 16:42 - 2007-11-20 14:37 - 0000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2011-12-01 16:22 - 2010-07-09 11:32 - 0000000 __SHD C:\Windows\CSC
2011-12-01 16:22 - 2007-11-20 06:17 - 0000000 ____D C:\Windows\System32\usmt
2011-12-01 15:26 - 2011-12-01 15:26 - 0000684 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
2011-12-01 15:24 - 2008-05-21 12:22 - 0000202 ____A C:\Windows\NeroDigital.ini
2011-12-01 15:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At32.job
2011-12-01 15:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At31.job
2011-12-01 14:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At30.job
2011-12-01 14:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At29.job
2011-12-01 13:41 - 2009-09-30 10:17 - 0000000 ____D C:\Windows\System32\NtmsData
2011-12-01 13:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At28.job
2011-12-01 13:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At27.job
2011-12-01 12:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At26.job
2011-12-01 12:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At25.job
2011-12-01 11:42 - 2007-11-20 14:29 - 0000000 ____D C:\Windows\Registration
2011-12-01 11:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At24.job
2011-12-01 11:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At23.job
2011-12-01 10:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At22.job
2011-12-01 10:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At21.job
2011-12-01 09:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At20.job
2011-12-01 09:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At19.job
2011-12-01 08:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At18.job
2011-12-01 08:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At17.job
2011-12-01 07:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At16.job
2011-12-01 07:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At15.job
2011-12-01 06:54 - 2007-11-20 06:22 - 0000445 _RASH C:\boot.ini
2011-12-01 06:54 - 2004-08-04 05:00 - 0000535 ____A C:\Windows\win.ini
2011-12-01 06:54 - 2004-08-04 05:00 - 0000227 ____A C:\Windows\system.ini
2011-12-01 06:39 - 2008-11-20 12:27 - 3155712 ____A C:\Windows\ntbtlog.txt
2011-12-01 06:26 - 2011-11-22 18:52 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
2011-12-01 06:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At14.job
2011-12-01 06:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At13.job
2011-12-01 06:21 - 2011-12-01 06:21 - 1566512 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller(2).exe
2011-12-01 05:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At12.job
2011-12-01 05:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At11.job
2011-12-01 04:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At10.job
2011-12-01 04:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At9.job
2011-12-01 03:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At8.job
2011-12-01 03:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At7.job
2011-12-01 02:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At6.job
2011-12-01 02:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At5.job
2011-11-30 16:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At34.job
2011-11-30 16:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At33.job
2011-11-30 13:14 - 2008-05-20 09:41 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2011-11-29 19:50 - 2007-11-20 14:37 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents
2011-11-29 16:49 - 2011-11-29 16:49 - 0000000 RASHD C:\cmdcons
2011-11-29 16:41 - 2011-11-29 16:41 - 0000000 ____D C:\Windows\ERDNT
2011-11-29 16:41 - 2011-11-29 16:34 - 0000000 ____D C:\Qoobox
2011-11-29 15:13 - 2009-12-31 12:04 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2011-11-29 08:21 - 2008-05-20 11:44 - 0000000 ____D C:\Program Files\Lx_cats
2011-11-28 15:28 - 2008-05-16 13:23 - 0000000 ____D C:\Program Files\eMedia Guitar Basics
2011-11-28 06:32 - 2011-11-28 06:32 - 0000759 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to avira_free_antivirus_en.exe.lnk
2011-11-27 19:05 - 2010-08-10 09:01 - 0001324 ____A C:\Windows\System32\d3d9caps.dat
2011-11-27 17:01 - 2010-11-25 12:02 - 0374273 ____A C:\Windows\setupapi.log
2011-11-27 17:00 - 2009-01-10 01:40 - 0009719 ____A C:\Windows\setupact.log
2011-11-26 15:26 - 2006-06-25 23:45 - 0108703 ____A C:\hpfr3840.log
2011-11-23 16:03 - 2008-06-15 15:56 - 0000000 ____D C:\Config.Msi
2011-11-22 21:01 - 2007-11-20 06:17 - 0000000 ____D C:\Windows\repair
2011-11-22 19:50 - 2011-11-22 19:50 - 0000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-22 19:01 - 2011-11-22 19:01 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Avira
2011-11-22 18:59 - 2011-11-22 18:59 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\AskToolbar
