TechSpot

Ping.exe google redirect

By bgrich2003
Nov 22, 2011
  1. I've recently caught a virus that takes up all my computers resources, making it really slow.
    I opened up task manager, it seems to be ping.exe thats causing it.
    It also creates other viruses that cause google to get redirected every time I search, popups and installs a coupon searcher as well.
    I've removed viuses 3 times with malwarebytes and spybot but it does not get to the root of the problem.
    I've also disabled Terminal Sever Device Redirector in my device manager which seems to help with my search getting redirected.

    Any help would be greatly appreciated.
    Thank you,
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    Here is my avira scan the Mbam scan came up clean

    Avira Free Antivirus
    Report file date: Wednesday, November 23, 2011 11:59

    Scanning for 3587539 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Safe mode
    Username : Administrator
    Computer name : GX270

    Version information:
    BUILD.DAT : 12.0.0.861 41826 Bytes 10/19/2011 19:24:00
    AVSCAN.EXE : 12.1.0.18 490448 Bytes 10/19/2011 21:56:25
    AVSCAN.DLL : 12.1.0.17 54224 Bytes 10/19/2011 21:56:46
    LUKE.DLL : 12.1.0.17 68304 Bytes 10/19/2011 21:56:34
    AVSCPLR.DLL : 12.1.0.19 99536 Bytes 10/19/2011 21:56:25
    AVREG.DLL : 12.1.0.22 226512 Bytes 10/19/2011 21:56:24
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:07:39
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 22:08:51
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 17:00:55
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 17:18:22
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 19:12:53
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 14:26:09
    VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 21:56:40
    VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 21:56:40
    VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 21:56:40
    VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 21:56:40
    VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 21:56:40
    VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 21:56:40
    VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 21:56:40
    VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 21:56:41
    VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 21:56:41
    VBASE016.VDF : 7.11.16.1 163328 Bytes 10/14/2011 21:56:41
    VBASE017.VDF : 7.11.16.34 187904 Bytes 10/18/2011 21:56:41
    VBASE018.VDF : 7.11.16.77 139264 Bytes 10/20/2011 23:56:25
    VBASE019.VDF : 7.11.16.112 162816 Bytes 10/24/2011 23:56:25
    VBASE020.VDF : 7.11.16.150 167424 Bytes 10/26/2011 23:56:26
    VBASE021.VDF : 7.11.16.187 171520 Bytes 10/28/2011 23:56:26
    VBASE022.VDF : 7.11.16.209 190976 Bytes 10/31/2011 23:56:27
    VBASE023.VDF : 7.11.16.243 158208 Bytes 11/2/2011 23:56:27
    VBASE024.VDF : 7.11.17.21 194560 Bytes 11/6/2011 23:56:28
    VBASE025.VDF : 7.11.17.101 202752 Bytes 11/9/2011 23:56:28
    VBASE026.VDF : 7.11.17.137 214528 Bytes 11/11/2011 23:56:29
    VBASE027.VDF : 7.11.17.154 278528 Bytes 11/14/2011 23:56:30
    VBASE028.VDF : 7.11.17.197 175616 Bytes 11/16/2011 23:56:30
    VBASE029.VDF : 7.11.17.233 281088 Bytes 11/20/2011 23:56:31
    VBASE030.VDF : 7.11.18.10 221696 Bytes 11/22/2011 23:56:32
    VBASE031.VDF : 7.11.18.11 2048 Bytes 11/22/2011 23:56:32
    Engineversion : 8.2.6.116
    AEVDF.DLL : 8.1.2.2 106868 Bytes 11/22/2011 23:56:40
    AESCRIPT.DLL : 8.1.3.86 471420 Bytes 11/22/2011 23:56:40
    AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 04:46:02
    AESBX.DLL : 8.2.1.34 323957 Bytes 9/2/2011 04:46:02
    AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 04:16:06
    AEPACK.DLL : 8.2.13.4 684406 Bytes 11/22/2011 23:56:39
    AEOFFICE.DLL : 8.1.2.20 201083 Bytes 11/22/2011 23:56:38
    AEHEUR.DLL : 8.1.2.192 3838328 Bytes 11/22/2011 23:56:38
    AEHELP.DLL : 8.1.18.0 254327 Bytes 11/22/2011 23:56:34
    AEGEN.DLL : 8.1.5.14 405877 Bytes 11/22/2011 23:56:34
    AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 04:46:01
    AECORE.DLL : 8.1.24.0 196983 Bytes 11/22/2011 23:56:33
    AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 04:46:01
    AVWINLL.DLL : 12.1.0.17 27344 Bytes 10/19/2011 21:56:27
    AVPREF.DLL : 12.1.0.17 51920 Bytes 10/19/2011 21:56:24
    AVREP.DLL : 12.1.0.17 179408 Bytes 10/19/2011 21:56:24
    AVARKT.DLL : 12.1.0.17 223184 Bytes 10/19/2011 21:56:22
    AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 10/19/2011 21:56:23
    SQLITE3.DLL : 3.7.0.0 398288 Bytes 10/19/2011 21:56:38
    AVSMTP.DLL : 12.1.0.17 62928 Bytes 10/19/2011 21:56:25
    NETNT.DLL : 12.1.0.17 17104 Bytes 10/19/2011 21:56:34
    RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 10/19/2011 21:56:49
    RCTEXT.DLL : 12.1.0.16 96208 Bytes 10/19/2011 21:56:49

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: default
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: Wednesday, November 23, 2011 11:59

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '63' Module(s) have been scanned
    Scan process 'avcenter.exe' - '66' Module(s) have been scanned
    Scan process 'mbam.exe' - '49' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '92' Module(s) have been scanned
    Scan process 'svchost.exe' - '67' Module(s) have been scanned
    Scan process 'svchost.exe' - '31' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'lsass.exe' - '48' Module(s) have been scanned
    Scan process 'services.exe' - '27' Module(s) have been scanned
    Scan process 'winlogon.exe' - '59' Module(s) have been scanned
    Scan process 'csrss.exe' - '12' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '1384' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\Administrator\My Documents\Downloads\PicMorph.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\setup.exe
    [0] Archive type: Inno Setup
    --> {tmp}\kls.exe
    [DETECTION] Contains virus patterns of Adware ADWARE/Agent.Zugo.274
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\blinded by sun instrumental.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Chris Tomlin - Jesus Messiah .mp3
    [DETECTION] Is the TR/Dldr.WMA.Wima.24 Trojan
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\joise blink 182.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\klaxons its not over yet live.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\lost in stereo suave suarez.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\matt kearney closer to love.mp3
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\news boys strong.wma
    [DETECTION] Contains recognition pattern of the EXP/MediaPlaye.3186 exploit
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\superheroes alex y fido.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SY2ZULMJ\guestplaym21m[1].php
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[1].php
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[2].php
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    C:\WINDOWS\system32\drivers\serial.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan

    Beginning disinfection:
    C:\WINDOWS\system32\drivers\serial.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4d6ffea8.qua'.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[2].php
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to the quarantine directory under the name '55f5d0f8.qua'.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XJPLANJC\guestplaym21m[1].php
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to the quarantine directory under the name '07aa8a10.qua'.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SY2ZULMJ\guestplaym21m[1].php
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to the quarantine directory under the name '619dc5d2.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\superheroes alex y fido.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE] The file was moved to the quarantine directory under the name '2416e8ec.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\news boys strong.wma
    [DETECTION] Contains recognition pattern of the EXP/MediaPlaye.3186 exploit
    [NOTE] The file was moved to the quarantine directory under the name '5b74db7c.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\matt kearney closer to love.mp3
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    [NOTE] The file was moved to the quarantine directory under the name '17c9f732.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\lost in stereo suave suarez.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    [NOTE] The file was moved to the quarantine directory under the name '6bd0b691.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\klaxons its not over yet live.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    [NOTE] The file was moved to the quarantine directory under the name '46e499df.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\joise blink 182.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5f94a242.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\Chris Tomlin - Jesus Messiah .mp3
    [DETECTION] Is the TR/Dldr.WMA.Wima.24 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '33c18e76.qua'.
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\blinded by sun instrumental.wma
    [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4271b7e7.qua'.
    C:\Documents and Settings\Administrator\My Documents\Downloads\setup.exe
    [DETECTION] Contains virus patterns of Adware ADWARE/Searchbar.a.57
    [NOTE] The file was moved to the quarantine directory under the name '4c1c8724.qua'.
    C:\Documents and Settings\Administrator\My Documents\Downloads\PicMorph.exe
    [DETECTION] Contains virus patterns of Adware ADWARE/Agent.Zugo.372
    [NOTE] The file was moved to the quarantine directory under the name '0944fe62.qua'.


    End of the scan: Wednesday, November 23, 2011 15:42
    Used time: 3:07:04 Hour(s)

    The scan has been done completely.

