Jump to content

Recommended Posts

Hello all,

Weeks ago I started noticing that I was being redirected when surfing the net. Then suddenly I had the AV Security 2012 screen popup and I knew I was infected. I ran MBAM and my antivirus software and removed all infected files but since this I have been unable to connect to the internet. All other wireless divices in our house connect fine so I know it is not our internet. I did some troubleshooting with my internet support staff and they found my IP address begins with 169, which they stated is causing my connectivity issue. I have tried a system restore and the ipconfig /reset command but neither worked. If anyone has an idea of how to restore connectivity to the internet please let me know.

Thank you!!!

Link to post
Share on other sites

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Thanks for taking this issue! Below is the log...

Farbar Service Scanner

Ran by Administrator (administrator) on 22-11-2011 at 21:39:12

Microsoft Windows XP Service Pack 3 (X86)

********************************************************

Service Check:

==============

File Check:

===========

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys

[2004-08-04 05:00] - [2011-08-17 06:49] - 0138496 ____A () E894B701D1D55AADC461CCE6E2907B5E

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:

==================

Localhost is accessible.

There is no connection to network.

Attempt to Google returned error: Google site is unreachable

Attempt to yahoo returend error: Yahoo site is unreachable

**** End of log ****

Link to post
Share on other sites

log below...

Farbar Service Scanner

Ran by Administrator (administrator) on 23-11-2011 at 06:32:16

Microsoft Windows XP Service Pack 3 (X86)

************************************************

================== Search: afd.sys ===================

C:\WINDOWS\system32\drivers\afd.sys

[2004-08-04 05:00] - [2011-08-17 06:49] - 0138496 ____A () E894B701D1D55AADC461CCE6E2907B5E

C:\WINDOWS\system32\dllcache\afd.sys

[2004-08-04 05:00] - [2011-08-17 06:49] - 0138496 ___AC (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys

[2008-10-16 07:43] - [2008-10-16 07:43] - 0138496 ____A (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys

[2011-11-05 11:12] - [2011-08-17 06:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys

[2011-11-05 11:12] - [2011-08-17 06:49] - 0138496 ____A (Microsoft Corporation) 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\ServicePackFiles\i386\afd.sys

[2008-07-22 14:01] - [2008-04-13 23:49] - 0138112 ___AC (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB956803$\afd.sys

[2008-12-18 08:02] - [2008-04-13 23:49] - 0138112 ___AC (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys

[2011-10-11 22:32] - [2011-02-16 06:22] - 0138496 ____C (Microsoft Corporation) 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys

[2011-04-14 11:08] - [2008-08-14 03:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB2503665$\afd.sys

[2011-06-17 22:01] - [2008-10-16 07:43] - 0138496 ____C (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtServicePackUninstall$\afd.sys

[2008-07-22 13:45] - [2004-08-04 05:00] - 0138496 ___AC (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys

[2008-12-18 07:52] - [2008-08-14 03:34] - 0138496 ___AC (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys

[2008-06-20 04:48] - [2008-06-20 04:48] - 0138496 ___AC (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

[2011-10-11 21:37] - [2011-08-17 06:41] - 0138496 ____A (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys

[2008-10-16 08:07] - [2008-10-16 08:07] - 0138496 ____A (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys

[2011-06-16 10:59] - [2011-02-16 06:25] - 0138496 ____A (Microsoft Corporation) 8D499B1276012EB907E7A9E0F4D8FDA4

====== End Of Search ======

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


FCopy::
C:\WINDOWS\system32\dllcache\afd.sys | C:\WINDOWS\system32\drivers\afd.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix log...

ComboFix 11-11-23.01 - Administrator 11/23/2011 12:18:40.10.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.699 [GMT -7:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {56C7CF68-344F-40AA-8ED8-22990AEC7AEC}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {B1E53AA1-B418-47D8-8693-F254A4207F0E}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {D7AD68D6-3590-41F2-9063-412DFEC86E73}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

.

.

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\XTGN9zRBoEViSuA

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\v4tgnL3fI2dUs0T

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\PwscY0qxGzF9R8

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\iscYHqaY0a

2011-11-05 17:04 . 2011-11-05 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-26 04:22 . 2011-08-17 01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 23:00 . 2011-04-16 13:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-05_21.29.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-23 04:19 . 2011-11-23 04:19 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat

+ 2004-08-04 12:00 . 2011-11-17 00:10 72454 c:\windows\system32\perfc009.dat

- 2011-06-20 15:06 . 2011-09-10 16:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-20 15:06 . 2011-11-18 03:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-02-24 07:55 . 2011-11-18 03:02 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-02-24 07:55 . 2011-09-10 16:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-11-16 04:29 . 2011-11-16 04:31 186096 c:\windows\system32\Restore\rstrlog.dat

+ 2004-08-04 12:00 . 2011-11-17 00:10 443042 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wltrysvc"=2 (0x2)

"sp_rssrv"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46692:TCP"= 46692:TCP:Ares

"46692:UDP"= 46692:UDP:ares

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2010 11:33 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/15/2010 11:33 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/15/2010 11:33 PM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/16/2011 6:57 PM 233976]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/13/2010 9:59 AM 142592]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [8/16/2011 6:57 PM 337872]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 6:23 PM 59328]

S0 npnnl;npnnl; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/16/2011 6:57 PM 371472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-23 12:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4235610342-271663471-2262188678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(924)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2796)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-11-23 12:32:55

ComboFix-quarantined-files.txt 2011-11-23 19:32

ComboFix2.txt 2011-11-19 05:37

ComboFix3.txt 2011-11-05 21:39

ComboFix4.txt 2011-06-18 02:38

ComboFix5.txt 2011-11-23 19:17

.

Pre-Run: 12,355,272,704 bytes free

Post-Run: 12,340,236,288 bytes free

.

- - End Of File - - B2E004978DE93899284BDA7B0458059D

Link to post
Share on other sites

Elise, I did forget to include the FCopy part. Here is the new log. Thank you.

ComboFix 11-11-23.01 - Administrator 11/24/2011 8:56.11.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.661 [GMT -7:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {56C7CF68-344F-40AA-8ED8-22990AEC7AEC}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {B1E53AA1-B418-47D8-8693-F254A4207F0E}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {D7AD68D6-3590-41F2-9063-412DFEC86E73}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys

.

((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))

.

.

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\XTGN9zRBoEViSuA

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\v4tgnL3fI2dUs0T

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\PwscY0qxGzF9R8

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\iscYHqaY0a

2011-11-05 17:04 . 2011-11-05 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-26 04:22 . 2011-08-17 01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 23:00 . 2011-04-16 13:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-05_21.29.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-23 04:19 . 2011-11-23 04:19 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat

+ 2004-08-04 12:00 . 2011-11-17 00:10 72454 c:\windows\system32\perfc009.dat

+ 2011-06-20 15:06 . 2011-11-24 04:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-20 15:06 . 2011-09-10 16:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-02-24 07:55 . 2011-09-10 16:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-02-24 07:55 . 2011-11-24 04:19 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2011-06-20 15:06 . 2011-09-10 16:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-11-24 04:19 . 2011-11-24 04:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-11-16 04:29 . 2011-11-16 04:31 186096 c:\windows\system32\Restore\rstrlog.dat

+ 2004-08-04 12:00 . 2011-11-17 00:10 443042 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wltrysvc"=2 (0x2)

"sp_rssrv"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46692:TCP"= 46692:TCP:Ares

"46692:UDP"= 46692:UDP:ares

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2010 11:33 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/15/2010 11:33 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/15/2010 11:33 PM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/16/2011 6:57 PM 233976]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/13/2010 9:59 AM 142592]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [8/16/2011 6:57 PM 337872]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 6:23 PM 59328]

S0 npnnl;npnnl; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/16/2011 6:57 PM 371472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-24 09:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4235610342-271663471-2262188678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(924)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(3996)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-11-24 09:08:38

ComboFix-quarantined-files.txt 2011-11-24 16:08

ComboFix2.txt 2011-11-23 19:32

ComboFix3.txt 2011-11-19 05:37

ComboFix4.txt 2011-11-05 21:39

ComboFix5.txt 2011-11-24 15:54

.

Pre-Run: 12,316,856,320 bytes free

Post-Run: 12,297,768,960 bytes free

.

- - End Of File - - AC6B40ECA54470EDB0406689852BECC7

Link to post
Share on other sites

  • 2 weeks later...

Unfortunately this problem crept back up. The internet is no longer working all of the sudden and shows a limited connectivity status, similar to a few weeks ago. I did try performing the steps above but no luck. I do notice that when I open a browser the "XP Security 2012" quickly shows but then the no connectivity message appears. I have run full scans with MBAM and Combofix and neither finds any infections.

Any ideas?

Thank you.

Link to post
Share on other sites

In that case, please post me the latest combofix log. If you need help, please try to keep with this topic. If malware is cleaned only half, the chance is there it will return.

Please run also the following scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Below is the latest Combofix log. I had entered the "FCopy..." command via notepad when running.

ComboFix 11-12-05.01 - Administrator 12/06/2011 21:59:12.17.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.725 [GMT -7:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {56C7CF68-344F-40AA-8ED8-22990AEC7AEC}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {B1E53AA1-B418-47D8-8693-F254A4207F0E}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {D7AD68D6-3590-41F2-9063-412DFEC86E73}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys

.

((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))

.

.