2011-11-22 18:54 - 2011-11-22 18:50 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2011-11-22 18:53 - 2011-11-22 18:52 - 0000000 ____D C:\Program Files\Ask.com
2011-11-22 18:50 - 2011-11-22 18:50 - 0000000 ____D C:\Program Files\Avira
2011-11-22 12:37 - 2007-11-20 14:30 - 0000000 ____D C:\Windows\srchasst
2011-11-21 17:54 - 2011-11-21 17:54 - 0001542 ____A C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
2011-11-21 17:54 - 2011-11-21 17:54 - 0000784 ____A C:\Documents and Settings\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-21 17:45 - 2011-11-21 17:45 - 0000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
2011-11-21 17:42 - 2011-11-21 17:42 - 0001620 ____A C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
2011-11-21 17:26 - 2011-11-21 17:26 - 0004752 ____A C:\Windows\System32\PerfStringBackup.TMP
2011-11-21 17:12 - 2008-12-26 05:34 - 0000000 __HDC C:\Windows\$NtUninstallKB957097_0$
2011-11-21 16:15 - 2007-11-20 14:37 - 0000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2011-11-21 16:14 - 2007-11-20 14:37 - 0000000 __SHD C:\Documents and Settings\Administrator\Local Settings\History
2011-11-21 15:09 - 2007-11-20 06:24 - 0000000 ___RD C:\Documents and Settings\All Users\Start Menu
2011-11-21 15:08 - 2011-11-21 15:08 - 0000000 ____A C:\Windows\System32\cbvyp607.com.b
2011-11-21 15:08 - 2011-11-21 15:06 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\rmQCmGT.dat
2011-11-21 11:10 - 2011-11-21 11:10 - 0100702 ____A C:\Windows\System32\itusbcore.dat
2011-11-21 11:10 - 2011-11-21 11:10 - 0000196 ____A C:\Windows\System32\itlsvc.dat
2011-11-21 11:10 - 2011-11-21 11:10 - 0000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2011-11-20 18:45 - 2010-04-13 14:01 - 0000000 __HDC C:\Windows\$NtUninstallKB978601$
2011-11-20 16:55 - 2011-11-20 16:52 - 0047592 ____A C:\TDSSKiller.2.6.19.0_20.11.2011_16.52.11_log.txt
2011-11-20 16:05 - 2011-11-20 16:05 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2011-11-20 14:25 - 2011-11-29 16:49 - 0000328 ____A C:\Boot.bak
2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\yamH6W7fE9TqYIr
2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\XZ9hTXwUlBz0c
2011-11-20 14:09 - 2011-11-20 10:33 - 0000000 ____D C:\Program Files\581AA
2011-11-20 14:09 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\18F58
2011-11-20 14:09 - 2011-04-14 15:36 - 0000000 __HDC C:\Windows\$NtUninstallKB2412687$
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\sqhYCwkIVlNx0c2
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\ptzP0ycS1v3n4m6
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\EK8gRZqhYw
2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\DJ6dEK8fR9YwUeO
2011-11-17 20:09 - 2011-11-17 20:04 - 0068824 ____A C:\Documents and Settings\Administrator\My Documents\mellow.mp3.sfk
2011-11-17 20:02 - 2011-11-17 20:02 - 0423488 ____A C:\Documents and Settings\Administrator\My Documents\clap track.wav
2011-11-17 13:57 - 2007-11-20 14:37 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2011-11-16 22:26 - 2011-11-16 22:24 - 0000000 ____D C:\Program Files\iTunes
2011-11-16 22:26 - 2011-11-16 22:24 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-16 22:24 - 2011-11-16 22:24 - 0000000 ____D C:\Program Files\iPod
2011-11-16 22:24 - 2008-05-15 17:00 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-11-16 22:17 - 2011-11-16 22:17 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2011-11-16 22:17 - 2007-11-20 14:40 - 0000000 ____D C:\Windows\System32\ReinstallBackups
2011-11-16 22:16 - 2011-11-16 22:16 - 0000000 ____D C:\Program Files\Bonjour
2011-11-16 13:53 - 2011-11-15 14:26 - 0012272 ____A C:\Documents and Settings\Administrator\My Documents\artemis.odt
2011-11-14 20:40 - 2011-04-18 15:05 - 0117540 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 351.sfk
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpE0F9A.FOT
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpD2F9A.FOT
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpC5F9A.FOT
2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpB7F9A.FOT
2011-11-11 15:01 - 2011-11-11 15:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
2011-11-11 15:01 - 2011-11-11 01:43 - 0013209 ____A C:\Windows\KB2641690.log
2011-11-11 15:01 - 2007-11-20 14:57 - 0304055 ____A C:\Windows\updspapi.log
2011-11-11 15:01 - 2007-11-20 06:24 - 2286254 ____A C:\Windows\FaxSetup.log
2011-11-11 15:01 - 2007-11-20 06:24 - 1149713 ____A C:\Windows\ocgen.log
2011-11-11 15:01 - 2007-11-20 06:24 - 1071526 ____A C:\Windows\tsoc.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0734684 ____A C:\Windows\comsetup.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0725444 ____A C:\Windows\msmqinst.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0591425 ____A C:\Windows\iis6.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0450600 ____A C:\Windows\ntdtcsetup.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0405060 ____A C:\Windows\netfxocm.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0161624 ____A C:\Windows\MedCtrOC.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0122516 ____A C:\Windows\ocmsn.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0116823 ____A C:\Windows\msgsocm.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0114654 ____A C:\Windows\tabletoc.log