    19929 Scanned directories
    455742 Files were scanned
    15 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    14 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    455727 Files not concerned
    2779 Archives were scanned
    0 Warnings
    14 Notes
     
  4. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    Gmer log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-26 12:48:36
    Windows 5.1.2600 Service Pack 3
    Running: lgxncqgy.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdqpod.sys


    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB44295$\1431436788 0 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385 0 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\bckfg.tmp 840 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\cfg.ini 208 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\keywords 19 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\L\bbipsykz 64512 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\80000000.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB44295$\2579379385\U\80000032.@ 97792 bytes

    ---- EOF - GMER 1.0.15 ----
     
  5. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    DDS.txt file

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by Administrator at 6:02:59 on 2011-11-27
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.989 [GMT -5:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\lxctcoms.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\Program Files\Zune\ZuneBusEnum.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    C:\Program Files\Avira\AntiVir Desktop\avscan.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp
    uSearch Page =
    uSearch Bar =
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {09e49ab4-9487-4828-b892-1bec9ed1dde6} - No File
    BHO: {0ABC4A49-8AFB-41A9-B85A-477F525B4977} - No File
    BHO: {0b876028-b388-4f6d-922f-f52faec8535f} - No File
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {29828AD7-9913-4025-94D2-FE9F883AAE47} - No File
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {4A71593D-D384-4B9C-A141-2F52C12861D7} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {6a5cbe2b-23fd-4650-ad47-708c8d1eda4f} - No File
    BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    BHO: {767CE9B1-669B-426A-9A1C-FE828C34C761} - No File
    BHO: {8439ECA6-690E-45B2-B631-D4B24508619A} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {989B7EE8-FA34-4C38-A008-838330F58AC3} - No File
    BHO: {9B1D52F0-7CC4-4E08-97F4-CC03751A4ED6} - No File
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No File
    BHO: {A3E9D252-31FF-4600-AA7F-444897C0C576} - No File
    BHO: {a4cdae5a-190a-4f2d-9e9b-bf97da5624a5} - No File
    BHO: {bf657654-67f9-4679-86d4-a97016e7cfe5} - No File
    BHO: {c15e0d32-7cc8-4f7a-8718-0478add571ec} - No File
    BHO: {C3F0CFD6-550C-471A-A41D-5FFDC11A05A9} - No File
    BHO: {C7DBC153-9C02-435D-A8A8-E5E33C6D5BA0} - No File
    BHO: {d2abbf68-bc72-47f0-a814-7ad168636a6d} - No File
    BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: {D8BABF28-8B02-4D21-B61B-3174AE4B582C} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {DE329032-20CB-4523-A1CB-884BCD8C4D86} - No File
    BHO: {E2A079A6-04CB-4A1C-BFEB-BB2172FC9639} - No File
    BHO: {e7017c0f-b48c-42a0-8c5a-cf7fc4de5fe1} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {eaa5d703-c901-4896-8b19-0f30779526e6} - No File
    BHO: {ef3b9c0c-cd48-4cc0-aa60-ba8b2681c260} - No File
    BHO: {efc75fe9-e202-4f2d-922e-1c65f3ddd4b5} - No File
    BHO: {FAC9B062-4ED7-4D96-BDE9-39949204EB20} - No File
    BHO: {FBEA68B9-E472-4F00-AF53-A21F29129893} - No File
    BHO: {FCE3AF62-FDAA-4270-8D03-D8924DF20F18} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No File
    TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
    EB: {727b755f-9a4c-287b-0dd0-78b52d2b6829} - Search panel
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
    mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
    mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
    mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    LSP: mswsock.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209161615513
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209161740763
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
    TCP: Interfaces\{465A2A28-8155-40F8-B13E-4D532274EFC7} : DhcpNameServer = 208.59.247.45 208.59.247.46
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnnmNEX
    LSA: Notification Packages = scecli c:\windows\system32\kozewepu.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\o4qapmf6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-22 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-22 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-22 110032]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-11-22 463824]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-22 74640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-16 22216]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-16 366152]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
    .
    =============== Created Last 30 ================
    .
    2011-11-23 00:13:38 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
    2011-11-23 00:01:07 -------- d-----w- c:\documents and settings\administrator\application data\Avira
    2011-11-22 23:59:30 -------- d-----w- c:\documents and settings\administrator\application data\AskToolbar
    2011-11-22 23:52:20 -------- d-----w- c:\program files\Ask.com
    2011-11-22 23:52:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AskToolbar
    2011-11-22 23:50:37 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-11-22 23:50:37 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-11-22 23:50:35 -------- d-----w- c:\program files\Avira
    2011-11-22 23:50:35 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-11-21 22:26:52 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-11-21 22:20:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-11-21 22:20:45 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-20 19:11:23 -------- d-----w- c:\documents and settings\administrator\application data\yamH6W7fE9TqYIr
    2011-11-20 19:11:22 -------- d-----w- c:\documents and settings\administrator\application data\XZ9hTXwUlBz0c
    2011-11-20 15:33:38 -------- d-----w- c:\program files\581AA
    2011-11-20 15:32:45 -------- d-----w- c:\documents and settings\administrator\application data\18F58
    2011-11-20 15:32:44 -------- d-----w- c:\program files\LP
    2011-11-20 15:32:39 -------- d-----w- c:\documents and settings\administrator\application data\ptzP0ycS1v3n4m6
    2011-11-20 15:32:39 -------- d-----w- c:\documents and settings\administrator\application data\DJ6dEK8fR9YwUeO
    2011-11-20 15:32:18 -------- d-----w- c:\documents and settings\administrator\application data\sqhYCwkIVlNx0c2
    2011-11-20 15:32:17 -------- d-----w- c:\documents and settings\administrator\application data\EK8gRZqhYw
    2011-11-17 03:24:30 -------- d-----w- c:\program files\iPod
    2011-11-17 03:24:25 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-11-17 03:24:24 -------- d-----w- c:\program files\iTunes
    2011-11-17 03:16:22 -------- d-----w- c:\program files\Bonjour
    2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpE0F9A.FOT
    2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpD2F9A.FOT
    2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpC5F9A.FOT
    2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpB7F9A.FOT
    .
    ==================== Find3M ====================
    .
    2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpC47A7.FOT
    2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpB77A7.FOT
    2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpAA7A7.FOT
    2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpA87A7.FOT
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpD9E08.FOT
    2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpBEE08.FOT
    2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpB0F08.FOT
    2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpA2F08.FOT
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    .
    ============= FINISH: 6:12:32.20 ===============
     