2011-12-05 14:22 . 2011-12-05 05:11 116224 ----a-w- c:\windows\system32\lfIQhO2.com_

2011-12-05 05:48 . 2011-12-05 05:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-12-05 05:47 . 2011-12-05 05:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert

2011-11-27 03:08 . 2003-08-26 08:04 385112 ------w- c:\windows\system32\ctjb3sp.dll

2011-11-27 03:08 . 2003-08-22 21:56 94208 ------w- c:\windows\system32\PdeSrv2p.dll

2011-11-27 03:08 . 2003-08-22 08:03 16384 ------w- c:\windows\system32\delljbsp.crl

2011-11-26 20:21 . 2011-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative

2011-11-26 19:20 . 2011-11-27 17:48 -------- d-----w- c:\program files\MUSICMATCH

2011-11-26 19:17 . 1999-06-25 17:55 149504 ----a-w- c:\windows\UNWISE.EXE

2011-11-26 16:52 . 2011-11-26 17:10 -------- d-----w- c:\program files\04481

2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\knnOL3rfI2f

2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\CcYH0axHqxG9R8E

2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\ddvUJwsY1sY0xNz

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\XTGN9zRBoEViSuA

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\v4tgnL3fI2dUs0T

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\PwscY0qxGzF9R8

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\iscYHqaY0a

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-26 19:01 . 2011-08-17 01:57 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-11-25 20:05 . 2011-08-17 01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2005-10-28 16:02 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-05_15.16.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-07 04:46 . 2011-12-07 04:46 16384 c:\windows\Temp\Perflib_Perfdata_2a4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wltrysvc"=2 (0x2)

"sp_rssrv"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46692:TCP"= 46692:TCP:Ares

"46692:UDP"= 46692:UDP:ares

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2010 11:33 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/15/2010 11:33 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/15/2010 11:33 PM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/16/2011 6:57 PM 233976]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/13/2010 9:59 AM 142592]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [8/16/2011 6:57 PM 337872]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 6:23 PM 59328]

S0 npnnl;npnnl; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/16/2011 6:57 PM 371472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-12-05 c:\windows\Tasks\At10.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At12.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At14.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At16.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-03 c:\windows\Tasks\At18.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At2.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At20.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At22.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At24.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At26.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At28.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At30.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At32.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At34.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-06 c:\windows\Tasks\At36.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-06 c:\windows\Tasks\At38.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At4.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-06 c:\windows\Tasks\At40.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-06 c:\windows\Tasks\At42.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-03 c:\windows\Tasks\At44.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At46.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At48.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At6.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-05 c:\windows\Tasks\At8.job

- c:\windows\system32\lfIQhO2.com_ [2011-12-05 05:11]

.

2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-06 22:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4235610342-271663471-2262188678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(924)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'lsass.exe'(980)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

- - - - - - - > 'explorer.exe'(3684)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-06 22:11:58

ComboFix-quarantined-files.txt 2011-12-07 05:11

ComboFix2.txt 2011-12-06 04:14

ComboFix3.txt 2011-12-06 01:33

ComboFix4.txt 2011-12-05 15:25

ComboFix5.txt 2011-12-07 04:57

.

Pre-Run: 11,395,981,312 bytes free

Post-Run: 11,379,920,896 bytes free

.

- - End Of File - - 84888544E95C41443078421E90FB3208

Link to post
Share on other sites

Do you have an internet connection now (restart first)?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


AtJob::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

The internet was not connecting before, or after, this latest Combofix scan. Combofix log below...

ComboFix 11-12-05.01 - Administrator 12/09/2011 10:37:38.18.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.619 [GMT -7:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: PC Tools AntiVirus Free *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {56C7CF68-344F-40AA-8ED8-22990AEC7AEC}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {B1E53AA1-B418-47D8-8693-F254A4207F0E}

FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {D7AD68D6-3590-41F2-9063-412DFEC86E73}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\Tasks\At10.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At26.job

c:\windows\Tasks\At28.job

c:\windows\Tasks\At30.job

c:\windows\Tasks\At32.job

c:\windows\Tasks\At34.job

c:\windows\Tasks\At36.job

c:\windows\Tasks\At38.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At40.job

c:\windows\Tasks\At42.job

c:\windows\Tasks\At44.job

c:\windows\Tasks\At46.job

c:\windows\Tasks\At48.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At8.job

.

.

((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))

.

.

2011-12-07 05:25 . 2011-12-07 05:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert

2011-12-05 14:22 . 2011-12-05 05:11 116224 ----a-w- c:\windows\system32\lfIQhO2.com_

2011-12-05 05:48 . 2011-12-05 05:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-11-27 03:08 . 2003-08-26 08:04 385112 ------w- c:\windows\system32\ctjb3sp.dll

2011-11-27 03:08 . 2003-08-22 21:56 94208 ------w- c:\windows\system32\PdeSrv2p.dll

2011-11-27 03:08 . 2003-08-22 08:03 16384 ------w- c:\windows\system32\delljbsp.crl

2011-11-26 20:21 . 2011-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative

2011-11-26 19:20 . 2011-11-27 17:48 -------- d-----w- c:\program files\MUSICMATCH

2011-11-26 19:17 . 1999-06-25 17:55 149504 ----a-w- c:\windows\UNWISE.EXE

2011-11-26 16:52 . 2011-11-26 17:10 -------- d-----w- c:\program files\04481

2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\knnOL3rfI2f

2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\CcYH0axHqxG9R8E

2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\ddvUJwsY1sY0xNz

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\XTGN9zRBoEViSuA

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\v4tgnL3fI2dUs0T

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\PwscY0qxGzF9R8

2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\iscYHqaY0a

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-26 19:01 . 2011-08-17 01:57 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-11-25 20:05 . 2011-08-17 01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2005-10-28 16:02 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-05_15.16.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-09 17:32 . 2011-12-09 17:32 16384 c:\windows\Temp\Perflib_Perfdata_2ac.dat

+ 2011-11-16 04:29 . 2011-12-07 05:25 1607576 c:\windows\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"wltrysvc"=2 (0x2)

"sp_rssrv"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"avg8wd"=2 (0x2)

"avg8emc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46692:TCP"= 46692:TCP:Ares

"46692:UDP"= 46692:UDP:ares

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/15/2010 11:33 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/15/2010 11:33 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/15/2010 11:33 PM 656320]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/16/2011 6:57 PM 233976]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/13/2010 9:59 AM 142592]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [8/16/2011 6:57 PM 337872]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 6:23 PM 59328]

S0 npnnl;npnnl; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 12:01 AM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/16/2011 6:57 PM 371472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:00]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-09 10:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4235610342-271663471-2262188678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,5d,b5,d3,e0,66,ae,49,9e,4a,72,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(920)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'lsass.exe'(976)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

Completion time: 2011-12-09 10:53:46

ComboFix-quarantined-files.txt 2011-12-09 17:53

ComboFix2.txt 2011-12-07 05:11

ComboFix3.txt 2011-12-06 04:14

ComboFix4.txt 2011-12-06 01:33

ComboFix5.txt 2011-12-09 17:36

.

Pre-Run: 11,418,329,088 bytes free

Post-Run: 11,402,764,288 bytes free

.

- - End Of File - - 1D663431077F63C93691B9551786BA68

Link to post
Share on other sites

FSS log below...

Farbar Service Scanner

Ran by Administrator (administrator) on 09-12-2011 at 16:57:17

Microsoft Windows XP Service Pack 3 (X86)

********************************************************

Service Check:

==============

File Check:

===========

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:

==================

Localhost is accessible.

There is no connection to network.

Attempt to Google returned error: Google site is unreachable

Attempt to yahoo returend error: Yahoo site is unreachable

**** End of log ****

Link to post
Share on other sites

DDS LOG

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 18:44:22 on 2011-12-09

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.980 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [sansaDispatch] C:\Users\Administrator\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [FaxCenterServer] "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s

mRun: [bigDog305] C:\Windows\VM305_STI.EXE USB PC Camera VC305

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [jusched] C:\Windows\TEMP\kjghsad.exe

mRunOnce: [GrpConv] grpconv -o

dRun: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe

dRun: [jusched] C:\Windows\TEMP\kjghsad.exe

StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGATR~1.LNK - C:\Program Files (x86)\GigaTribe\gigatribe.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: %SYSTEMROOT%\system32\nvLsp.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: Interfaces\{2684F062-F0EB-4EF0-AA66-8D07FFC7383F} : NameServer = 192.168.1.1

TCP: Interfaces\{AFA0FA54-232B-4BA5-AB7B-E653A21760BB} : DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB-X64: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s

mRun-x64: [bigDog305] C:\Windows\VM305_STI.EXE USB PC Camera VC305

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [jusched] C:\Windows\TEMP\kjghsad.exe

mRunOnce-x64: [GrpConv] grpconv -o

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 94.63.240.163 www.google.com

Hosts: 94.63.240.164 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cfed833&v=6.010.023.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wv95sddo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false); FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

S2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2008-12-16 419448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe -service --> C:\Windows\system32\lxdicoms.exe -service [?]

S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdiserv.exe [2007-6-11 33712]

S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-6 2337144]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 rt61x64;Gigabyte RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]

S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vvftav;vvftav;C:\Windows\system32\drivers\vvftav.sys --> C:\Windows\system32\drivers\vvftav.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 ZSMC0305;USB PC Camera VC305;C:\Windows\System32\drivers\usbVM305.sys [2009-6-18 392444]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2071-07-25 16:13:30 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-12-09 23:37:00 286720 ----a-w- C:\Users\Administrator\AppData\Local\xeg.exe

2011-12-09 02:47:53 -------- d-sh--w- C:\found.000

2011-11-11 19:25:35 -------- d-----w- C:\Users\Administrator\AppData\Roaming\y8evQXNpLzF7ecQ

2011-11-11 19:06:34 -------- d-----w- C:\Users\Administrator\AppData\Roaming\WnZ1hbTufNHw6ln

2011-11-11 19:03:18 -------- d-----w- C:\Users\Administrator\AppData\Roaming\u1L3g4huXuqbRbL

2011-11-11 19:03:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\yRPsU4h18zQ

2011-11-11 19:03:11 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Qzu4GsJdKfhUrAv

2011-11-11 19:03:09 -------- d-----w- C:\Users\Administrator\AppData\Roaming\T46fLgqYk

2011-11-11 19:03:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\FRzW07ifiwHP

2011-11-11 19:01:54 -------- d-----w- C:\Users\Administrator\AppData\Roaming\OB2ErbWA59

2011-11-11 19:01:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\xIoXSHepEr6qxE

2011-11-11 19:01:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\peGq090s0HUFR1E

2011-11-11 19:01:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ZETkNc3HECOSnHE

2011-11-11 19:01:20 -------- d-----w- C:\Users\Administrator\AppData\Roaming\G2nQW7R9TqYIt