2011-11-11 15:01 - 2007-11-20 06:24 - 0001393 ____A C:\Windows\imsins.log
2011-11-11 13:07 - 2010-01-02 11:07 - 0032020 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 177.sfk
2011-11-11 13:07 - 2008-05-31 15:36 - 0066212 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 8.sfk
2011-11-11 01:43 - 2007-11-20 14:33 - 0000000 ___HD C:\Windows\$hf_mig$
2011-11-10 10:52 - 2007-11-20 14:29 - 0137121 ____A C:\Windows\wmsetup.log
2011-11-09 15:04 - 2011-11-09 15:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2011-11-09 15:04 - 2011-11-08 18:40 - 0012342 ____A C:\Windows\KB2544893-v2.log
2011-11-09 15:04 - 2007-11-20 06:24 - 0001374 ____A C:\Windows\imsins.BAK
2011-11-09 15:00 - 2009-01-10 01:40 - 50295240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-11-09 14:34 - 2008-05-15 16:59 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
2011-11-08 20:28 - 2011-11-08 20:28 - 1411328 ____A C:\Documents and Settings\Administrator\My Documents\120 funky beat japo.wav
2011-11-07 09:34 - 2007-11-20 06:24 - 0535540 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-31 10:36 - 2008-04-25 17:50 - 0000000 __HDC C:\Windows\$NtUninstallKB924667$
2011-10-30 09:02 - 2010-03-19 21:24 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2011-10-30 09:02 - 2010-03-19 21:23 - 0000000 ____A C:\Windows\System32\Drivers\logiflt.iad
2011-10-21 19:45 - 2009-11-30 01:38 - 0001028 ____A C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2011-10-21 19:45 - 2009-11-30 01:23 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\mjusbsp
2011-10-21 11:02 - 2011-10-21 10:55 - 0056132 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 474.sfk
2011-10-21 10:55 - 2011-10-21 10:53 - 14358336 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 474.wav
2011-10-19 16:56 - 2011-11-22 18:50 - 0134344 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2011-10-19 16:56 - 2011-11-22 18:50 - 0074640 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2011-10-19 16:56 - 2011-11-22 18:50 - 0036000 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2011-10-19 16:26 - 2011-10-19 16:21 - 0027700 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 468.sfk
2011-10-19 16:23 - 2011-10-19 16:23 - 0031580 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 470.sfk
2011-10-19 16:23 - 2011-10-19 16:22 - 8068470 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 470.wav
2011-10-19 16:21 - 2011-10-19 16:21 - 7076526 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 468.wav
2011-10-19 16:21 - 2011-10-19 16:16 - 0040536 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 467.sfk
2011-10-19 16:16 - 2011-10-19 16:15 - 10361628 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 467.wav
2011-10-19 16:15 - 2011-10-19 16:14 - 2379690 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 464.wav
2011-10-19 14:16 - 2011-10-19 14:16 - 3462978 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 463.wav
2011-10-19 14:16 - 2011-10-19 14:16 - 0044420 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 462.sfk
2011-10-19 14:16 - 2011-10-19 14:16 - 0013588 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 463.sfk
2011-10-19 14:16 - 2011-10-19 14:14 - 11355520 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 462.wav
2011-10-19 14:16 - 2011-10-19 14:07 - 0036152 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 461.sfk
2011-10-19 14:16 - 2011-10-19 13:42 - 0031152 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 457.sfk
2011-10-19 14:07 - 2011-10-19 14:06 - 9238990 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 461.wav
2011-10-19 14:07 - 2011-10-19 14:06 - 0028744 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 460.sfk
2011-10-19 14:06 - 2011-10-19 14:05 - 7342804 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 460.wav
2011-10-19 14:06 - 2011-10-19 13:47 - 0021080 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 459.sfk
2011-10-19 13:47 - 2011-10-19 13:47 - 5380676 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 459.wav
2011-10-19 13:42 - 2011-10-19 13:41 - 7959926 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 457.wav
2011-10-19 13:40 - 2011-10-19 13:39 - 2203672 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 454.wav
2011-10-19 12:58 - 2008-05-16 13:20 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Sonic Foundry
2011-10-18 14:51 - 2011-10-18 14:51 - 0010079 ____A C:\Documents and Settings\Administrator\My Documents\bibliography shopping.odt