  6. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/20/2007 2:35:48 PM
    System Uptime: 11/25/2011 3:25:30 PM (39 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0N6016
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 302 GiB total, 212.902 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\PNP0501\1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\PNP0501\1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP424: 8/29/2011 3:00:17 PM - Software Distribution Service 3.0
    RP425: 8/30/2011 3:00:17 PM - Software Distribution Service 3.0
    RP426: 8/30/2011 7:52:08 PM - Installed Safari
    RP427: 8/30/2011 8:08:08 PM - Removed Safari
    RP428: 8/30/2011 8:19:01 PM - Installed Windows Internet Explorer 8.
    RP429: 8/30/2011 8:20:14 PM - Software Distribution Service 3.0
    RP430: 8/31/2011 7:08:03 AM - Software Distribution Service 3.0
    RP431: 9/1/2011 7:13:23 AM - System Checkpoint
    RP432: 9/2/2011 11:31:08 AM - System Checkpoint
    RP433: 9/3/2011 12:25:39 PM - System Checkpoint
    RP434: 9/4/2011 1:29:58 PM - System Checkpoint
    RP435: 9/5/2011 1:34:46 PM - System Checkpoint
    RP436: 9/6/2011 4:20:19 PM - System Checkpoint
    RP437: 9/7/2011 2:59:32 AM - Software Distribution Service 3.0
    RP438: 9/8/2011 4:55:33 AM - System Checkpoint
    RP439: 9/9/2011 5:20:22 AM - System Checkpoint
    RP440: 9/10/2011 10:03:34 AM - System Checkpoint
    RP441: 9/11/2011 11:58:46 AM - System Checkpoint
    RP442: 9/12/2011 1:04:40 PM - System Checkpoint
    RP443: 9/13/2011 5:52:14 PM - System Checkpoint
    RP444: 9/14/2011 5:56:57 PM - System Checkpoint
    RP445: 9/15/2011 3:00:17 PM - Software Distribution Service 3.0
    RP446: 9/16/2011 3:32:57 PM - System Checkpoint
    RP447: 9/17/2011 4:56:00 PM - System Checkpoint
    RP448: 9/18/2011 11:49:37 PM - System Checkpoint
    RP449: 9/20/2011 2:31:07 AM - System Checkpoint
    RP450: 9/21/2011 2:57:09 AM - System Checkpoint
    RP451: 9/22/2011 3:48:29 AM - System Checkpoint
    RP452: 9/23/2011 11:09:12 AM - System Checkpoint
    RP453: 9/24/2011 11:35:49 AM - System Checkpoint
    RP454: 9/25/2011 2:03:50 PM - System Checkpoint
    RP455: 9/26/2011 2:14:15 PM - System Checkpoint
    RP456: 9/27/2011 4:36:32 PM - System Checkpoint
    RP457: 9/28/2011 8:05:18 PM - System Checkpoint
    RP458: 9/28/2011 9:01:11 PM - Software Distribution Service 3.0
    RP459: 9/29/2011 9:08:05 PM - System Checkpoint
    RP460: 9/30/2011 9:34:27 PM - System Checkpoint
    RP461: 10/1/2011 11:47:50 PM - System Checkpoint
    RP462: 10/3/2011 12:42:08 AM - System Checkpoint
    RP463: 10/4/2011 1:41:23 AM - System Checkpoint
    RP464: 10/5/2011 2:25:30 AM - System Checkpoint
    RP465: 10/6/2011 3:25:30 AM - System Checkpoint
    RP466: 10/7/2011 3:26:35 AM - System Checkpoint
    RP467: 10/8/2011 3:28:35 AM - System Checkpoint
    RP468: 10/9/2011 4:42:19 AM - System Checkpoint
    RP469: 10/10/2011 5:28:35 AM - System Checkpoint
    RP470: 10/11/2011 5:56:55 AM - System Checkpoint
    RP471: 10/12/2011 3:00:18 PM - Software Distribution Service 3.0
    RP472: 10/13/2011 5:32:08 PM - System Checkpoint
    RP473: 10/14/2011 6:10:21 PM - System Checkpoint
    RP474: 10/15/2011 6:27:33 PM - System Checkpoint
    RP475: 10/16/2011 6:51:58 PM - System Checkpoint
    RP476: 10/17/2011 9:11:11 PM - System Checkpoint
    RP477: 10/18/2011 9:51:58 PM - System Checkpoint
    RP478: 10/19/2011 10:18:53 PM - System Checkpoint
    RP479: 10/20/2011 11:18:53 PM - System Checkpoint
    RP480: 10/21/2011 11:35:15 PM - System Checkpoint
    RP481: 10/23/2011 10:41:09 AM - System Checkpoint
    RP482: 10/24/2011 4:31:00 PM - System Checkpoint
    RP483: 10/25/2011 4:39:14 PM - System Checkpoint
    RP484: 10/26/2011 4:58:19 PM - System Checkpoint
    RP485: 10/27/2011 5:37:33 PM - System Checkpoint
    RP486: 10/28/2011 6:17:02 PM - System Checkpoint
    RP487: 10/29/2011 7:33:45 PM - System Checkpoint
    RP488: 10/31/2011 12:21:02 AM - System Checkpoint
    RP489: 11/1/2011 12:41:21 AM - System Checkpoint
    RP490: 11/2/2011 1:41:21 AM - System Checkpoint
    RP491: 11/3/2011 10:53:39 AM - System Checkpoint
    RP492: 11/4/2011 10:58:43 AM - System Checkpoint
    RP493: 11/5/2011 11:21:51 AM - System Checkpoint
    RP494: 11/6/2011 12:01:06 PM - System Checkpoint
    RP495: 11/7/2011 12:01:44 PM - System Checkpoint
    RP496: 11/7/2011 3:00:21 PM - Software Distribution Service 3.0
    RP497: 11/8/2011 3:48:07 PM - System Checkpoint
    RP498: 11/9/2011 3:00:20 PM - Software Distribution Service 3.0
    RP499: 11/10/2011 3:17:43 PM - System Checkpoint
    RP500: 11/11/2011 3:00:17 PM - Software Distribution Service 3.0
    RP501: 11/12/2011 5:00:00 PM - System Checkpoint
    RP502: 11/13/2011 6:48:54 PM - System Checkpoint
    RP503: 11/15/2011 12:16:18 AM - System Checkpoint
    RP504: 11/16/2011 12:25:30 AM - System Checkpoint
    RP505: 11/17/2011 1:18:44 AM - System Checkpoint
    RP506: 11/18/2011 3:39:31 AM - System Checkpoint
    RP507: 11/19/2011 8:32:48 AM - System Checkpoint
    RP508: 11/20/2011 9:05:37 AM - System Checkpoint
    RP509: 11/21/2011 12:17:15 PM - System Checkpoint
    RP510: 11/21/2011 5:19:59 PM - Restore Operation
    RP511: 11/22/2011 4:19:04 PM - Software Distribution Service 3.0
    RP512: 11/23/2011 3:48:13 PM - Software Distribution Service 3.0
    RP513: 11/24/2011 4:05:38 PM - System Checkpoint
    RP514: 11/25/2011 4:06:41 PM - System Checkpoint
    RP515: 11/26/2011 4:45:48 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ASIO4ALL
    Ask Toolbar
    Avira Free Antivirus
    Bing Bar Platform
    BitTorrent
    Bonjour
    CameraHelperMsi
    CCScore
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Setup
    DNA
    eMedia Guitar Basics
    erLT
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    EZface ActiveX 210
    Facebook Plug-In
    fflink
    GIMP 2.6.6
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 3840
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 4
    Lexmark 5400 Series
    Lexmark Toolbar
    Logitech Vid HD
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    magicJack
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WinUsb 1.0
    Move Media Player
    Mozilla Firefox (3.6.23)
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Nero Suite
    netbrdg
    NewzToolz v2.0.2
    OfotoXMI
    OpenOffice.org 2.4
    Paint.NET v3.5.8
    PartitionMagic
    PowerDVD
    PowerQuest PartitionMagic 8.0
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Sonic Foundry ACID 4.0
    Sony USB Driver
    SoundMAX
    Spybot - Search & Destroy
    staticcr
    TinyWord 2.9.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB Midisport Uno 1.0.1.0
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 0.9.6
    VPRINTOL
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Mobile Device Updater Component
    Windows Movie Maker 2.0
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WIRELESS
    XML Paper Specification Shared Components Pack 1.0
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/26/2011 9:23:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
    11/26/2011 9:23:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
    11/26/2011 8:23:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
    11/26/2011 8:23:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
    11/26/2011 7:23:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
    11/26/2011 7:23:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
    11/26/2011 3:23:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
    11/26/2011 3:23:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
    11/26/2011 2:23:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
    11/26/2011 2:23:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
    11/26/2011 12:23:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
    11/26/2011 12:23:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
    11/26/2011 11:23:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
    11/26/2011 11:23:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
    11/26/2011 1:23:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
    11/26/2011 1:23:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
    11/25/2011 9:23:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
    11/25/2011 8:23:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
    11/25/2011 8:23:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
    11/25/2011 7:23:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
    11/25/2011 7:23:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
    11/25/2011 6:23:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
    11/25/2011 6:23:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
    11/25/2011 5:23:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
    11/25/2011 4:23:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
    11/25/2011 4:23:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
    11/25/2011 3:23:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/25/2011 12:55:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv
    11/25/2011 10:23:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
    11/25/2011 10:23:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
    11/24/2011 6:23:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
    11/24/2011 6:23:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
    11/24/2011 5:23:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
    11/24/2011 5:23:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
    11/24/2011 4:23:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
    11/24/2011 4:23:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
    11/24/2011 3:23:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
    11/24/2011 3:23:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
    11/24/2011 2:23:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
    11/24/2011 2:23:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
    11/24/2011 12:23:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
    11/24/2011 12:23:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
    11/24/2011 1:23:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
    11/24/2011 1:23:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
    11/23/2011 11:23:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
    11/23/2011 11:23:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
    11/23/2011 10:23:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
    11/23/2011 10:23:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
    11/22/2011 7:23:02 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error
    11/22/2011 7:23:02 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error
    11/21/2011 9:23:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
    11/21/2011 7:14:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    11/21/2011 6:56:35 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    11/21/2011 5:47:40 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/21/2011 5:47:32 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    11/21/2011 5:23:01 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
    11/21/2011 5:22:46 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
    11/21/2011 5:22:46 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
    11/21/2011 5:22:21 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'serial.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/21/2011 5:20:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel USB3 Device Service service to connect.
    11/21/2011 5:20:11 PM, error: Service Control Manager [7000] - The Intel USB3 Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/21/2011 5:20:00 PM, error: Service Control Manager [7023] - The Intel USB3 Device Service service terminated with the following error: The specified module could not be found.
    11/21/2011 5:14:50 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    11/21/2011 5:14:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    11/21/2011 5:14:50 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
    11/21/2011 5:12:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/21/2011 4:11:17 PM, error: Dhcp [1002] - The IP address lease 64.121.151.176 for the Network Card with network address 000D56C21679 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    11/21/2011 3:46:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
    11/21/2011 3:16:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/21/2011 3:16:05 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/21/2011 3:03:27 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
    11/21/2011 11:27:39 PM, error: Service Control Manager [7022] - The DNS Client service hung on starting.
    11/20/2011 2:27:19 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    11/20/2011 2:13:46 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  7. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    I posted all the things asked of me

    everything is posted. I'm still having a problem with popups that come up on internet explorer and consumes a lot of resources under iexplore.exe under the processes. any help would be greatly appreciated.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    I attempted to do what was asked

    I downloaded ansmbr it does not run even on safemode
     
  10. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    I downloaded combofix as well and it started okay but after a while it just freezes my computer I waited over an hour and a half to see if it would finish but it never did.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  12. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    301 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  14. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    okay I downloaded tdsskiller but it didn't give me the option to save to desktop. Then I tried opening it and it didn't start.
     
  15. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    should I try it on safemode?
     
  16. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    I tried it on safe mode it didn't work. Then I tried it as soon as I started windows and it looked like it was about to go then turned off. I did this a couple of times and it gave me a message that a device had been disabled that I needed to run the program.
     