2011-11-11 19:01:19 -------- d-----w- C:\Users\Administrator\AppData\Roaming\OBxuSo3m56

2011-11-11 19:01:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UaHWETYkltu3HJ

2011-11-11 19:01:05 -------- d-----w- C:\Users\Administrator\AppData\Roaming\bT0WtmUF9v8

2011-11-11 19:00:53 -------- d-----w- C:\Users\Administrator\AppData\Roaming\XcgzsI3jifuWr6w

2011-11-11 19:00:45 -------- d-----w- C:\Users\Administrator\AppData\Roaming\prisz48y6

2011-11-11 19:00:35 -------- d-----w- C:\Users\Administrator\AppData\Roaming\XOnENHZtHwc5I

2011-11-11 18:59:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\z89etyuDo4

2011-11-11 18:59:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PXjCkVOuDGsKf9

2011-11-11 18:59:27 -------- d-----w- C:\Users\Administrator\AppData\Roaming\os7ghUlBzyAuo5K

2011-11-11 18:59:24 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ISpa6W7R9TCV

2011-11-11 18:59:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\C26V3fragOsXNQC

2011-11-11 18:59:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\YzcvpJKZYwUeIty

2011-11-11 18:59:11 -------- d-----w- C:\Users\Administrator\AppData\Roaming\sSDoGaHsJfTCOc

2011-11-11 18:59:09 -------- d-----w- C:\Users\Administrator\AppData\Roaming\aTUIzNx0vi

2011-11-11 18:59:08 -------- d-----w- C:\Users\Administrator\AppData\Roaming\tm7RwlPvsfXlzAS

2011-11-11 18:59:06 -------- d-----w- C:\Users\Administrator\AppData\Roaming\o8lohzFjAGCSHwD

2011-11-11 18:58:52 -------- d-----w- C:\Users\Administrator\AppData\Roaming\gcAA11ivD2o

2011-11-11 18:58:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\KDdNsXoKydC5XA9

2011-11-11 18:58:49 -------- d-----w- C:\Users\Administrator\AppData\Roaming\c689jBx2padf

2011-11-11 18:58:38 -------- d-----w- C:\Users\Administrator\AppData\Roaming\FLiKIDfcsXp9

2011-11-11 18:58:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\y0EB5IFXigc7NWU

2011-11-11 18:58:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\wzcuDo4m5Q

2011-11-11 18:58:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\vKKK8ggRZ9hYwjV

2011-11-11 18:58:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UfI2djxGLzbfkSH

2011-11-11 18:57:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Wz48B2dCuQXyn9z

2011-11-11 18:57:53 -------- d-----w- C:\Users\Administrator\AppData\Roaming\eRPpTxQjSsw

2011-11-11 18:57:40 -------- d-----w- C:\Users\Administrator\AppData\Roaming\aRYUlBzyAuomdfZ

2011-11-11 18:57:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\adEEKK8gRZ9hYwU

2011-11-11 18:57:36 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TTUeIrPy1opQdKf

2011-11-11 18:57:36 -------- d-----w- C:\Users\Administrator\AppData\Roaming\bE9weIrPy1o

2011-11-11 18:57:18 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UXVN02b3n4Q

2011-11-11 18:57:07 -------- d-----w- C:\Users\Administrator\AppData\Roaming\CEZTUIPb6hC

2011-11-11 18:57:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ZVNPcbmfqVxcv3a

2011-11-11 18:57:03 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UQ6WRjkzNAS3aK

2011-11-11 18:57:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ALrodkiJjcmhPmR

2011-11-11 18:57:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\qY0mZtagt

2011-11-11 18:56:50 -------- d-----w- C:\Users\Administrator\AppData\Roaming\l8kvWY0HZ048xnL

2011-11-11 18:56:31 -------- d-----w- C:\Users\Administrator\AppData\Roaming\LUH0huJPa0qc9ay

2011-11-11 18:56:24 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Bp6gYIO0SiDpGaH

2011-11-11 18:56:23 -------- d-----w- C:\Users\Administrator\AppData\Roaming\kzFfkc6j1gDXnV6

2011-11-11 18:56:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ortyo58wlz1

2011-11-11 18:56:21 -------- d-----w- C:\Users\Administrator\AppData\Roaming\VvQjxGgz37kn

2011-11-11 18:56:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\tLUya8U1m8

2011-11-11 18:56:12 -------- d-----w- C:\Users\Administrator\AppData\Roaming\DC04grS5Rev5Zzo

2011-11-11 18:55:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\N2KBbZNaqu6

2011-11-11 18:55:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\H6UvYcKNGq0sXA7

2011-11-11 18:55:42 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Eos8ZhXkVlzcDmW

2011-11-11 18:31:04 -------- d-----w- C:\Users\Administrator\AppData\Roaming\1C320