2011-10-16 21:14 - 2008-12-19 00:35 - 0118128 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 55.sfk
2011-10-16 21:14 - 2008-12-19 00:27 - 0130272 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 53.sfk
2011-10-16 21:14 - 2008-12-19 00:18 - 0118900 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 52.sfk
2011-10-16 20:12 - 2008-05-31 18:45 - 0012900 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 15.sfk
2011-10-16 19:18 - 2011-10-16 19:15 - 0030384 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 456.sfk
2011-10-16 19:18 - 2011-10-16 19:13 - 0016256 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 455.sfk
2011-10-16 19:15 - 2011-10-16 19:15 - 7762258 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 456.wav
2011-10-16 19:13 - 2011-10-16 19:13 - 4146082 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 455.wav
2011-10-16 19:10 - 2011-10-16 19:09 - 0948880 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 452.wav
2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpC47A7.FOT
2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpB77A7.FOT
2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpAA7A7.FOT
2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpA87A7.FOT
2011-10-15 09:40 - 2009-01-16 20:20 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-10-13 14:21 - 2011-10-13 14:21 - 0015488 ____A C:\Documents and Settings\Administrator\My Documents\econhw6.odt
2011-10-12 15:49 - 2008-04-25 17:59 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-10-12 15:49 - 2007-11-20 06:23 - 0123728 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-12 15:30 - 2008-04-25 17:41 - 0000000 ____D C:\Windows\Microsoft.NET
2011-10-12 14:16 - 2011-10-12 14:16 - 0011128 ____A C:\Windows\KB2564958.log
2011-10-12 14:16 - 2011-10-12 14:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2564958$
2011-10-12 14:05 - 2011-10-12 11:35 - 0017627 ____A C:\Windows\KB2567053.log
2011-10-12 14:04 - 2011-10-12 14:04 - 0011676 ____A C:\Windows\KB2592799.log
2011-10-12 14:04 - 2011-10-12 14:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2592799$
2011-10-12 14:04 - 2011-10-12 14:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2567053$
2011-10-12 14:04 - 2011-10-12 14:01 - 0016095 ____A C:\Windows\KB2586448-IE8.log
2011-10-12 14:03 - 2011-08-30 19:21 - 0000000 ____D C:\Windows\ie8updates
2011-10-11 14:30 - 2011-10-11 13:26 - 0017511 ____A C:\Documents and Settings\Administrator\My Documents\adela.odt
2011-10-10 09:22 - 2008-12-26 04:35 - 0692736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcomm.dll
2011-10-10 09:22 - 2007-11-20 14:30 - 0692736 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-10-04 17:20 - 2011-10-04 17:20 - 0015320 ____A C:\Documents and Settings\Administrator\My Documents\econhwelas.odt
2011-10-03 03:35 - 2006-03-23 12:32 - 5971456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2011-10-03 03:35 - 2006-03-23 12:32 - 5971456 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-01 22:56 - 2008-05-21 11:21 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent
2011-10-01 16:02 - 2011-10-01 16:02 - 0020862 ____A C:\Documents and Settings\Administrator\My Documents\econhwsect4&5.odt
2011-10-01 14:57 - 2010-12-12 20:15 - 0016384 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-01 11:10 - 2011-10-01 11:07 - 0116764 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 450.sfk
2011-10-01 11:07 - 2011-10-01 11:04 - 29876562 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 450.wav
2011-09-30 14:02 - 2011-09-30 14:02 - 0016448 ____A C:\Documents and Settings\Administrator\My Documents\econhw4&5.odt
2011-09-28 18:46 - 2011-09-28 18:40 - 0040632 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 473.sfk
2011-09-28 18:46 - 2011-09-28 18:39 - 0041236 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 472.sfk
2011-09-28 18:46 - 2011-09-28 18:33 - 0048384 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 469.sfk
2011-09-28 18:46 - 2011-09-28 18:30 - 0036496 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 465.sfk
2011-09-28 18:40 - 2011-09-28 18:39 - 10386662 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 473.wav
2011-09-28 18:39 - 2011-09-28 18:38 - 10540998 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 472.wav
2011-09-28 18:38 - 2011-09-28 18:38 - 0022200 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 471.sfk
2011-09-28 18:38 - 2011-09-28 18:37 - 5667734 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 471.wav
2011-09-28 18:33 - 2011-09-28 18:32 - 12369740 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 469.wav
2011-09-28 18:30 - 2011-09-28 18:29 - 9328358 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 465.wav
2011-09-28 16:23 - 2011-09-28 16:23 - 0044756 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 458.sfk