  17. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    Okay I updated all my virus, malware, and spyware programs and ran them again.
    I ran spybot and immediately after the iexplore.exe popup was eliminated.
    Then I was able to run combofix.exe but it did not finish.
    So I will do it again and post the results.
    As far as my computer status the popups are gone, ping.exe is gone, and the google redirect problem is gone.
    Thank you for your help and I will post the combofix results as soon as it is finished.
    Just to make sure it's all gone cause I'd hate for it to come back its a real pain.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We may be dealing here with the newest TDL rootkit.

    Let's see....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  19. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
    Ran by Administrator at 2011-12-02 01:34:24
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Service Pack 3 (X86) OS Language: English(US)
    Attention: Could not load system hive.
    Error: The process cannot access the file because it is being used by another process.
    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2011-12-01 17:32 - 2011-12-01 17:34 - 0000000 ___SD C:\ComboFix
    2011-12-01 15:26 - 2011-12-01 15:26 - 0000684 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
    2011-12-01 06:21 - 2011-12-01 06:21 - 1566512 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller(2).exe
    2011-11-29 16:49 - 2011-11-29 16:49 - 0000000 RASHD C:\cmdcons
    2011-11-29 16:49 - 2011-11-20 14:25 - 0000328 ____A C:\Boot.bak
    2011-11-29 16:49 - 2004-08-03 23:00 - 0260272 _RASH C:\cmldr
    2011-11-29 16:43 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
    2011-11-29 16:43 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
    2011-11-29 16:43 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2011-11-29 16:43 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2011-11-29 16:43 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2011-11-29 16:43 - 2000-08-30 19:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
    2011-11-29 16:43 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
    2011-11-29 16:43 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
    2011-11-29 16:43 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
    2011-11-29 16:41 - 2011-11-29 16:41 - 0000000 ____D C:\Windows\ERDNT
    2011-11-29 16:34 - 2011-11-29 16:41 - 0000000 ____D C:\Qoobox
    2011-11-28 06:32 - 2011-11-28 06:32 - 0000759 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to avira_free_antivirus_en.exe.lnk
    2011-11-22 19:50 - 2011-11-22 19:50 - 0000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    2011-11-22 19:13 - 2008-04-13 14:15 - 0064512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\serial.sys
    2011-11-22 19:01 - 2011-11-22 19:01 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Avira
    2011-11-22 18:59 - 2011-11-22 18:59 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\AskToolbar
    2011-11-22 18:53 - 2011-12-02 00:53 - 0000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
    2011-11-22 18:52 - 2011-12-01 06:26 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
    2011-11-22 18:52 - 2011-11-22 18:53 - 0000000 ____D C:\Program Files\Ask.com
    2011-11-22 18:50 - 2011-11-22 18:54 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
    2011-11-22 18:50 - 2011-11-22 18:50 - 0000000 ____D C:\Program Files\Avira
    2011-11-22 18:50 - 2011-10-19 16:56 - 0134344 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
    2011-11-22 18:50 - 2011-10-19 16:56 - 0074640 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
    2011-11-22 18:50 - 2011-10-19 16:56 - 0036000 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
    2011-11-22 18:50 - 2010-06-17 15:14 - 0028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
    2011-11-21 17:54 - 2011-11-21 17:54 - 0001542 ____A C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
    2011-11-21 17:54 - 2011-11-21 17:54 - 0000784 ____A C:\Documents and Settings\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-21 17:45 - 2011-11-21 17:45 - 0000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
    2011-11-21 17:42 - 2011-11-21 17:42 - 0001620 ____A C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
    2011-11-21 17:26 - 2011-11-21 17:26 - 0004752 ____A C:\Windows\System32\PerfStringBackup.TMP
    2011-11-21 15:08 - 2011-11-21 15:08 - 0000000 ____A C:\Windows\System32\cbvyp607.com.b
    2011-11-21 15:06 - 2011-12-02 01:23 - 0000352 ____A C:\Windows\Tasks\At4.job
    2011-11-21 15:06 - 2011-12-02 01:23 - 0000350 ____A C:\Windows\Tasks\At3.job
    2011-11-21 15:06 - 2011-12-02 00:23 - 0000352 ____A C:\Windows\Tasks\At2.job
    2011-11-21 15:06 - 2011-12-02 00:23 - 0000350 ____A C:\Windows\Tasks\At1.job
    2011-11-21 15:06 - 2011-12-01 23:23 - 0000352 ____A C:\Windows\Tasks\At48.job
    2011-11-21 15:06 - 2011-12-01 23:23 - 0000350 ____A C:\Windows\Tasks\At47.job
    2011-11-21 15:06 - 2011-12-01 22:23 - 0000352 ____A C:\Windows\Tasks\At46.job
    2011-11-21 15:06 - 2011-12-01 22:23 - 0000350 ____A C:\Windows\Tasks\At45.job
    2011-11-21 15:06 - 2011-12-01 21:23 - 0000352 ____A C:\Windows\Tasks\At44.job
    2011-11-21 15:06 - 2011-12-01 21:23 - 0000350 ____A C:\Windows\Tasks\At43.job
    2011-11-21 15:06 - 2011-12-01 20:23 - 0000352 ____A C:\Windows\Tasks\At42.job
    2011-11-21 15:06 - 2011-12-01 20:23 - 0000350 ____A C:\Windows\Tasks\At41.job
    2011-11-21 15:06 - 2011-12-01 19:23 - 0000352 ____A C:\Windows\Tasks\At40.job
    2011-11-21 15:06 - 2011-12-01 19:23 - 0000350 ____A C:\Windows\Tasks\At39.job
    2011-11-21 15:06 - 2011-12-01 18:23 - 0000352 ____A C:\Windows\Tasks\At38.job
    2011-11-21 15:06 - 2011-12-01 18:23 - 0000350 ____A C:\Windows\Tasks\At37.job
    2011-11-21 15:06 - 2011-12-01 17:23 - 0000352 ____A C:\Windows\Tasks\At36.job
    2011-11-21 15:06 - 2011-12-01 17:23 - 0000350 ____A C:\Windows\Tasks\At35.job
    2011-11-21 15:06 - 2011-12-01 15:23 - 0000352 ____A C:\Windows\Tasks\At32.job
    2011-11-21 15:06 - 2011-12-01 15:23 - 0000350 ____A C:\Windows\Tasks\At31.job
    2011-11-21 15:06 - 2011-12-01 14:23 - 0000352 ____A C:\Windows\Tasks\At30.job
    2011-11-21 15:06 - 2011-12-01 14:23 - 0000350 ____A C:\Windows\Tasks\At29.job
    2011-11-21 15:06 - 2011-12-01 13:23 - 0000352 ____A C:\Windows\Tasks\At28.job
    2011-11-21 15:06 - 2011-12-01 13:23 - 0000350 ____A C:\Windows\Tasks\At27.job
    2011-11-21 15:06 - 2011-12-01 12:23 - 0000352 ____A C:\Windows\Tasks\At26.job
    2011-11-21 15:06 - 2011-12-01 12:23 - 0000350 ____A C:\Windows\Tasks\At25.job
    2011-11-21 15:06 - 2011-12-01 11:23 - 0000352 ____A C:\Windows\Tasks\At24.job
    2011-11-21 15:06 - 2011-12-01 11:23 - 0000350 ____A C:\Windows\Tasks\At23.job
    2011-11-21 15:06 - 2011-12-01 10:23 - 0000352 ____A C:\Windows\Tasks\At22.job
    2011-11-21 15:06 - 2011-12-01 10:23 - 0000350 ____A C:\Windows\Tasks\At21.job
    2011-11-21 15:06 - 2011-12-01 09:23 - 0000352 ____A C:\Windows\Tasks\At20.job
    2011-11-21 15:06 - 2011-12-01 09:23 - 0000350 ____A C:\Windows\Tasks\At19.job
    2011-11-21 15:06 - 2011-12-01 08:23 - 0000352 ____A C:\Windows\Tasks\At18.job
    2011-11-21 15:06 - 2011-12-01 08:23 - 0000350 ____A C:\Windows\Tasks\At17.job
    2011-11-21 15:06 - 2011-12-01 07:23 - 0000352 ____A C:\Windows\Tasks\At16.job
    2011-11-21 15:06 - 2011-12-01 07:23 - 0000350 ____A C:\Windows\Tasks\At15.job
    2011-11-21 15:06 - 2011-12-01 06:23 - 0000352 ____A C:\Windows\Tasks\At14.job
    2011-11-21 15:06 - 2011-12-01 06:23 - 0000350 ____A C:\Windows\Tasks\At13.job
    2011-11-21 15:06 - 2011-12-01 05:23 - 0000352 ____A C:\Windows\Tasks\At12.job
    2011-11-21 15:06 - 2011-12-01 05:23 - 0000350 ____A C:\Windows\Tasks\At11.job
    2011-11-21 15:06 - 2011-12-01 04:23 - 0000352 ____A C:\Windows\Tasks\At10.job
    2011-11-21 15:06 - 2011-12-01 04:23 - 0000350 ____A C:\Windows\Tasks\At9.job
    2011-11-21 15:06 - 2011-12-01 03:23 - 0000352 ____A C:\Windows\Tasks\At8.job
    2011-11-21 15:06 - 2011-12-01 03:23 - 0000350 ____A C:\Windows\Tasks\At7.job
    2011-11-21 15:06 - 2011-12-01 02:23 - 0000352 ____A C:\Windows\Tasks\At6.job
    2011-11-21 15:06 - 2011-12-01 02:23 - 0000350 ____A C:\Windows\Tasks\At5.job
    2011-11-21 15:06 - 2011-11-30 16:23 - 0000352 ____A C:\Windows\Tasks\At34.job
    2011-11-21 15:06 - 2011-11-30 16:23 - 0000350 ____A C:\Windows\Tasks\At33.job
    2011-11-21 15:06 - 2011-11-21 15:08 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\rmQCmGT.dat
    2011-11-21 11:10 - 2011-11-21 11:10 - 0100702 ____A C:\Windows\System32\itusbcore.dat
    2011-11-21 11:10 - 2011-11-21 11:10 - 0000196 ____A C:\Windows\System32\itlsvc.dat
    2011-11-21 11:10 - 2011-11-21 11:10 - 0000000 __SHD C:\Documents and Settings\LocalService\IETldCache
    2011-11-20 16:52 - 2011-11-20 16:55 - 0047592 ____A C:\TDSSKiller.2.6.19.0_20.11.2011_16.52.11_log.txt
    2011-11-20 16:05 - 2011-11-20 16:05 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
    2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\yamH6W7fE9TqYIr
    2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\XZ9hTXwUlBz0c
    2011-11-20 10:33 - 2011-11-20 14:09 - 0000000 ____D C:\Program Files\581AA
    2011-11-20 10:32 - 2011-11-20 14:09 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\18F58
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\sqhYCwkIVlNx0c2
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\ptzP0ycS1v3n4m6
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\EK8gRZqhYw
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\DJ6dEK8fR9YwUeO
    2011-11-17 20:04 - 2011-11-17 20:09 - 0068824 ____A C:\Documents and Settings\Administrator\My Documents\mellow.mp3.sfk
    2011-11-17 20:02 - 2011-11-17 20:02 - 0423488 ____A C:\Documents and Settings\Administrator\My Documents\clap track.wav
    2011-11-16 22:24 - 2011-11-16 22:26 - 0000000 ____D C:\Program Files\iTunes
    2011-11-16 22:24 - 2011-11-16 22:26 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-11-16 22:24 - 2011-11-16 22:24 - 0000000 ____D C:\Program Files\iPod
    2011-11-16 22:17 - 2011-11-16 22:17 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
    2011-11-16 22:16 - 2011-11-16 22:16 - 0000000 ____D C:\Program Files\Bonjour
    2011-11-15 14:26 - 2011-11-16 13:53 - 0012272 ____A C:\Documents and Settings\Administrator\My Documents\artemis.odt
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpE0F9A.FOT
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpD2F9A.FOT
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpC5F9A.FOT
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpB7F9A.FOT
    2011-11-11 15:01 - 2011-11-11 15:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
    2011-11-11 01:43 - 2011-11-11 15:01 - 0013209 ____A C:\Windows\KB2641690.log
    2011-11-09 15:04 - 2011-11-09 15:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
    2011-11-08 20:28 - 2011-11-08 20:28 - 1411328 ____A C:\Documents and Settings\Administrator\My Documents\120 funky beat japo.wav
    2011-11-08 18:40 - 2011-11-09 15:04 - 0012342 ____A C:\Windows\KB2544893-v2.log
     