2011-11-11 15:10:39 -------- d-----w- C:\Windows\SysWow64\FeekkIVVrzNtx0u

2011-11-11 15:10:38 -------- d-----w- C:\q99hTXXwjUCeIBz

2011-11-11 15:10:29 -------- d-----w- C:\Windows\SysWow64\BH66ddWK7fR9g

2011-11-11 15:10:28 -------- d-----w- C:\trzzPNNyxA1vSob

2011-11-11 15:10:20 -------- d-----w- C:\Windows\SysWow64\cOOONttxA0uc2iD

2011-11-11 15:10:19 -------- d-----w- C:\lBBrrzOON

2011-11-11 15:10:12 -------- d-----w- C:\Windows\SysWow64\wF44amH5sJ7dLgZ

2011-11-11 15:10:11 -------- d-----w- C:\bkIIVrlONxP0c1b

2011-11-11 15:10:05 -------- d-----w- C:\Windows\SysWow64\zvvSSiiF3p

2011-11-11 15:10:04 -------- d-----w- C:\oBrrzPNyx1uv2b3

2011-11-11 15:08:55 -------- d-----w- C:\Windows\SysWow64\KssQQJ77dE

2011-11-11 15:07:55 -------- d-----w- C:\Windows\SysWow64\cSSS1iibD3on

2011-11-11 15:06:58 -------- d-----w- C:\Windows\SysWow64\gXXwwkUUVel

2011-11-11 15:05:58 -------- d-----w- C:\Windows\SysWow64\dHH66sWWK7EL

2011-11-11 15:04:57 -------- d-----w- C:\Windows\SysWow64\qhhhTXXwjUCeIBz

2011-11-11 15:03:58 -------- d-----w- C:\Windows\SysWow64\ztzP0ycA1v2n4m5

2011-11-11 15:02:56 -------- d-----w- C:\Windows\SysWow64\TmmmG55sQJ6EK8R

2011-11-11 15:01:59 -------- d-----w- C:\wUUUCCekIBrzNyA

2011-11-11 15:00:57 -------- d-----w- C:\Windows\SysWow64\ZEEEL88gTZqh

2011-11-11 14:59:55 -------- d-----w- C:\Windows\SysWow64\s555sQQJ7dE8gZ

2011-11-11 14:58:58 -------- d-----w- C:\Windows\SysWow64\hQQQJ66dW

2011-11-11 14:57:57 -------- d-----w- C:\Windows\SysWow64\gkIIVVrlONt

2011-11-11 14:56:59 -------- d-----w- C:\ZUUVVrllO

2011-11-11 14:55:58 -------- d-----w- C:\Windows\SysWow64\o88ffRZ9hTXwjCl

2011-11-11 14:54:56 -------- d-----w- C:\Windows\SysWow64\vtttxxA0ucS2bDp

2011-11-11 14:53:59 -------- d-----w- C:\Windows\SysWow64\eG44aamH6sWJfE

2011-11-11 14:52:56 -------- d-----w- C:\xhYYYCwkUVrlOtP

2011-11-11 14:51:59 -------- d-----w- C:\Windows\SysWow64\z111ivvD2onFp

2011-11-11 14:50:56 -------- d-----w- C:\Windows\SysWow64\SVVeelIBBtPNyA1

2011-11-11 14:49:59 -------- d-----w- C:\Windows\SysWow64\pCCCekkIB

2011-11-11 14:48:57 -------- d-----w- C:\Windows\SysWow64\IwwkkIVVrlOtx0u

2011-11-11 14:47:59 -------- d-----w- C:\FHH66sWJ7fEL8Tq

2011-11-11 14:46:59 -------- d-----w- C:\mONNyyxA0uvSib3

2011-11-11 14:45:57 -------- d-----w- C:\Windows\SysWow64\ebbbD33onG4aH6

2011-11-11 14:44:59 -------- d-----w- C:\Windows\SysWow64\rVVrrlOOBtx0yS1

2011-11-11 14:43:53 -------- d-----w- C:\Windows\SysWow64\tCCeelIIBrPNxAu

2011-11-11 14:42:56 -------- d-----w- C:\Windows\SysWow64\AekkIIBrzONxA0v

2011-11-11 14:41:55 -------- d-----w- C:\Windows\SysWow64\NHHH5sWJ7dE8gZq

2011-11-11 14:40:55 -------- d-----w- C:\Windows\SysWow64\VA00uucS2ibDpn4

2011-11-11 14:39:54 -------- d-----w- C:\Windows\SysWow64\duuuvDD2obFpm5s

2011-11-11 14:38:53 -------- d-----w- C:\Windows\SysWow64\PHH66dWWK7RL9Tq

2011-11-11 14:37:58 -------- d-----w- C:\Windows\SysWow64\IIIBBtzzPNyA

2011-11-11 14:36:56 -------- d-----w- C:\Windows\SysWow64\I22oobFF3pG5aJd

2011-11-11 14:35:59 -------- d-----w- C:\Windows\SysWow64\E4aaQQH6sWK7f

2011-11-11 14:34:58 -------- d-----w- C:\Windows\SysWow64\kpmmG5sQJdE

2011-11-11 14:33:56 -------- d-----w- C:\Windows\SysWow64\UL9hhXXjUCeIrO

2011-11-11 14:32:57 -------- d-----w- C:\Windows\SysWow64\ixA1uvS2oFpGaJd

2011-11-11 14:31:57 -------- d-----w- C:\FzP0ycA1i

2011-11-11 14:30:59 -------- d-----w- C:\Windows\SysWow64\DsQJ7dEK8R9YwUe

2011-11-11 14:29:55 -------- d-----w- C:\Windows\SysWow64\EycS1ivD3n4m5W7

2011-11-11 14:28:56 -------- d-----w- C:\Windows\SysWow64\z7fEL8gTZhCkVlB

2011-11-11 14:27:56 -------- d-----w- C:\Windows\SysWow64\PRLLL9hTXqjUCkB

2011-11-11 14:26:56 -------- d-----w- C:\Windows\SysWow64\JttzzPNyy

2011-11-11 14:25:57 -------- d-----w- C:\Windows\SysWow64\GsssWJJ7dELgRqh

2011-11-11 14:24:57 -------- d-----w- C:\Windows\SysWow64\PIBBrrzONyx

2011-11-11 14:23:59 -------- d-----w- C:\Windows\SysWow64\fWWKK7ffEL

2011-11-11 14:22:56 -------- d-----w- C:\Windows\SysWow64\K22iibDD3pn4aH6

2011-11-11 14:21:55 -------- d-----w- C:\Windows\SysWow64\KA1ivD2on4m5Q7E

2011-11-11 14:20:56 -------- d-----w- C:\Windows\SysWow64\aZZqqhYYXwkVeOB

2011-11-11 14:19:56 -------- d-----w- C:\Windows\SysWow64\JLLL9ggTZqjYwkV

2011-11-11 14:18:57 -------- d-----w- C:\Windows\SysWow64\HrrrzOONtxAuc2

2011-11-11 14:17:59 -------- d-----w- C:\Windows\SysWow64\LpnG4aQH6W7

2011-11-11 14:16:55 -------- d-----w- C:\nK8fRL9hT

2011-11-11 14:15:58 -------- d-----w- C:\Windows\SysWow64\TlOBtxP0y

2011-11-11 14:14:56 -------- d-----w- C:\Windows\SysWow64\eonF4amH5W7E8Rq

2011-11-11 14:13:57 -------- d-----w- C:\Windows\SysWow64\O1ivD3onFaHsJdL

2011-11-11 14:12:59 -------- d-----w- C:\Windows\SysWow64\iibD3onG4m6W7E8

2011-11-11 14:11:55 -------- d-----w- C:\Windows\SysWow64\krlOOBtx0yc

2011-11-11 14:10:57 -------- d-----w- C:\Windows\SysWow64\nbDD3onG4mH6W7E

2011-11-11 14:09:58 -------- d-----w- C:\Windows\SysWow64\OL9ggTZqYCwIVlN

2011-11-11 14:08:58 -------- d-----w- C:\woobF3pmG5QJdKf

2011-11-11 14:07:56 -------- d-----w- C:\zjjjYCeekIVzOtx

2011-11-11 14:06:58 -------- d-----w- C:\Windows\SysWow64\TwwkkIVVrlOtx0u

2011-11-11 14:05:59 -------- d-----w- C:\Windows\SysWow64\izzOONttxA

2011-11-11 14:04:59 -------- d-----w- C:\Windows\SysWow64\pEKK8ffRZ

2011-11-11 14:03:59 -------- d-----w- C:\Windows\SysWow64\bllOOBtxP0ycSi3

2011-11-11 14:02:53 -------- d-----w- C:\yBBrrzPNNyA1uSo

2011-11-11 14:01:57 -------- d-----w- C:\Windows\SysWow64\ZjjYYwwIVrlNx0c

2011-11-11 14:00:56 -------- d-----w- C:\Windows\SysWow64\sEKK8fRZhTX

2011-11-11 13:59:57 -------- d-----w- C:\Windows\SysWow64\OK88fRZ9hXwjC

2011-11-11 13:58:58 -------- d-----w- C:\Windows\SysWow64\HllOBtxP0yS1v3n

2011-11-11 13:57:58 -------- d-----w- C:\Windows\SysWow64\qWK77EE9gTZj

2011-11-11 13:56:55 -------- d-----w- C:\Windows\SysWow64\cnG4aQH6sKfLgZj

2011-11-11 13:55:57 -------- d-----w- C:\Windows\SysWow64\vS2ibD3pn4Q6W7E

2011-11-11 13:54:56 -------- d-----w- C:\Windows\SysWow64\fZZZ99hTXwjUelB

2011-11-11 13:53:58 -------- d-----w- C:\Windows\SysWow64\qPPNNyxxA1uS

2011-11-11 13:52:59 -------- d-----w- C:\Windows\SysWow64\a555sQQJ6dE8f

2011-11-11 13:51:59 -------- d-----w- C:\CS1iibD3nG4aHsJ

2011-11-11 13:50:58 -------- d-----w- C:\Windows\SysWow64\JQQQJ66dEK8fZ9T

2011-11-11 13:49:55 -------- d-----w- C:\Windows\SysWow64\QTTXXqjUUCkIBzN

2011-11-11 13:48:59 -------- d-----w- C:\Windows\SysWow64\arrllOBtxP0yc

2011-11-11 13:47:53 -------- d-----w- C:\Windows\SysWow64\DzPPNNyxA1uv2o

2011-11-11 13:46:59 -------- d-----w- C:\tddEKK8gRZ9hXjU

2011-11-11 13:45:56 -------- d-----w- C:\Windows\SysWow64\B222onFF4pm5s

2011-11-11 13:44:54 -------- d-----w- C:\Windows\SysWow64\BdEEKK8fRZ9TXjU

2011-11-11 13:43:59 -------- d-----w- C:\Windows\SysWow64\ziiivD2onF4p5Q7

2011-11-11 13:42:57 -------- d-----w- C:\Windows\SysWow64\KvS22bb3pmGaJ6W

2011-11-11 13:41:56 -------- d-----w- C:\Windows\SysWow64\QTZqqYYwkUVlBxP

2011-11-11 13:40:54 -------- d-----w- C:\Windows\SysWow64\zgRZZhhXwjUeI