2011-09-28 16:23 - 2011-09-28 16:22 - 11440992 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 458.wav
2011-09-28 16:18 - 2011-09-28 16:10 - 0033732 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 453.sfk
2011-09-28 16:10 - 2011-09-28 16:10 - 8619766 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 453.wav
2011-09-28 02:06 - 2011-09-03 05:17 - 0599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
2011-09-28 02:06 - 2004-08-04 05:00 - 0599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2011-09-26 10:41 - 2007-10-09 13:03 - 0611328 ____A (Microsoft Corporation) C:\Windows\System32\uiautomationcore.dll
2011-09-26 10:41 - 2004-08-04 05:00 - 0220160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\oleacc.dll
2011-09-26 10:41 - 2004-08-04 05:00 - 0220160 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-09-26 10:41 - 2004-08-04 05:00 - 0020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\oleaccrc.dll
2011-09-26 10:41 - 2004-08-04 05:00 - 0020480 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
2011-09-25 17:11 - 2011-09-25 17:05 - 0016764 ____A C:\Documents and Settings\Administrator\My Documents\inaugust.odt
2011-09-25 15:11 - 2011-09-25 15:10 - 0079388 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 451.sfk
2011-09-25 15:10 - 2011-09-25 15:08 - 20307176 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 451.wav
2011-09-25 15:08 - 2011-09-25 15:07 - 0093080 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 449.sfk
2011-09-25 15:07 - 2011-09-25 15:05 - 23812816 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 449.wav
2011-09-25 15:01 - 2008-11-08 15:07 - 0010960 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 25.sfk
2011-09-25 15:01 - 2008-10-19 10:43 - 0028740 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 24.sfk
2011-09-24 12:28 - 2011-09-24 12:28 - 1881728 ____A C:\Documents and Settings\Administrator\My Documents\drum beat japo2.wav
2011-09-24 12:27 - 2011-09-24 12:27 - 1881728 ____A C:\Documents and Settings\Administrator\My Documents\drum beat japo1.wav
2011-09-22 20:54 - 2011-09-22 20:54 - 0015656 ____A C:\Documents and Settings\Administrator\My Documents\econhw3.odt
2011-09-20 18:41 - 2011-09-20 18:41 - 0020643 ____A C:\Documents and Settings\Administrator\My Documents\econhw2.odt
2011-09-19 14:38 - 2011-09-19 14:32 - 0024268 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 448.sfk
2011-09-19 14:32 - 2011-09-19 14:31 - 6196830 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 448.wav
2011-09-19 13:05 - 2011-09-18 16:59 - 0014917 ____A C:\Documents and Settings\Administrator\My Documents\stag.odt
2011-09-18 14:58 - 2011-09-18 14:55 - 0073868 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 447.sfk
2011-09-18 14:58 - 2011-09-18 14:53 - 0041224 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 445.sfk
2011-09-18 14:55 - 2011-09-18 14:53 - 18894018 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 447.wav
2011-09-18 14:53 - 2011-09-18 14:53 - 0020924 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 446.wav
2011-09-18 14:53 - 2011-09-18 14:52 - 10537372 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 445.wav
2011-09-18 14:53 - 2011-09-18 14:52 - 0010996 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 440.sfk
2011-09-18 14:52 - 2011-09-18 14:51 - 2799558 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 440.wav
2011-09-17 14:31 - 2011-09-17 14:07 - 0018479 ____A C:\Documents and Settings\Administrator\My Documents\econhw.odt
2011-09-15 14:04 - 2011-09-15 14:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2616676$
2011-09-15 14:04 - 2011-09-14 16:52 - 0013157 ____A C:\Windows\KB2616676.log
2011-09-15 14:01 - 2011-09-15 14:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2570947$
2011-09-15 14:01 - 2011-09-15 14:00 - 0007162 ____A C:\Windows\KB2570947.log
2011-09-13 19:06 - 2011-09-11 18:38 - 0016948 ____A C:\Documents and Settings\Administrator\My Documents\sleepofreason.odt
2011-09-13 14:13 - 2011-09-13 14:13 - 0000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpD9E08.FOT
2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpBEE08.FOT
2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpB0F08.FOT
2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpA2F08.FOT
2011-09-09 09:25 - 2009-10-09 17:53 - 0073216 ____A C:\Documents and Settings\Administrator\My Documents\resume newest.doc
2011-09-07 17:16 - 2011-09-07 17:16 - 0018848 ___RA C:\Documents and Settings\Administrator\Desktop\HW--HOB1-2.docx
2011-09-07 02:00 - 2011-09-07 02:00 - 0000000 __HDC C:\Windows\$NtUninstallKB2607712$
2011-09-07 02:00 - 2011-09-06 17:17 - 0013204 ____A C:\Windows\KB2607712.log
2011-09-06 08:20 - 2008-12-26 04:36 - 1858944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2011-09-06 08:20 - 2004-08-04 05:00 - 1858944 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