  20. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    ============ 3 Months Modified Files and Folders ===============

    2011-12-02 01:35 - 2011-12-02 01:34 - 0000000 ____D C:\FRST
    2011-12-02 01:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At4.job
    2011-12-02 01:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At3.job
    2011-12-02 00:53 - 2011-11-22 18:53 - 0000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
    2011-12-02 00:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At2.job
    2011-12-02 00:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At1.job
    2011-12-01 23:53 - 2007-11-20 14:37 - 0032618 ____A C:\Windows\SchedLgU.Txt
    2011-12-01 23:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At48.job
    2011-12-01 23:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At47.job
    2011-12-01 22:57 - 2008-05-15 16:22 - 0000000 ____D C:\Program Files\Mozilla Firefox
    2011-12-01 22:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At46.job
    2011-12-01 22:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At45.job
    2011-12-01 21:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At44.job
    2011-12-01 21:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At43.job
    2011-12-01 20:44 - 2007-11-20 14:31 - 1104746 ____A C:\Windows\WindowsUpdate.log
    2011-12-01 20:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At42.job
    2011-12-01 20:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At41.job
    2011-12-01 19:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At40.job
    2011-12-01 19:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At39.job
    2011-12-01 18:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At38.job
    2011-12-01 18:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At37.job
    2011-12-01 17:34 - 2011-12-01 17:32 - 0000000 ___SD C:\ComboFix
    2011-12-01 17:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At36.job
    2011-12-01 17:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At35.job
    2011-12-01 16:45 - 2004-08-04 05:00 - 0002206 ____A C:\Windows\System32\wpa.dbl
    2011-12-01 16:44 - 2010-11-24 09:41 - 0000000 ____D C:\Windows\System32\logishrd
    2011-12-01 16:44 - 2007-11-20 14:37 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2011-12-01 16:44 - 2007-11-20 14:37 - 0000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
    2011-12-01 16:44 - 2007-11-20 14:37 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2011-12-01 16:44 - 2007-11-20 14:36 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2011-12-01 16:44 - 2007-11-20 06:27 - 0000159 ____A C:\Windows\wiadebug.log
    2011-12-01 16:44 - 2007-11-20 06:27 - 0000049 ____A C:\Windows\wiaservc.log
    2011-12-01 16:42 - 2007-11-20 14:37 - 0000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2011-12-01 16:22 - 2010-07-09 11:32 - 0000000 __SHD C:\Windows\CSC
    2011-12-01 16:22 - 2007-11-20 06:17 - 0000000 ____D C:\Windows\System32\usmt
    2011-12-01 15:26 - 2011-12-01 15:26 - 0000684 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
    2011-12-01 15:24 - 2008-05-21 12:22 - 0000202 ____A C:\Windows\NeroDigital.ini
    2011-12-01 15:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At32.job
    2011-12-01 15:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At31.job
    2011-12-01 14:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At30.job
    2011-12-01 14:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At29.job
    2011-12-01 13:41 - 2009-09-30 10:17 - 0000000 ____D C:\Windows\System32\NtmsData
    2011-12-01 13:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At28.job
    2011-12-01 13:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At27.job
    2011-12-01 12:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At26.job
    2011-12-01 12:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At25.job
    2011-12-01 11:42 - 2007-11-20 14:29 - 0000000 ____D C:\Windows\Registration
    2011-12-01 11:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At24.job
    2011-12-01 11:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At23.job
    2011-12-01 10:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At22.job
    2011-12-01 10:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At21.job
    2011-12-01 09:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At20.job
    2011-12-01 09:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At19.job
    2011-12-01 08:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At18.job
    2011-12-01 08:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At17.job
    2011-12-01 07:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At16.job
    2011-12-01 07:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At15.job
    2011-12-01 06:54 - 2007-11-20 06:22 - 0000445 _RASH C:\boot.ini
    2011-12-01 06:54 - 2004-08-04 05:00 - 0000535 ____A C:\Windows\win.ini
    2011-12-01 06:54 - 2004-08-04 05:00 - 0000227 ____A C:\Windows\system.ini
    2011-12-01 06:39 - 2008-11-20 12:27 - 3155712 ____A C:\Windows\ntbtlog.txt
    2011-12-01 06:26 - 2011-11-22 18:52 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
    2011-12-01 06:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At14.job
    2011-12-01 06:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At13.job
    2011-12-01 06:21 - 2011-12-01 06:21 - 1566512 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller(2).exe
    2011-12-01 05:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At12.job
    2011-12-01 05:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At11.job
    2011-12-01 04:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At10.job
    2011-12-01 04:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At9.job
    2011-12-01 03:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At8.job
    2011-12-01 03:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At7.job
    2011-12-01 02:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At6.job
    2011-12-01 02:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At5.job
    2011-11-30 16:23 - 2011-11-21 15:06 - 0000352 ____A C:\Windows\Tasks\At34.job
    2011-11-30 16:23 - 2011-11-21 15:06 - 0000350 ____A C:\Windows\Tasks\At33.job
    2011-11-30 13:14 - 2008-05-20 09:41 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
    2011-11-29 19:50 - 2007-11-20 14:37 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents
    2011-11-29 16:49 - 2011-11-29 16:49 - 0000000 RASHD C:\cmdcons
    2011-11-29 16:41 - 2011-11-29 16:41 - 0000000 ____D C:\Windows\ERDNT
    2011-11-29 16:41 - 2011-11-29 16:34 - 0000000 ____D C:\Qoobox
    2011-11-29 15:13 - 2009-12-31 12:04 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
    2011-11-29 08:21 - 2008-05-20 11:44 - 0000000 ____D C:\Program Files\Lx_cats
    2011-11-28 15:28 - 2008-05-16 13:23 - 0000000 ____D C:\Program Files\eMedia Guitar Basics
    2011-11-28 06:32 - 2011-11-28 06:32 - 0000759 ____A C:\Documents and Settings\Administrator\Desktop\Shortcut to avira_free_antivirus_en.exe.lnk
    2011-11-27 19:05 - 2010-08-10 09:01 - 0001324 ____A C:\Windows\System32\d3d9caps.dat
    2011-11-27 17:01 - 2010-11-25 12:02 - 0374273 ____A C:\Windows\setupapi.log
    2011-11-27 17:00 - 2009-01-10 01:40 - 0009719 ____A C:\Windows\setupact.log
    2011-11-26 15:26 - 2006-06-25 23:45 - 0108703 ____A C:\hpfr3840.log
    2011-11-23 16:03 - 2008-06-15 15:56 - 0000000 ____D C:\Config.Msi
    2011-11-22 21:01 - 2007-11-20 06:17 - 0000000 ____D C:\Windows\repair
    2011-11-22 19:50 - 2011-11-22 19:50 - 0000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    2011-11-22 19:01 - 2011-11-22 19:01 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Avira
    2011-11-22 18:59 - 2011-11-22 18:59 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\AskToolbar
    2011-11-22 18:54 - 2011-11-22 18:50 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
    2011-11-22 18:53 - 2011-11-22 18:52 - 0000000 ____D C:\Program Files\Ask.com
    2011-11-22 18:50 - 2011-11-22 18:50 - 0000000 ____D C:\Program Files\Avira
    2011-11-22 12:37 - 2007-11-20 14:30 - 0000000 ____D C:\Windows\srchasst
    2011-11-21 17:54 - 2011-11-21 17:54 - 0001542 ____A C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
    2011-11-21 17:54 - 2011-11-21 17:54 - 0000784 ____A C:\Documents and Settings\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
    2011-11-21 17:45 - 2011-11-21 17:45 - 0000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
    2011-11-21 17:42 - 2011-11-21 17:42 - 0001620 ____A C:\Documents and Settings\Administrator\Desktop\Mozilla Firefox.lnk
    2011-11-21 17:26 - 2011-11-21 17:26 - 0004752 ____A C:\Windows\System32\PerfStringBackup.TMP
    2011-11-21 17:12 - 2008-12-26 05:34 - 0000000 __HDC C:\Windows\$NtUninstallKB957097_0$
    2011-11-21 16:15 - 2007-11-20 14:37 - 0000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    2011-11-21 16:14 - 2007-11-20 14:37 - 0000000 __SHD C:\Documents and Settings\Administrator\Local Settings\History
    2011-11-21 15:09 - 2007-11-20 06:24 - 0000000 ___RD C:\Documents and Settings\All Users\Start Menu
    2011-11-21 15:08 - 2011-11-21 15:08 - 0000000 ____A C:\Windows\System32\cbvyp607.com.b
    2011-11-21 15:08 - 2011-11-21 15:06 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\rmQCmGT.dat
    2011-11-21 11:10 - 2011-11-21 11:10 - 0100702 ____A C:\Windows\System32\itusbcore.dat