2011-11-11 13:39:57 -------- d-----w- C:\z88fRZZhTX

2011-11-11 13:38:57 -------- d-----w- C:\Windows\SysWow64\DhYXwkUVeOtPyAi

2011-11-11 13:37:57 -------- d-----w- C:\kcS2ibD3pGaHsKf

2011-11-11 13:36:59 -------- d-----w- C:\Windows\SysWow64\utxP0ucS1b3n

2011-11-11 13:35:55 -------- d-----w- C:\Windows\SysWow64\CzONtxA0uSiDpG

2011-11-11 13:34:58 -------- d-----w- C:\Windows\SysWow64\LggRRZqhhYw

2011-11-11 13:33:56 -------- d-----w- C:\Windows\SysWow64\g55ssQJ66EK

2011-11-11 13:32:59 -------- d-----w- C:\Windows\SysWow64\a888fRRL9h

2011-11-11 13:31:59 -------- d-----w- C:\Windows\SysWow64\JmmHH5ssWJ7ELgR

2011-11-11 13:30:58 -------- d-----w- C:\Windows\SysWow64\s888fRRL9hT

2011-11-11 13:29:57 -------- d-----w- C:\Windows\SysWow64\iEELL8gTZqhCw

2011-11-11 13:28:55 -------- d-----w- C:\Windows\SysWow64\xJJ77dEK8gZ9YXj

2011-11-11 13:27:57 -------- d-----w- C:\Windows\SysWow64\vzzzPNNyxA1vS

2011-11-11 13:26:55 -------- d-----w- C:\Windows\SysWow64\xXqjjUCeekBrzNx

2011-11-11 13:25:56 -------- d-----w- C:\Windows\SysWow64\yKK88fRL9hTXjU

2011-11-11 13:24:53 -------- d-----w- C:\Windows\SysWow64\rSS2obbF3mG5QJd

2011-11-11 13:23:57 -------- d-----w- C:\Windows\SysWow64\afffEL88gTZhYwk

2011-11-11 13:22:57 -------- d-----w- C:\WS2iiFF3nG5Q6dK

2011-11-11 13:21:55 -------- d-----w- C:\Windows\SysWow64\PonFFaaH5sW7E8g

2011-11-11 13:20:55 -------- d-----w- C:\Windows\SysWow64\eIVrzONtx0c2b3n

2011-11-11 13:19:56 -------- d-----w- C:\Windows\SysWow64\lBrzPNyxAuSoFpG

2011-11-11 13:18:57 -------- d-----w- C:\fvD2onF4pHsJdKg

2011-11-11 13:17:58 -------- d-----w- C:\Windows\SysWow64\mA1ivD2on4m5Q7E

2011-11-11 13:16:58 -------- d-----w- C:\Windows\SysWow64\CgTZqjYCwIrOtP

2011-11-11 13:15:59 -------- d-----w- C:\Windows\SysWow64\iAA00ucS2ibD3n4

2011-11-11 13:14:58 -------- d-----w- C:\zcccA11ivD2oF4m

2011-11-11 13:13:56 -------- d-----w- C:\Windows\SysWow64\rSS22obbF3mG

2011-11-11 13:12:58 -------- d-----w- C:\wjjUUCeelIBzPyx

2011-11-11 13:11:55 -------- d-----w- C:\Windows\SysWow64\nFF33pnnG5aH

2011-11-11 13:10:59 -------- d-----w- C:\CaammH5sWJ7ELgZ

2011-11-11 13:09:54 -------- d-----w- C:\xnGG55aQH6dW7f

2011-11-11 13:08:59 -------- d-----w- C:\Windows\SysWow64\aBrrzzPNyxA1v

2011-11-11 13:07:57 -------- d-----w- C:\Windows\SysWow64\beeekkIBrzONxAu

2011-11-11 13:06:59 -------- d-----w- C:\FeekkIVVrzNtx0c

2011-11-11 13:05:57 -------- d-----w- C:\Windows\SysWow64\qrrllONNtxPu

2011-11-11 13:04:55 -------- d-----w- C:\Windows\SysWow64\a55ssQJ7dEK8RZh

2011-11-11 13:03:59 -------- d-----w- C:\Windows\SysWow64\LjjjUCCekIrzOyA

2011-11-11 13:02:55 -------- d-----w- C:\Windows\SysWow64\gffRLL9hTXqjCk

2011-11-11 13:01:58 -------- d-----w- C:\Windows\SysWow64\LVrzONtxAuSiDpG

2011-11-11 13:00:59 -------- d-----w- C:\Windows\SysWow64\UuvS2ibF3n5Q6W7

2011-11-11 12:59:59 -------- d-----w- C:\XRZ99TTwjU

2011-11-11 12:58:58 -------- d-----w- C:\YXqqjjYCekIVzOt

2011-11-11 12:57:59 -------- d-----w- C:\Windows\SysWow64\lAAA0uucS2iD3pG

2011-11-11 12:56:59 -------- d-----w- C:\Windows\SysWow64\y7ddEEK8gRZhYX

2011-11-11 12:55:56 -------- d-----w- C:\Windows\SysWow64\tjjjUCCelIBrPNx

2011-11-11 12:54:59 -------- d-----w- C:\WA000uvS2ibFpn5

2011-11-11 12:53:59 -------- d-----w- C:\Windows\SysWow64\uJJ77dEEK8gZ

2011-11-11 12:52:57 -------- d-----w- C:\Windows\SysWow64\KFF33pmGG5QJ6

2011-11-11 12:51:59 -------- d-----w- C:\eUCeeIIrzONx0v

2011-11-11 12:50:55 -------- d-----w- C:\Windows\SysWow64\fAAA1uuvD2oF4

2011-11-11 12:49:56 -------- d-----w- C:\Windows\SysWow64\cnF44mm5s

2011-11-11 12:48:59 -------- d-----w- C:\Windows\SysWow64\L555aQQH6dWKfR9

2011-11-11 12:47:59 -------- d-----w- C:\Windows\SysWow64\ByccAA1ivD2oFpm

2011-11-11 12:46:58 -------- d-----w- C:\Windows\SysWow64\wKK7fRRL9gXqYCk

2011-11-11 12:45:58 -------- d-----w- C:\Windows\SysWow64\UwjUCelIBzNx1v2

2011-11-11 12:44:59 -------- d-----w- C:\Windows\SysWow64\dUVelIBtzNc1v2b

2011-11-11 12:43:59 -------- d-----w- C:\i3onG4amHs

2011-11-11 12:42:55 -------- d-----w- C:\Windows\SysWow64\x00ucS2ibDpn4Q6

2011-11-11 12:41:57 -------- d-----w- C:\Windows\SysWow64\tibDDppG5aQ6W

2011-11-11 12:40:57 -------- d-----w- C:\Windows\SysWow64\qJ66dEK8fZ9hXjC

2011-11-11 12:39:58 -------- d-----w- C:\Windows\SysWow64\t5sQJ7dEKgZhXjV

2011-11-11 12:38:58 -------- d-----w- C:\Windows\SysWow64\o7fEL8gTZhCkVlB

2011-11-11 12:37:59 -------- d-----w- C:\Windows\SysWow64\IcSS2ibD3nG4

2011-11-11 12:36:55 -------- d-----w- C:\Windows\SysWow64\ATTXXqjYYCkIVzO

2011-11-11 12:35:59 -------- d-----w- C:\Windows\SysWow64\YttzP0ycA1vDo

2011-11-11 12:34:58 -------- d-----w- C:\Windows\SysWow64\cWKK88fRL9hTqjC

2011-11-11 12:33:59 -------- d-----w- C:\dzzPNyyA1uS2b3m

2011-11-11 12:32:53 -------- d-----w- C:\Windows\SysWow64\iLLL88gTZqhYwkV

2011-11-11 12:31:59 -------- d-----w- C:\Windows\SysWow64\CiiibDD3pnG4QHs

2011-11-11 12:30:55 -------- d-----w- C:\Windows\SysWow64\BA0ucS2ib3n4Q6W

2011-11-11 12:29:56 -------- d-----w- C:\Windows\SysWow64\SvvSS2oobF3mG

2011-11-11 12:28:59 -------- d-----w- C:\HtxA0ucS2b3n4Q

2011-11-11 12:27:56 -------- d-----w- C:\Windows\SysWow64\IdWK7fRL9TqYeIr

2011-11-11 12:26:57 -------- d-----w- C:\Windows\SysWow64\rONyxA0uv2b3n5Q

2011-11-11 12:25:57 -------- d-----w- C:\Windows\SysWow64\QmG5sQJ6dKfZhXj

2011-11-11 12:24:58 -------- d-----w- C:\Windows\SysWow64\vsQJ7dEK8R9YwUe

2011-11-11 12:23:59 -------- d-----w- C:\Windows\SysWow64\wwkUVelOBz0c1v2

2011-11-11 12:22:55 -------- d-----w- C:\Windows\SysWow64\OEL8gTZqhCkVl

2011-11-11 12:21:56 -------- d-----w- C:\Windows\SysWow64\K6sWK7fELgZjCkV

2011-11-11 12:20:57 -------- d-----w- C:\Windows\SysWow64\IVrzONtxAuSiDpG

2011-11-11 12:19:59 -------- d-----w- C:\Windows\SysWow64\onG5aQH6dKfLgXj

2011-11-11 12:18:59 -------- d-----w- C:\nEK8fRZ9hXjClBz

2011-11-11 12:17:55 -------- d-----w- C:\Windows\SysWow64\DD2obF4pm5Q

2011-11-11 12:16:57 -------- d-----w- C:\Windows\SysWow64\I5sQJ6dEKfZhXjC

2011-11-11 12:15:58 -------- d-----w- C:\Windows\SysWow64\kqhYXwkUVlBz0c1

2011-11-11 12:14:59 -------- d-----w- C:\Windows\SysWow64\BsWJ7fEL8TqYwUr

2011-11-11 12:13:59 -------- d-----w- C:\Windows\SysWow64\B9gTXqjYCkVzNx0

2011-11-11 12:12:59 -------- d-----w- C:\hbF4pmG5sJdKfZh

2011-11-11 12:11:57 -------- d-----w- C:\Windows\SysWow64\kAA0uvv2ib3pGaH

2011-11-11 12:10:55 -------- d-----w- C:\Windows\SysWow64\lVVrlONtxPuc1b3

2011-11-11 12:09:58 -------- d-----w- C:\Windows\SysWow64\HP00ycS1iD3oFaH

2011-11-11 12:08:59 -------- d-----w- C:\OxP00cc1ivDoFam

2011-11-11 12:07:55 -------- d-----w- C:\Windows\SysWow64\OPPP0uucS1

2011-11-11 12:06:58 -------- d-----w- C:\Windows\SysWow64\ohYYXXwkUVe

2011-11-11 12:05:55 -------- d-----w- C:\Windows\SysWow64\aLL88gRZZhYXwUe

2011-11-11 12:04:55 -------- d-----w- C:\Windows\SysWow64\vffEL9gTZqYCkVl

2011-11-11 12:03:58 -------- d-----w- C:\Windows\SysWow64\yXwwjjUVelO

2011-11-11 12:02:58 -------- d-----w- C:\Windows\SysWow64\F33ppnGG5aQ6

2011-11-11 12:01:55 -------- d-----w- C:\Windows\SysWow64\NggTTZqjjCwkIrO