 

[bgrich2003]

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2010-07-08 18:19 - 028672 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP4

RP: -> 2010-07-08 13:13 - 028672 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP3

RP: -> 2010-07-08 12:53 - 028672 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP2

RP: -> 2010-07-08 10:41 - 024576 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP1

RP: -> 2011-12-01 19:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP520

RP: -> 2011-11-30 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP519

RP: -> 2011-11-29 15:56 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP518

RP: -> 2011-11-28 15:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP517

RP: -> 2011-11-27 17:44 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP516

RP: -> 2011-11-26 16:45 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP515

RP: -> 2011-11-25 16:06 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP514

RP: -> 2011-11-24 16:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP513

RP: -> 2011-11-23 15:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP512

RP: -> 2011-11-22 16:19 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP511

RP: -> 2011-11-21 17:19 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP510

RP: -> 2011-11-21 12:17 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP509

RP: -> 2011-11-20 09:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP508

RP: -> 2011-11-19 08:32 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP507

RP: -> 2011-11-18 03:39 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP506

RP: -> 2011-11-17 01:18 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP505

RP: -> 2011-11-16 00:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP504

RP: -> 2011-11-15 00:16 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP503

RP: -> 2011-11-13 18:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP502

RP: -> 2011-11-12 17:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP501

RP: -> 2011-11-11 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP500

RP: -> 2011-11-10 15:17 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP499