    2011-11-21 11:10 - 2011-11-21 11:10 - 0000196 ____A C:\Windows\System32\itlsvc.dat
    2011-11-21 11:10 - 2011-11-21 11:10 - 0000000 __SHD C:\Documents and Settings\LocalService\IETldCache
    2011-11-20 18:45 - 2010-04-13 14:01 - 0000000 __HDC C:\Windows\$NtUninstallKB978601$
    2011-11-20 16:55 - 2011-11-20 16:52 - 0047592 ____A C:\TDSSKiller.2.6.19.0_20.11.2011_16.52.11_log.txt
    2011-11-20 16:05 - 2011-11-20 16:05 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
    2011-11-20 14:25 - 2011-11-29 16:49 - 0000328 ____A C:\Boot.bak
    2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\yamH6W7fE9TqYIr
    2011-11-20 14:11 - 2011-11-20 14:11 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\XZ9hTXwUlBz0c
    2011-11-20 14:09 - 2011-11-20 10:33 - 0000000 ____D C:\Program Files\581AA
    2011-11-20 14:09 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\18F58
    2011-11-20 14:09 - 2011-04-14 15:36 - 0000000 __HDC C:\Windows\$NtUninstallKB2412687$
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\sqhYCwkIVlNx0c2
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\ptzP0ycS1v3n4m6
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\EK8gRZqhYw
    2011-11-20 10:32 - 2011-11-20 10:32 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\DJ6dEK8fR9YwUeO
    2011-11-17 20:09 - 2011-11-17 20:04 - 0068824 ____A C:\Documents and Settings\Administrator\My Documents\mellow.mp3.sfk
    2011-11-17 20:02 - 2011-11-17 20:02 - 0423488 ____A C:\Documents and Settings\Administrator\My Documents\clap track.wav
    2011-11-17 13:57 - 2007-11-20 14:37 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
    2011-11-16 22:26 - 2011-11-16 22:24 - 0000000 ____D C:\Program Files\iTunes
    2011-11-16 22:26 - 2011-11-16 22:24 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-11-16 22:24 - 2011-11-16 22:24 - 0000000 ____D C:\Program Files\iPod
    2011-11-16 22:24 - 2008-05-15 17:00 - 0000000 ____D C:\Program Files\Common Files\Apple
    2011-11-16 22:17 - 2011-11-16 22:17 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
    2011-11-16 22:17 - 2007-11-20 14:40 - 0000000 ____D C:\Windows\System32\ReinstallBackups
    2011-11-16 22:16 - 2011-11-16 22:16 - 0000000 ____D C:\Program Files\Bonjour
    2011-11-16 13:53 - 2011-11-15 14:26 - 0012272 ____A C:\Documents and Settings\Administrator\My Documents\artemis.odt
    2011-11-14 20:40 - 2011-04-18 15:05 - 0117540 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 351.sfk
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpE0F9A.FOT
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpD2F9A.FOT
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpC5F9A.FOT
    2011-11-13 16:26 - 2011-11-13 16:26 - 0001409 ____A C:\Windows\System32\tmpB7F9A.FOT
    2011-11-11 15:01 - 2011-11-11 15:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
    2011-11-11 15:01 - 2011-11-11 01:43 - 0013209 ____A C:\Windows\KB2641690.log
    2011-11-11 15:01 - 2007-11-20 14:57 - 0304055 ____A C:\Windows\updspapi.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 2286254 ____A C:\Windows\FaxSetup.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 1149713 ____A C:\Windows\ocgen.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 1071526 ____A C:\Windows\tsoc.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0734684 ____A C:\Windows\comsetup.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0725444 ____A C:\Windows\msmqinst.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0591425 ____A C:\Windows\iis6.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0450600 ____A C:\Windows\ntdtcsetup.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0405060 ____A C:\Windows\netfxocm.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0161624 ____A C:\Windows\MedCtrOC.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0122516 ____A C:\Windows\ocmsn.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0116823 ____A C:\Windows\msgsocm.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0114654 ____A C:\Windows\tabletoc.log
    2011-11-11 15:01 - 2007-11-20 06:24 - 0001393 ____A C:\Windows\imsins.log
    2011-11-11 13:07 - 2010-01-02 11:07 - 0032020 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 177.sfk
    2011-11-11 13:07 - 2008-05-31 15:36 - 0066212 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 8.sfk
    2011-11-11 01:43 - 2007-11-20 14:33 - 0000000 ___HD C:\Windows\$hf_mig$
    2011-11-10 10:52 - 2007-11-20 14:29 - 0137121 ____A C:\Windows\wmsetup.log
    2011-11-09 15:04 - 2011-11-09 15:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
    2011-11-09 15:04 - 2011-11-08 18:40 - 0012342 ____A C:\Windows\KB2544893-v2.log
    2011-11-09 15:04 - 2007-11-20 06:24 - 0001374 ____A C:\Windows\imsins.BAK
    2011-11-09 15:00 - 2009-01-10 01:40 - 50295240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-11-09 14:34 - 2008-05-15 16:59 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
    2011-11-08 20:28 - 2011-11-08 20:28 - 1411328 ____A C:\Documents and Settings\Administrator\My Documents\120 funky beat japo.wav
    2011-11-07 09:34 - 2007-11-20 06:24 - 0535540 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-10-31 10:36 - 2008-04-25 17:50 - 0000000 __HDC C:\Windows\$NtUninstallKB924667$
    2011-10-30 09:02 - 2010-03-19 21:24 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2011-10-30 09:02 - 2010-03-19 21:23 - 0000000 ____A C:\Windows\System32\Drivers\logiflt.iad
    2011-10-21 19:45 - 2009-11-30 01:38 - 0001028 ____A C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
    2011-10-21 19:45 - 2009-11-30 01:23 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\mjusbsp
    2011-10-21 11:02 - 2011-10-21 10:55 - 0056132 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 474.sfk
    2011-10-21 10:55 - 2011-10-21 10:53 - 14358336 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 474.wav
    2011-10-19 16:56 - 2011-11-22 18:50 - 0134344 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
    2011-10-19 16:56 - 2011-11-22 18:50 - 0074640 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
    2011-10-19 16:56 - 2011-11-22 18:50 - 0036000 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
    2011-10-19 16:26 - 2011-10-19 16:21 - 0027700 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 468.sfk
    2011-10-19 16:23 - 2011-10-19 16:23 - 0031580 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 470.sfk
    2011-10-19 16:23 - 2011-10-19 16:22 - 8068470 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 470.wav
    2011-10-19 16:21 - 2011-10-19 16:21 - 7076526 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 468.wav
    2011-10-19 16:21 - 2011-10-19 16:16 - 0040536 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 467.sfk
    2011-10-19 16:16 - 2011-10-19 16:15 - 10361628 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 467.wav
    2011-10-19 16:15 - 2011-10-19 16:14 - 2379690 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 464.wav
    2011-10-19 14:16 - 2011-10-19 14:16 - 3462978 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 463.wav
    2011-10-19 14:16 - 2011-10-19 14:16 - 0044420 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 462.sfk
    2011-10-19 14:16 - 2011-10-19 14:16 - 0013588 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 463.sfk
    2011-10-19 14:16 - 2011-10-19 14:14 - 11355520 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 462.wav
    2011-10-19 14:16 - 2011-10-19 14:07 - 0036152 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 461.sfk
    2011-10-19 14:16 - 2011-10-19 13:42 - 0031152 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 457.sfk
    2011-10-19 14:07 - 2011-10-19 14:06 - 9238990 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 461.wav
    2011-10-19 14:07 - 2011-10-19 14:06 - 0028744 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 460.sfk
    2011-10-19 14:06 - 2011-10-19 14:05 - 7342804 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 460.wav
    2011-10-19 14:06 - 2011-10-19 13:47 - 0021080 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 459.sfk
    2011-10-19 13:47 - 2011-10-19 13:47 - 5380676 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 459.wav
    2011-10-19 13:42 - 2011-10-19 13:41 - 7959926 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 457.wav
    2011-10-19 13:40 - 2011-10-19 13:39 - 2203672 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 454.wav
    2011-10-19 12:58 - 2008-05-16 13:20 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Sonic Foundry
    2011-10-18 14:51 - 2011-10-18 14:51 - 0010079 ____A C:\Documents and Settings\Administrator\My Documents\bibliography shopping.odt
    2011-10-16 21:14 - 2008-12-19 00:35 - 0118128 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 55.sfk
    2011-10-16 21:14 - 2008-12-19 00:27 - 0130272 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 53.sfk
    2011-10-16 21:14 - 2008-12-19 00:18 - 0118900 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 52.sfk
    2011-10-16 20:12 - 2008-05-31 18:45 - 0012900 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 15.sfk
    2011-10-16 19:18 - 2011-10-16 19:15 - 0030384 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 456.sfk
    2011-10-16 19:18 - 2011-10-16 19:13 - 0016256 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 455.sfk
    2011-10-16 19:15 - 2011-10-16 19:15 - 7762258 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 456.wav