2011-11-11 12:00:54 -------- d-----w- C:\Windows\SysWow64\EL88ggRZqhYXkUe

2011-11-11 11:59:55 -------- d-----w- C:\Windows\SysWow64\mvDD33onF4am5

2011-11-11 11:58:55 -------- d-----w- C:\Windows\SysWow64\sVrrllONtxP

2011-11-11 11:57:56 -------- d-----w- C:\Windows\SysWow64\lbFF33pnG5aQ6dK

2011-11-11 11:56:57 -------- d-----w- C:\Windows\SysWow64\oelIBrzPNx1

2011-11-11 11:55:59 -------- d-----w- C:\Windows\SysWow64\libF3pnG5Q6W7R9

2011-11-11 11:54:59 -------- d-----w- C:\Windows\SysWow64\sooobFF4pmG5QJ

2011-11-11 11:53:55 -------- d-----w- C:\Windows\SysWow64\kllOOBttzP0cAiv

2011-11-11 11:52:57 -------- d-----w- C:\Windows\SysWow64\HOOOBttzP0y

2011-11-11 11:51:57 -------- d-----w- C:\Windows\SysWow64\ftttxPP0ucS1b3o

2011-11-11 11:50:58 -------- d-----w- C:\Windows\SysWow64\vZZqqjYYCeIVrON

2011-11-11 11:49:56 -------- d-----w- C:\Windows\SysWow64\qJ77ffEL8gTZhYw

2011-11-11 11:48:58 -------- d-----w- C:\Windows\SysWow64\XUUVVrllOBxP0

2011-11-11 11:47:57 -------- d-----w- C:\Windows\SysWow64\g2oobbF4pmG5QJ

2011-11-11 11:46:55 -------- d-----w- C:\Windows\SysWow64\mXqjYCekIrOtAuS

2011-11-11 11:45:57 -------- d-----w- C:\Windows\SysWow64\I7fEL9gTZjCk

2011-11-11 11:44:58 -------- d-----w- C:\Windows\SysWow64\QaQH6dWK7R9TqY

2011-11-11 11:43:59 -------- d-----w- C:\Windows\SysWow64\VIBBrzONyA0uSiF

2011-11-11 11:42:57 -------- d-----w- C:\Windows\SysWow64\OTZqqYYwkIVlNxP

2011-11-11 11:41:59 -------- d-----w- C:\Windows\SysWow64\oQHH6sWKfEL9Tq

2011-11-11 11:40:58 -------- d-----w- C:\Windows\SysWow64\NfRRZ99hTwjUelB

2011-11-11 11:39:57 -------- d-----w- C:\Windows\SysWow64\rzzOOttA0uS2b3n

2011-11-11 11:38:57 -------- d-----w- C:\Windows\SysWow64\lOONNyxA0

2011-11-11 11:37:53 -------- d-----w- C:\Windows\SysWow64\SQQQJJ6dEK8fZ

2011-11-11 11:36:59 -------- d-----w- C:\Windows\SysWow64\UkkkVeelOBtP0cA

2011-11-11 11:35:58 -------- d-----w- C:\Windows\SysWow64\sFFF3ppmG5aQ6dK

2011-11-11 11:34:59 -------- d-----w- C:\Windows\SysWow64\OJJ6dEEK8fRZhTw

2011-11-11 11:33:57 -------- d-----w- C:\Windows\SysWow64\C5aaQQH6dWK7fLg

2011-11-11 11:32:58 -------- d-----w- C:\Windows\SysWow64\EuvvSS2obF3pG5Q

2011-11-11 11:31:59 -------- d-----w- C:\Windows\SysWow64\XWWKK8ffRL9TXjU

2011-11-11 11:30:55 -------- d-----w- C:\Windows\SysWow64\HnF4pmH5sJdKgZh

2011-11-11 11:29:56 -------- d-----w- C:\Windows\SysWow64\PRZqhYXwkVlBz0c

2011-11-11 11:28:59 -------- d-----w- C:\XCeeelIBrzPNyAu

2011-11-11 11:27:55 -------- d-----w- C:\Windows\SysWow64\AwjUUeeIBtzNc1v

2011-11-11 11:26:56 -------- d-----w- C:\Windows\SysWow64\EXXwwjUVelIBtPy

2011-11-11 11:25:53 -------- d-----w- C:\Windows\SysWow64\Y4ppmH5sJ7dE8R9

2011-11-11 11:24:59 -------- d-----w- C:\Windows\SysWow64\gLL88gTTZqhCwUV

2011-11-11 11:23:54 -------- d-----w- C:\Windows\SysWow64\w22ibD3pnGaQ6W7

2011-11-11 11:22:56 -------- d-----w- C:\Windows\SysWow64\VbbD3pnG4aH6W7E

2011-11-11 11:21:57 -------- d-----w- C:\Windows\SysWow64\wmG5aQJ6dKfLhXj

2011-11-11 11:20:58 -------- d-----w- C:\Windows\SysWow64\nG5aQJ6dW8R9TqU

2011-11-11 11:19:56 -------- d-----w- C:\Windows\SysWow64\VKK77fRL9gTqjCk

2011-11-11 11:18:56 -------- d-----w- C:\Windows\SysWow64\ryccA11uv2ob4pG

2011-11-11 11:17:56 -------- d-----w- C:\Windows\SysWow64\TammH5sWJ7dE8RZ

2011-11-11 11:16:56 -------- d-----w- C:\Windows\SysWow64\N55aQHH6dK7fL9T

2011-11-11 11:15:56 -------- d-----w- C:\Windows\SysWow64\J55ssQJ6dEKf

2011-11-11 11:14:59 -------- d-----w- C:\STTZZqjYCw

2011-11-11 11:13:56 -------- d-----w- C:\Windows\SysWow64\DXXqqjYCekIrzN

2011-11-11 11:12:56 -------- d-----w- C:\Windows\SysWow64\jsssQJ6dEK8RZhX

2011-11-11 11:11:55 -------- d-----w- C:\Windows\SysWow64\FTTZZqhYCwUVrOt

2011-11-11 11:10:55 -------- d-----w- C:\Windows\SysWow64\BuvvS2ibF3pn5Q6

2011-11-11 11:09:56 -------- d-----w- C:\Windows\SysWow64\FXXwwjUVelIt

2011-11-11 11:08:56 -------- d-----w- C:\Windows\SysWow64\OiibD33on4am6sJ

2011-11-11 11:07:56 -------- d-----w- C:\Windows\SysWow64\KAA0uucS2i

2011-11-11 11:06:57 -------- d-----w- C:\Windows\SysWow64\DppmmG5aQJd

2011-11-11 11:05:59 -------- d-----w- C:\I9ggTXqjjCekVzO

2011-11-11 11:04:59 -------- d-----w- C:\Windows\SysWow64\aZ99hTXwjUCeI

2011-11-11 11:03:59 -------- d-----w- C:\Windows\SysWow64\xcc1vDD3n4aH7E8

2011-11-11 11:02:57 -------- d-----w- C:\Windows\SysWow64\XZqqhYXwkUVeOtP

2011-11-11 11:01:57 -------- d-----w- C:\Windows\SysWow64\jKKK7ffEL9ZqY

2011-11-11 11:00:58 -------- d-----w- C:\Windows\SysWow64\I000ucSS2iD3pGa

2011-11-11 10:59:59 -------- d-----w- C:\Windows\SysWow64\QA00uucS2ibDpn4

2011-11-11 10:58:55 -------- d-----w- C:\Windows\SysWow64\H333pmmG5aQJdW8

2011-11-11 10:57:54 -------- d-----w- C:\Windows\SysWow64\ZsssWJJ7f

2011-11-11 10:56:59 -------- d-----w- C:\Windows\SysWow64\zxxAA0uvS2ibFpG

2011-11-11 10:55:56 -------- d-----w- C:\Windows\SysWow64\C22obF3pmGaQ6W

2011-11-11 10:54:59 -------- d-----w- C:\Windows\SysWow64\OWWKK7ffEL9TZjC

2011-11-11 10:53:59 -------- d-----w- C:\PiiibF3ppG5aQ6

2011-11-11 10:52:54 -------- d-----w- C:\Windows\SysWow64\TUUUVVelOBtz0yA

2011-11-11 10:51:56 -------- d-----w- C:\Windows\SysWow64\QelIBtzPNc1v2b

2011-11-11 10:50:55 -------- d-----w- C:\Windows\SysWow64\ikIVrzONtAuSiDp

2011-11-11 10:49:57 -------- d-----w- C:\Windows\SysWow64\rA0ucS2ib

2011-11-11 10:48:59 -------- d-----w- C:\Windows\SysWow64\maaQQ66WK7ELgZj

2011-11-11 10:47:59 -------- d-----w- C:\whTXqjUCeIrOyAu

2011-11-11 10:46:56 -------- d-----w- C:\Windows\SysWow64\vnnG5aQH6WK7R9T

2011-11-11 10:45:59 -------- d-----w- C:\JaQHHssK7fE9Tqj

2011-11-11 10:44:56 -------- d-----w- C:\Windows\SysWow64\KaammH6sWJ7fL

2011-11-11 10:43:56 -------- d-----w- C:\Windows\SysWow64\JfRZZhhXwjUeIrN

2011-11-11 10:42:54 -------- d-----w- C:\Windows\SysWow64\xKKK77fRL9g

2011-11-11 10:41:55 -------- d-----w- C:\Windows\SysWow64\qffRRL9hhTqjCeI

2011-11-11 10:40:56 -------- d-----w- C:\Windows\SysWow64\offRL9hTXqUCkBz

2011-11-11 10:39:53 -------- d-----w- C:\Windows\SysWow64\a3ppnG5aQ6dW7R9

2011-11-11 10:38:57 -------- d-----w- C:\Windows\SysWow64\PlllOBBtzP0cAi

2011-11-11 10:37:58 -------- d-----w- C:\Windows\SysWow64\ODD33onnF4aH5

2011-11-11 10:36:57 -------- d-----w- C:\Windows\SysWow64\YbbbF33pmG5aJ6W

2011-11-11 10:35:58 -------- d-----w- C:\Windows\SysWow64\UBBBtzzPNyA1uD

2011-11-11 10:34:57 -------- d-----w- C:\Windows\SysWow64\yA000ucS2ibD3n4

2011-11-11 10:33:59 -------- d-----w- C:\rWK7fEL9gZjCkVl

2011-11-11 10:32:55 -------- d-----w- C:\Windows\SysWow64\BVrzONtxAuSiDpG

2011-11-11 10:31:57 -------- d-----w- C:\Windows\SysWow64\LQH6dWK7fLgXjCk

2011-11-11 10:30:58 -------- d-----w- C:\WlIBrzPNy

2011-11-11 10:29:58 -------- d-----w- C:\Windows\SysWow64\mmH5sQJ7dKgZhXj

2011-11-11 10:28:57 -------- d-----w- C:\Windows\SysWow64\zvSS2ibFpnG5Q

2011-11-11 10:27:55 -------- d-----w- C:\Windows\SysWow64\lfEELL8gTZqhCwU

2011-11-11 10:26:59 -------- d-----w- C:\i2oobbF3pmG5aJd

2011-11-11 10:25:56 -------- d-----w- C:\Windows\SysWow64\DaaQQJ66dWK

2011-11-11 10:24:55 -------- d-----w- C:\Windows\SysWow64\ZwwwkUUVr