RP: -> 2011-11-09 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP498

RP: -> 2011-11-08 15:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP497

RP: -> 2011-11-07 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP496

RP: -> 2011-11-07 12:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP495

RP: -> 2011-11-06 12:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP494

RP: -> 2011-11-05 10:21 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP493

RP: -> 2011-11-04 09:58 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP492

RP: -> 2011-11-03 09:53 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP491

RP: -> 2011-11-02 00:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP490

RP: -> 2011-10-31 23:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP489

RP: -> 2011-10-30 23:21 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP488

RP: -> 2011-10-29 18:33 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP487

RP: -> 2011-10-28 17:17 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP486

RP: -> 2011-10-27 16:37 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP485

RP: -> 2011-10-26 15:58 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP484

RP: -> 2011-10-25 15:39 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP483

RP: -> 2011-10-24 15:31 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP482

RP: -> 2011-10-23 09:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP481

RP: -> 2011-10-21 22:35 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP480

RP: -> 2011-10-20 22:18 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP479

RP: -> 2011-10-19 21:18 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP478

RP: -> 2011-10-18 20:51 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP477

RP: -> 2011-10-17 20:11 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP476

RP: -> 2011-10-16 17:51 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP475

RP: -> 2011-10-15 17:27 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP474

RP: -> 2011-10-14 17:10 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP473

RP: -> 2011-10-13 16:32 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP472

RP: -> 2011-10-12 14:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP471

RP: -> 2011-10-11 04:56 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP470

RP: -> 2011-10-10 04:28 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP469

RP: -> 2011-10-09 03:42 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP468

RP: -> 2011-10-08 02:28 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP467

RP: -> 2011-10-07 02:26 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP466

RP: -> 2011-10-06 02:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP465

RP: -> 2011-10-05 01:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP464

RP: -> 2011-10-04 00:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP463

RP: -> 2011-10-02 23:42 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP462

RP: -> 2011-10-01 22:47 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP461

RP: -> 2011-09-30 20:34 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP460

RP: -> 2011-09-29 20:08 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP459

RP: -> 2011-09-28 20:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP458

RP: -> 2011-09-28 19:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP457

RP: -> 2011-09-27 15:36 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP456

RP: -> 2011-09-26 13:14 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP455

RP: -> 2011-09-25 13:03 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP454

RP: -> 2011-09-24 10:35 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP453

RP: -> 2011-09-23 10:09 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP452

RP: -> 2011-09-22 02:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP451

RP: -> 2011-09-21 01:57 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP450

RP: -> 2011-09-20 01:31 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP449

RP: -> 2011-09-18 22:49 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP448

RP: -> 2011-09-17 15:55 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP447

RP: -> 2011-09-16 14:32 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP446

RP: -> 2011-09-15 14:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP445

RP: -> 2011-09-14 16:56 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP444

RP: -> 2011-09-13 16:52 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP443

RP: -> 2011-09-12 12:04 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP442

RP: -> 2011-09-11 10:58 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP441

RP: -> 2011-09-10 09:03 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP440

RP: -> 2011-09-09 04:20 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP439

RP: -> 2011-09-08 03:55 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP438

RP: -> 2011-09-07 01:59 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP437

RP: -> 2011-09-06 15:20 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP436

RP: -> 2011-09-05 12:34 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP435

RP: -> 2011-09-04 12:29 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP434

RP: -> 2011-09-03 11:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP433


========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 2038.98 MB
Available physical RAM: 1438.23 MB
Total Pagefile: 3425.47 MB
Available Pagefile: 2936.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.97 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:301.67 GB) (Free:212.97 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 302 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 302 GB 32 KB
Partition 2 Unknown 8 MB 302 GB

Disk: 0
Partition 2
Type : 17
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

 

[Broni]

Yes, we have a case of a new TDL4 rootkit version.
This new version creates a small hidden partition on your hard drive and it operates from there.
We have to remove that partition and then resetting MBR should work.

===============================================================

Due to a limit of images I can post in my reply I created instructions for you here: http://www.smartestcomputing.us.com/topic/49349-tdl/