    2011-10-16 19:13 - 2011-10-16 19:13 - 4146082 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 455.wav
    2011-10-16 19:10 - 2011-10-16 19:09 - 0948880 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 452.wav
    2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpC47A7.FOT
    2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpB77A7.FOT
    2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpAA7A7.FOT
    2011-10-16 09:12 - 2011-10-16 09:12 - 0001409 ____A C:\Windows\System32\tmpA87A7.FOT
    2011-10-15 09:40 - 2009-01-16 20:20 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2011-10-13 14:21 - 2011-10-13 14:21 - 0015488 ____A C:\Documents and Settings\Administrator\My Documents\econhw6.odt
    2011-10-12 15:49 - 2008-04-25 17:59 - 0000000 ____D C:\Program Files\Microsoft Silverlight
    2011-10-12 15:49 - 2007-11-20 06:23 - 0123728 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-10-12 15:30 - 2008-04-25 17:41 - 0000000 ____D C:\Windows\Microsoft.NET
    2011-10-12 14:16 - 2011-10-12 14:16 - 0011128 ____A C:\Windows\KB2564958.log
    2011-10-12 14:16 - 2011-10-12 14:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2564958$
    2011-10-12 14:05 - 2011-10-12 11:35 - 0017627 ____A C:\Windows\KB2567053.log
    2011-10-12 14:04 - 2011-10-12 14:04 - 0011676 ____A C:\Windows\KB2592799.log
    2011-10-12 14:04 - 2011-10-12 14:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2592799$
    2011-10-12 14:04 - 2011-10-12 14:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2567053$
    2011-10-12 14:04 - 2011-10-12 14:01 - 0016095 ____A C:\Windows\KB2586448-IE8.log
    2011-10-12 14:03 - 2011-08-30 19:21 - 0000000 ____D C:\Windows\ie8updates
    2011-10-11 14:30 - 2011-10-11 13:26 - 0017511 ____A C:\Documents and Settings\Administrator\My Documents\adela.odt
    2011-10-10 09:22 - 2008-12-26 04:35 - 0692736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcomm.dll
    2011-10-10 09:22 - 2007-11-20 14:30 - 0692736 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2011-10-04 17:20 - 2011-10-04 17:20 - 0015320 ____A C:\Documents and Settings\Administrator\My Documents\econhwelas.odt
    2011-10-03 03:35 - 2006-03-23 12:32 - 5971456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
    2011-10-03 03:35 - 2006-03-23 12:32 - 5971456 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-10-01 22:56 - 2008-05-21 11:21 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent
    2011-10-01 16:02 - 2011-10-01 16:02 - 0020862 ____A C:\Documents and Settings\Administrator\My Documents\econhwsect4&5.odt
    2011-10-01 14:57 - 2010-12-12 20:15 - 0016384 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-10-01 11:10 - 2011-10-01 11:07 - 0116764 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 450.sfk
    2011-10-01 11:07 - 2011-10-01 11:04 - 29876562 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 450.wav
    2011-09-30 14:02 - 2011-09-30 14:02 - 0016448 ____A C:\Documents and Settings\Administrator\My Documents\econhw4&5.odt
    2011-09-28 18:46 - 2011-09-28 18:40 - 0040632 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 473.sfk
    2011-09-28 18:46 - 2011-09-28 18:39 - 0041236 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 472.sfk
    2011-09-28 18:46 - 2011-09-28 18:33 - 0048384 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 469.sfk
    2011-09-28 18:46 - 2011-09-28 18:30 - 0036496 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 465.sfk
    2011-09-28 18:40 - 2011-09-28 18:39 - 10386662 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 473.wav
    2011-09-28 18:39 - 2011-09-28 18:38 - 10540998 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 472.wav
    2011-09-28 18:38 - 2011-09-28 18:38 - 0022200 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 471.sfk
    2011-09-28 18:38 - 2011-09-28 18:37 - 5667734 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 471.wav
    2011-09-28 18:33 - 2011-09-28 18:32 - 12369740 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 469.wav
    2011-09-28 18:30 - 2011-09-28 18:29 - 9328358 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 465.wav
    2011-09-28 16:23 - 2011-09-28 16:23 - 0044756 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 458.sfk
    2011-09-28 16:23 - 2011-09-28 16:22 - 11440992 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 458.wav
    2011-09-28 16:18 - 2011-09-28 16:10 - 0033732 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 453.sfk
    2011-09-28 16:10 - 2011-09-28 16:10 - 8619766 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 453.wav
    2011-09-28 02:06 - 2011-09-03 05:17 - 0599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
    2011-09-28 02:06 - 2004-08-04 05:00 - 0599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2011-09-26 10:41 - 2007-10-09 13:03 - 0611328 ____A (Microsoft Corporation) C:\Windows\System32\uiautomationcore.dll
    2011-09-26 10:41 - 2004-08-04 05:00 - 0220160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\oleacc.dll
    2011-09-26 10:41 - 2004-08-04 05:00 - 0220160 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2011-09-26 10:41 - 2004-08-04 05:00 - 0020480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\oleaccrc.dll
    2011-09-26 10:41 - 2004-08-04 05:00 - 0020480 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
    2011-09-25 17:11 - 2011-09-25 17:05 - 0016764 ____A C:\Documents and Settings\Administrator\My Documents\inaugust.odt
    2011-09-25 15:11 - 2011-09-25 15:10 - 0079388 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 451.sfk
    2011-09-25 15:10 - 2011-09-25 15:08 - 20307176 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 451.wav
    2011-09-25 15:08 - 2011-09-25 15:07 - 0093080 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 449.sfk
    2011-09-25 15:07 - 2011-09-25 15:05 - 23812816 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 449.wav
    2011-09-25 15:01 - 2008-11-08 15:07 - 0010960 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 25.sfk
    2011-09-25 15:01 - 2008-10-19 10:43 - 0028740 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 24.sfk
    2011-09-24 12:28 - 2011-09-24 12:28 - 1881728 ____A C:\Documents and Settings\Administrator\My Documents\drum beat japo2.wav
    2011-09-24 12:27 - 2011-09-24 12:27 - 1881728 ____A C:\Documents and Settings\Administrator\My Documents\drum beat japo1.wav
    2011-09-22 20:54 - 2011-09-22 20:54 - 0015656 ____A C:\Documents and Settings\Administrator\My Documents\econhw3.odt
    2011-09-20 18:41 - 2011-09-20 18:41 - 0020643 ____A C:\Documents and Settings\Administrator\My Documents\econhw2.odt
    2011-09-19 14:38 - 2011-09-19 14:32 - 0024268 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 448.sfk
    2011-09-19 14:32 - 2011-09-19 14:31 - 6196830 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 448.wav
    2011-09-19 13:05 - 2011-09-18 16:59 - 0014917 ____A C:\Documents and Settings\Administrator\My Documents\stag.odt
    2011-09-18 14:58 - 2011-09-18 14:55 - 0073868 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 447.sfk
    2011-09-18 14:58 - 2011-09-18 14:53 - 0041224 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 445.sfk
    2011-09-18 14:55 - 2011-09-18 14:53 - 18894018 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 447.wav
    2011-09-18 14:53 - 2011-09-18 14:53 - 0020924 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 446.wav
    2011-09-18 14:53 - 2011-09-18 14:52 - 10537372 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 445.wav
    2011-09-18 14:53 - 2011-09-18 14:52 - 0010996 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 440.sfk
    2011-09-18 14:52 - 2011-09-18 14:51 - 2799558 ____A C:\Documents and Settings\Administrator\My Documents\Record Take 440.wav
    2011-09-17 14:31 - 2011-09-17 14:07 - 0018479 ____A C:\Documents and Settings\Administrator\My Documents\econhw.odt
    2011-09-15 14:04 - 2011-09-15 14:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2616676$
    2011-09-15 14:04 - 2011-09-14 16:52 - 0013157 ____A C:\Windows\KB2616676.log
    2011-09-15 14:01 - 2011-09-15 14:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2570947$
    2011-09-15 14:01 - 2011-09-15 14:00 - 0007162 ____A C:\Windows\KB2570947.log
    2011-09-13 19:06 - 2011-09-11 18:38 - 0016948 ____A C:\Documents and Settings\Administrator\My Documents\sleepofreason.odt
    2011-09-13 14:13 - 2011-09-13 14:13 - 0000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
    2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpD9E08.FOT
    2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpBEE08.FOT
    2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpB0F08.FOT
    2011-09-09 23:13 - 2011-09-09 23:13 - 0001409 ____A C:\Windows\System32\tmpA2F08.FOT
    2011-09-09 09:25 - 2009-10-09 17:53 - 0073216 ____A C:\Documents and Settings\Administrator\My Documents\resume newest.doc
    2011-09-07 17:16 - 2011-09-07 17:16 - 0018848 ___RA C:\Documents and Settings\Administrator\Desktop\HW--HOB1-2.docx
    2011-09-07 02:00 - 2011-09-07 02:00 - 0000000 __HDC C:\Windows\$NtUninstallKB2607712$
    2011-09-07 02:00 - 2011-09-06 17:17 - 0013204 ____A C:\Windows\KB2607712.log
    2011-09-06 08:20 - 2008-12-26 04:36 - 1858944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
    2011-09-06 08:20 - 2004-08-04 05:00 - 1858944 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
     