2011-11-11 10:23:59 -------- d-----w- C:\QwjjUCCelIBrPN

2011-11-11 10:22:57 -------- d-----w- C:\Windows\SysWow64\CK77ffRL9gTXqY

2011-11-11 10:21:57 -------- d-----w- C:\Windows\SysWow64\t88ffRZZ9h

2011-11-11 10:20:57 -------- d-----w- C:\Windows\SysWow64\SDDD3onnF4

2011-11-11 10:19:54 -------- d-----w- C:\WttxxP0ycS1iv3n

2011-11-11 10:18:57 -------- d-----w- C:\Windows\SysWow64\PBBBtzzP0yc

2011-11-11 10:17:57 -------- d-----w- C:\Windows\SysWow64\N1ibbD3oG4a

2011-11-11 10:16:57 -------- d-----w- C:\Windows\SysWow64\clIBrzPNyAuSoFp

2011-11-11 10:15:57 -------- d-----w- C:\Windows\SysWow64\ldEL8gRZqYwUeOt

2011-11-11 10:14:58 -------- d-----w- C:\Windows\SysWow64\F4amH5sWJdLgZhX

2011-11-11 10:13:59 -------- d-----w- C:\Windows\SysWow64\BhYCwkUVrOtPySi

2011-11-11 10:12:56 -------- d-----w- C:\Windows\SysWow64\dmmH6sWJ7fL8TqY

2011-11-11 10:11:57 -------- d-----w- C:\Windows\SysWow64\NhYYCwkUVlOBx0c

2011-11-11 10:10:59 -------- d-----w- C:\dJJ77EE8g

2011-11-11 10:09:56 -------- d-----w- C:\Windows\SysWow64\Q1ivv33oF4aH5W

2011-11-11 10:08:58 -------- d-----w- C:\Windows\SysWow64\rccS1iiD3oF4m5W

2011-11-11 10:07:57 -------- d-----w- C:\Windows\SysWow64\T333ppnG5aQHdW7

2011-11-11 10:06:59 -------- d-----w- C:\hbF33nnGaQHdK7R

2011-11-11 10:05:58 -------- d-----w- C:\Windows\SysWow64\W6ssWJJ7EL8g

2011-11-11 10:04:57 -------- d-----w- C:\Windows\SysWow64\zdddEKK8fRZ9TXj

2011-11-11 10:03:57 -------- d-----w- C:\Windows\SysWow64\xH55sWJ7dL8gZhX

2011-11-11 10:02:54 -------- d-----w- C:\Windows\SysWow64\KK8ggRZ9YXwjVlB

2011-11-11 10:01:59 -------- d-----w- C:\Windows\SysWow64\rkkUVrlOBtP0

2011-11-11 10:00:57 -------- d-----w- C:\Windows\SysWow64\enFF4amH5WJ7E8R

2011-11-11 09:59:56 -------- d-----w- C:\Windows\SysWow64\KYCeekIVzONxAuS

2011-11-11 09:58:58 -------- d-----w- C:\Windows\SysWow64\r2ibF3pnGaHdKfL

2011-11-11 09:57:54 -------- d-----w- C:\Windows\SysWow64\i333pnnG5aH6dK7

2011-11-11 09:56:59 -------- d-----w- C:\Windows\SysWow64\gJJJ7ddEK8gZ9Y

2011-11-11 09:55:57 -------- d-----w- C:\Windows\SysWow64\eUUCCekkIBzONx

2011-11-11 09:54:58 -------- d-----w- C:\xooobF44pmGsQ6d

2011-11-11 09:53:58 -------- d-----w- C:\Windows\SysWow64\tH6ssWJ7EL8TZhC

2011-11-11 09:52:56 -------- d-----w- C:\Windows\SysWow64\YRZ9hYXwjVlBzNc

2011-11-11 09:51:56 -------- d-----w- C:\Windows\SysWow64\VfEL8gTZq

2011-11-11 09:50:52 -------- d-----w- C:\Windows\SysWow64\xzzzONNtxA0

2011-11-11 09:49:55 -------- d-----w- C:\Windows\SysWow64\GZZqqhYCCkUVr

2011-11-11 09:48:58 -------- d-----w- C:\Windows\SysWow64\qeellIBBtzNy

2011-11-11 09:47:54 -------- d-----w- C:\Windows\SysWow64\GttxxP0yyc1iv3n

2011-11-11 09:46:56 -------- d-----w- C:\Windows\SysWow64\X55ssQJ77dK8gZ9

2011-11-11 09:45:58 -------- d-----w- C:\Windows\SysWow64\aKK88gRRZ9hXwUV

2011-11-11 09:44:55 -------- d-----w- C:\Windows\SysWow64\SzzzPNNyxA1uS

2011-11-11 09:43:58 -------- d-----w- C:\Windows\SysWow64\F6dWK7fRL

2011-11-11 09:42:59 -------- d-----w- C:\Windows\SysWow64\JlIBrzPNyAuSoFp

2011-11-11 09:41:55 -------- d-----w- C:\Windows\SysWow64\sPPNNyxxA1uS2bF

2011-11-11 09:41:54 -------- d-----w- C:\mmmmH55sQJ7dK8R

2011-11-11 09:41:47 -------- d-----w- C:\Windows\SysWow64\JiiibFF3pnGa

2011-11-11 09:41:46 -------- d-----w- C:\UPPNNyxxA1v

2011-11-11 09:41:37 -------- d-----w- C:\Windows\SysWow64\uqqjjUCCe

2011-11-11 09:41:34 -------- d-----w- C:\DrrllOBBtxPyc1

2011-11-11 09:41:28 -------- d-----w- C:\Windows\SysWow64\HiibbD33pnG

2011-11-11 09:41:26 -------- d-----w- C:\tffRRZ9hhXwjUeI

2011-11-11 09:41:19 -------- d-----w- C:\Windows\SysWow64\ZssWWJ7ffE8g

2011-11-11 09:41:18 -------- d-----w- C:\BHHH6ddWK7fL9Tq

2011-11-11 09:41:10 -------- d-----w- C:\Windows\SysWow64\jnnFF4aamH5WJ

2011-11-11 09:41:09 -------- d-----w- C:\BrrllONttx0uc1i

2011-11-11 09:39:57 -------- d-----w- C:\Windows\SysWow64\PllOOBtxxPy

2011-11-11 09:38:55 -------- d-----w- C:\Windows\SysWow64\bobbFF4pmG5

2011-11-11 09:37:52 -------- d-----w- C:\Windows\SysWow64\FsQQJ6ddEKfRZhT

2011-11-11 09:37:51 -------- d-----w- C:\ViiivDD2onFp

2011-11-11 09:37:37 -------- d-----w- C:\Windows\SysWow64\VddEEK8ffR9h

2011-11-11 09:37:36 -------- d-----w- C:\fL88ggRZqhYXkUe

2011-11-11 09:37:28 -------- d-----w- C:\Windows\SysWow64\lddEEK8ffR9hTwU

2011-11-11 09:37:27 -------- d-----w- C:\q111ivvD2onFpm5

2011-11-11 09:37:19 -------- d-----w- C:\wuuuvSS2obFpmGa

2011-11-11 09:37:19 -------- d-----w- C:\Windows\SysWow64\vBBrrzzONyx0uS2

2011-11-11 09:37:12 -------- d-----w- C:\Windows\SysWow64\wmmmH55sQJ7dKgZ

2011-11-11 09:37:12 -------- d-----w- C:\jEEEL88gRZ

2011-11-11 09:37:04 -------- d-----w- C:\Windows\SysWow64\AL99hhTXq

2011-11-11 09:37:04 -------- d-----w- C:\L9hhTTXwjUCeIB

2011-11-11 09:35:59 -------- d-----w- C:\Windows\SysWow64\sFF44ammH5s

2011-11-11 09:34:59 -------- d-----w- C:\DL99ggTZqjYCkI

2011-11-11 09:33:59 -------- d-----w- C:\TL999hTXq

2011-11-11 09:32:58 -------- d-----w- C:\Windows\SysWow64\HSS1iibD3onGam

2011-11-11 09:31:59 -------- d-----w- C:\hIVrlONtx

2011-11-11 09:30:57 -------- d-----w- C:\Windows\SysWow64\ZvD3onF4aHsJ

2011-11-11 09:29:55 -------- d-----w- C:\Windows\SysWow64\O22ooFFpmGsQ6E8

2011-11-11 09:28:59 -------- d-----w- C:\c99gTXqjYCkIrOt

2011-11-11 09:27:59 -------- d-----w- C:\Windows\SysWow64\KDD2obb4pm5sJdK

2011-11-11 09:26:59 -------- d-----w- C:\Windows\SysWow64\JffEL8gTZqYC

2011-11-11 09:25:58 -------- d-----w- C:\Windows\SysWow64\CbFF3pmG5QJ6W8R

2011-11-11 09:24:58 -------- d-----w- C:\Windows\SysWow64\vhhYXwwUVeOBz

2011-11-11 09:23:58 -------- d-----w- C:\Windows\SysWow64\lkkIIrrONtx0c2b

2011-11-11 09:22:58 -------- d-----w- C:\Windows\SysWow64\xQJJ6dEK8RZ9Tw

2011-11-11 09:21:58 -------- d-----w- C:\Windows\SysWow64\monnF4amHsWJdLg

2011-11-11 09:20:57 -------- d-----w- C:\Windows\SysWow64\G9gTTqqjCekVr

2011-11-11 09:19:57 -------- d-----w- C:\Windows\SysWow64\QH55sQJ7dK8gZhX

2011-11-11 09:18:59 -------- d-----w- C:\Windows\SysWow64\deelIBrzPyxAuSo

2011-11-11 09:17:58 -------- d-----w- C:\Windows\SysWow64\s3pnn44aH6sKfE9

2011-11-11 09:16:56 -------- d-----w- C:\Windows\SysWow64\ABtxx00cS1iDoF4

2011-11-11 09:15:58 -------- d-----w- C:\Windows\SysWow64\bsQJJddK8gR

2011-11-11 09:14:59 -------- d-----w- C:\Windows\SysWow64\akIVVllNtxPuSib

2011-11-11 09:13:56 -------- d-----w- C:\Windows\SysWow64\glOONtxP0cS1b3n

2011-11-11 09:12:57 -------- d-----w- C:\Windows\SysWow64\hYYCCkkIVrltxPu

2011-11-11 09:11:58 -------- d-----w- C:\Windows\SysWow64\knnnG44aHsWKf9g

2011-11-11 09:10:56 -------- d-----w- C:\Windows\SysWow64\byccS1ivDonFaHs

2011-11-11 09:09:58 -------- d-----w- C:\Windows\SysWow64\VCwwUVVrlBtxPyS

2011-11-11 09:08:55 -------- d-----w- C:\Windows\SysWow64\SZZZqhhYXwkVeOt

2011-11-11 09:07:55 -------- d-----w- C:\Windows\SysWow64\lLLL9ggTZqjYwkV

2011-11-11 09:06:54 -------- d-----w- C:\Windows\SysWow64\W55sQQJ7dEK8

2011-11-11 09:05:59 -------- d-----w- C:\Windows\SysWow64\FvvvDD3onF4aH5W

2011-11-11 09:04:57 -------- d-----w- C:\Windows\SysWow64\FJJ77dEEK8gZ9YX

2011-11-11 09:03:56 -------- d-----w- C:\Windows\SysWow64\LG5aaHHdWK7R9TX

2011-11-11 09:02:59 -------- d-----w- C:\Windows\SysWow64\HPPP0uucS1iD3o

2011-11-11 09:01:59 -------- d-----w- C:\Windows\SysWow64\FTXqjUCekBzNx0v

2011-11-11 09:00:59 -------- d-----w- C:\msWJ7dEL8RqYwUe

2011-11-11 08:59:57 -------- d-----w- C:\Windows\SysWow64\aEK8fRZ9hXjClBz

2011-11-11 08:58:59 -------- d-----w- C:\Windows\SysWow64\RRZ9hTXwjClBzNx

2011-11-11 08:57:56 -------- d-----w- C:\Windows\SysWow64\b3pnn55QH6dKfL9

2011-11-11 08:56:58 -------- d-----w- C:\Windows\SysWow64\GOONtxA0uS2iDpG

2011-11-11 08:55:59 -------- d-----w- C:\Windows\SysWow64\ZBrrzONyA0uv

2011-11-11 08:54:59 -------- d-----w- C:\Windows\SysWow64\LnFF4pmH5QJ7E8R

2011-11-11 08:53:59 -------- d-----w- C:\Windows\SysWow64\GDD33onG4am6s

2011-11-11 08:52:58 -------- d-----w- C:\Windows\SysWow64\qKKK8fRZ9

2011-11-11 08:51:59 -------- d-----w- C:\Windows\SysWow64\QzzPPNyccAu

2011-11-11 08:50:55 -------- d-----w- C:\Windows\SysWow64\cEEL8gRZqhXwUeO

2011-11-11 08:49:58 -------- d-----w- C:\Windows\SysWow64\FcA11uvDobFpm5Q

2011-11-11 08:48:55 -------- d-----w- C:\Windows\SysWow64\UcAAA1uvD2ob4p

2011-11-11 08:47:55 -------- d-----w- C:\Windows\SysWow64\RVrrlOBtx0yc1v

2011-11-11 08:46:58 -------- d-----w- C:\yBttzzP0ycA1iD

2011-11-11 08:45:59 -------- d-----w- C:\bpmH5sQJ7E8

2011-11-11 08:44:59 -------- d-----w- C:\Windows\SysWow64\errrzOONtxAucS

2011-11-11 08:43:58 -------- d-----w- C:\Windows\SysWow64\OllOOBtzP0ycAiD

2011-11-11 08:42:57 -------- d-----w- C:\Windows\SysWow64\qTTXXqjYC

2011-11-11 08:41:56 -------- d-----w- C:\Windows\SysWow64\owkkUUVelOBtP0

2011-11-11 08:40:59 -------- d-----w- C:\Windows\SysWow64\FBrrzzPNyxA1

2011-11-11 08:39:57 -------- d-----w- C:\Windows\SysWow64\aKKK7ffEL9gTqjC

2011-11-11 08:38:57 -------- d-----w- C:\Windows\SysWow64\UBBBtzzPNyc1uv2

2011-11-11 08:37:59 -------- d-----w- C:\hSS22obbF3pG5QJ

2011-11-11 08:36:59 -------- d-----w- C:\Windows\SysWow64\N777fEEL8gTqhC

2011-11-11 08:35:57 -------- d-----w- C:\Windows\SysWow64\xsssQJJ6dEK8RZ

2011-11-11 08:34:55 -------- d-----w- C:\Windows\SysWow64\yiibbF33pnGaQ6

2011-11-11 08:33:59 -------- d-----w- C:\Windows\SysWow64\WCCCwkkUV

2011-11-11 08:32:58 -------- d-----w- C:\Windows\SysWow64\sPPNNyxAA1vS2bF

2011-11-11 08:31:56 -------- d-----w- C:\Windows\SysWow64\xCCCwkkIVrlNtx

2011-11-11 08:30:59 -------- d-----w- C:\Windows\SysWow64\e444ammH5sW

2011-11-11 08:29:56 -------- d-----w- C:\Windows\SysWow64\AOOBBtxPP0cS1v3

2011-11-11 08:28:58 -------- d-----w- C:\Windows\SysWow64\E00yycA1ivD2oFp

2011-11-11 08:27:56 -------- d-----w- C:\Windows\SysWow64\d444pmmG5sQ6dK8

2011-11-11 08:26:58 -------- d-----w- C:\Windows\SysWow64\qS222obF3pmG

2011-11-11 08:25:56 -------- d-----w- C:\Windows\SysWow64\vzzzONNtxA0uS

2011-11-11 08:24:59 -------- d-----w- C:\Windows\SysWow64\zgggRZZqhY

2011-11-11 08:23:59 -------- d-----w- C:\Windows\SysWow64\PXXXqjjUCek

2011-11-11 08:22:57 -------- d-----w- C:\Windows\SysWow64\D000ucSS1iD

2011-11-11 08:21:55 -------- d-----w- C:\Windows\SysWow64\PBBttzP0ycAiv2

2011-11-11 08:20:54 -------- d-----w- C:\Windows\SysWow64\mUCCeekIBrzOy

2011-11-11 08:19:59 -------- d-----w- C:\Windows\SysWow64\cKKK8ffRZ9hTwjC

2011-11-11 08:18:53 -------- d-----w- C:\Windows\SysWow64\YaaaQH66sW

2011-11-11 08:17:59 -------- d-----w- C:\GrrzONyxA0vSiFp

2011-11-11 08:16:56 -------- d-----w- C:\Windows\SysWow64\zH6ddKKfRL9TqYC

2011-11-11 08:15:59 -------- d-----w- C:\YsssWJJ7dE

2011-11-11 08:14:56 -------- d-----w- C:\Windows\SysWow64\m1ivD3onFaHsJdL

2011-11-11 08:13:59 -------- d-----w- C:\Windows\SysWow64\f44pmHHsQJdE8R9

2011-11-11 08:12:57 -------- d-----w- C:\Windows\SysWow64\PBBrzONyx0u

2011-11-11 08:11:55 -------- d-----w- C:\Windows\SysWow64\CwkkIVrlOtxPuS

2011-11-11 08:10:58 -------- d-----w- C:\Windows\SysWow64\m55ssWJ7dEL8g

2011-11-11 08:09:56 -------- d-----w- C:\Windows\SysWow64\PA1uuvD2bF4

2011-11-11 08:08:56 -------- d-----w- C:\Windows\SysWow64\W6sWW77EL8gZhCw

2011-11-11 08:07:57 -------- d-----w- C:\Windows\SysWow64\CDDD3oonG4a

2011-11-11 08:06:59 -------- d-----w- C:\Windows\SysWow64\XTTZZqhhYw

2011-11-11 08:05:52 -------- d-----w- C:\Windows\SysWow64\WhhYYwwkUVeOBtP

2011-11-11 08:04:58 -------- d-----w- C:\Windows\SysWow64\NrrlOBBtxP0cS1v

2011-11-11 08:03:57 -------- d-----w- C:\Windows\SysWow64\O11uuvSS2o

2011-11-11 08:02:59 -------- d-----w- C:\Windows\SysWow64\kGG55aQHHdWK7R

2011-11-11 08:01:57 -------- d-----w- C:\Windows\SysWow64\LjYYCwkIVlONx0c

2011-11-11 08:00:59 -------- d-----w- C:\Windows\SysWow64\blOONttxP0u

2011-11-11 07:59:56 -------- d-----w- C:\z111ibbD3onGam6

2011-11-11 07:58:58 -------- d-----w- C:\Windows\SysWow64\WAA11ivvD

2011-11-11 07:57:57 -------- d-----w- C:\Windows\SysWow64\tmGG5aQJ6WK8R9T

2011-11-11 07:56:58 -------- d-----w- C:\Windows\SysWow64\lVelOBtzPyAiDoF

2011-11-11 07:55:59 -------- d-----w- C:\Windows\SysWow64\IP0ycA1iv2n4m5Q

2011-11-11 07:54:55 -------- d-----w- C:\Windows\SysWow64\YkUVrlOBtPySiDo

2011-11-11 07:53:56 -------- d-----w- C:\Windows\SysWow64\aibD3onG4m6W7E8

2011-11-11 07:52:59 -------- d-----w- C:\Windows\SysWow64\QzPP0ycA1vD2n4m

2011-11-11 07:51:59 -------- d-----w- C:\LL9gTZqjYwIrOtP

2011-11-11 07:50:58 -------- d-----w- C:\Windows\SysWow64\VwjjUVelBtzPyAu

2011-11-11 07:49:57 -------- d-----w- C:\Windows\SysWow64\pCCekIVrzOtx0c2

2011-11-11 07:48:59 -------- d-----w- C:\KbDD3pnGaQH6W7E

2011-11-11 07:47:59 -------- d-----w- C:\ZL99hTTXqjUekBz

2011-11-11 07:46:58 -------- d-----w- C:\Windows\SysWow64\YfEEL8gTqhYCkVl

2011-11-11 07:45:57 -------- d-----w- C:\Windows\SysWow64\tddWKK8fRL9hXqU

2011-11-11 07:44:53 -------- d-----w- C:\Windows\SysWow64\RF44pmH5sJ7dKgZ

2011-11-11 07:43:57 -------- d-----w- C:\Windows\SysWow64\GH66dWK7RL

2011-11-11 07:43:56 -------- d-----w- C:\BS22obF3pG5aJdK

2011-11-11 07:43:50 -------- d-----w- C:\Windows\SysWow64\rvvD2bb4pmGs

2011-11-11 07:43:49 -------- d-----w- C:\yYYXXkkVelBtPyA

2011-11-11 00:01:48 791720 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2011-11-10 21:06:31 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SEEEL88gRZqhX

2011-11-10 21:04:55 -------- d-----w- C:\Users\Administrator\AppData\Roaming\F333pmmG5aQJdW8

2011-11-10 20:59:33 -------- d-----w- C:\Users\Administrator\AppData\Roaming\YwwwjUUVelItzPy

2011-11-10 20:58:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\l5W9Yzu3Q7Zkx1n

2011-11-10 20:57:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\WR1Z1R1fx7NaC1E

2011-11-10 20:56:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ZZwVOzyinQK9hwU

2011-11-10 20:55:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\zhhhTXXqjUCkIrz

2011-11-10 20:54:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\yyxxA0uuv2ib3pG

.

==================== Find3M ====================

.

2011-10-08 22:20:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-20 21:06:18 1426304 ---ha-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 18:44:41.22 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.