  21. bgrich2003

    bgrich2003 TS Rookie Topic Starter Posts: 16

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points (XP) =====================

    RP: -> 2010-07-08 18:19 - 028672 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP4

    RP: -> 2010-07-08 13:13 - 028672 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP3

    RP: -> 2010-07-08 12:53 - 028672 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP2

    RP: -> 2010-07-08 10:41 - 024576 _restore{6BD8F06B-6B98-4156-9674-2393ED2A7F22}\RP1

    RP: -> 2011-12-01 19:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP520

    RP: -> 2011-11-30 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP519

    RP: -> 2011-11-29 15:56 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP518

    RP: -> 2011-11-28 15:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP517

    RP: -> 2011-11-27 17:44 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP516

    RP: -> 2011-11-26 16:45 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP515

    RP: -> 2011-11-25 16:06 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP514

    RP: -> 2011-11-24 16:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP513

    RP: -> 2011-11-23 15:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP512

    RP: -> 2011-11-22 16:19 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP511

    RP: -> 2011-11-21 17:19 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP510

    RP: -> 2011-11-21 12:17 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP509

    RP: -> 2011-11-20 09:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP508

    RP: -> 2011-11-19 08:32 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP507

    RP: -> 2011-11-18 03:39 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP506

    RP: -> 2011-11-17 01:18 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP505

    RP: -> 2011-11-16 00:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP504

    RP: -> 2011-11-15 00:16 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP503

    RP: -> 2011-11-13 18:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP502

    RP: -> 2011-11-12 17:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP501

    RP: -> 2011-11-11 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP500

    RP: -> 2011-11-10 15:17 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP499

    RP: -> 2011-11-09 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP498

    RP: -> 2011-11-08 15:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP497

    RP: -> 2011-11-07 15:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP496

    RP: -> 2011-11-07 12:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP495

    RP: -> 2011-11-06 12:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP494

    RP: -> 2011-11-05 10:21 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP493

    RP: -> 2011-11-04 09:58 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP492

    RP: -> 2011-11-03 09:53 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP491

    RP: -> 2011-11-02 00:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP490

    RP: -> 2011-10-31 23:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP489

    RP: -> 2011-10-30 23:21 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP488

    RP: -> 2011-10-29 18:33 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP487

    RP: -> 2011-10-28 17:17 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP486

    RP: -> 2011-10-27 16:37 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP485

    RP: -> 2011-10-26 15:58 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP484

    RP: -> 2011-10-25 15:39 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP483

    RP: -> 2011-10-24 15:31 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP482

    RP: -> 2011-10-23 09:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP481

    RP: -> 2011-10-21 22:35 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP480

    RP: -> 2011-10-20 22:18 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP479

    RP: -> 2011-10-19 21:18 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP478

    RP: -> 2011-10-18 20:51 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP477

    RP: -> 2011-10-17 20:11 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP476

    RP: -> 2011-10-16 17:51 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP475

    RP: -> 2011-10-15 17:27 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP474

    RP: -> 2011-10-14 17:10 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP473

    RP: -> 2011-10-13 16:32 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP472

    RP: -> 2011-10-12 14:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP471

    RP: -> 2011-10-11 04:56 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP470

    RP: -> 2011-10-10 04:28 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP469

    RP: -> 2011-10-09 03:42 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP468

    RP: -> 2011-10-08 02:28 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP467

    RP: -> 2011-10-07 02:26 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP466

    RP: -> 2011-10-06 02:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP465

    RP: -> 2011-10-05 01:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP464

    RP: -> 2011-10-04 00:41 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP463

    RP: -> 2011-10-02 23:42 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP462

    RP: -> 2011-10-01 22:47 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP461

    RP: -> 2011-09-30 20:34 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP460

    RP: -> 2011-09-29 20:08 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP459

    RP: -> 2011-09-28 20:01 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP458

    RP: -> 2011-09-28 19:05 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP457

    RP: -> 2011-09-27 15:36 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP456

    RP: -> 2011-09-26 13:14 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP455

    RP: -> 2011-09-25 13:03 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP454

    RP: -> 2011-09-24 10:35 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP453

    RP: -> 2011-09-23 10:09 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP452

    RP: -> 2011-09-22 02:48 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP451

    RP: -> 2011-09-21 01:57 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP450

    RP: -> 2011-09-20 01:31 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP449

    RP: -> 2011-09-18 22:49 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP448

    RP: -> 2011-09-17 15:55 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP447

    RP: -> 2011-09-16 14:32 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP446

    RP: -> 2011-09-15 14:00 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP445

    RP: -> 2011-09-14 16:56 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP444

    RP: -> 2011-09-13 16:52 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP443

    RP: -> 2011-09-12 12:04 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP442

    RP: -> 2011-09-11 10:58 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP441

    RP: -> 2011-09-10 09:03 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP440

    RP: -> 2011-09-09 04:20 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP439

    RP: -> 2011-09-08 03:55 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP438

    RP: -> 2011-09-07 01:59 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP437

    RP: -> 2011-09-06 15:20 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP436

    RP: -> 2011-09-05 12:34 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP435

    RP: -> 2011-09-04 12:29 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP434

    RP: -> 2011-09-03 11:25 - 028672 _restore{21E9EE8D-3FFB-4A5B-AC4A-9240B652D941}\RP433


    ========================= Memory info ======================

    Percentage of memory in use: 29%
    Total physical RAM: 2038.98 MB
    Available physical RAM: 1438.23 MB
    Total Pagefile: 3425.47 MB
    Available Pagefile: 2936.27 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1994.97 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:301.67 GB) (Free:212.97 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 302 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 302 GB 32 KB
    Partition 2 Unknown 8 MB 302 GB

    Disk: 0
    Partition 2
    Type : 17
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Yes, we have a case of a new TDL4 rootkit version.
    This new version creates a small hidden partition on your hard drive and it operates from there.
    We have to remove that partition and then resetting MBR should work.

    ===============================================================

    Due to a limit of images I can post in my reply I created instructions for you here: http://www.smartestcomputing.us.com/topic/49349-tdl/
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...